One of my clients have raised the below vulnerability for LI. Exploit CVE ID: "CVE:2009-1016" Description: Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. The Client has observed suspicious traffic from log insight server on port 443. Any Information on how to remediate ...more »
General Log Insight Q&A
Hi I have the below three syslog entries. As it can be seen the timestamp from LI (the first one), does not match the one from the syslog msg. (This also affects the sort order in Log Insight. Making it hard to troubleshoot) Why? I'm think it might be at the source the problem is, but I cannot see what you be wrong with this syslog msg. 2018-04-2510:28:46.315 2018-04-25 10:28:26 10.65.2.14 Passwordstate: Password ...more »
How can it filter user login in event log? I want to find out how many user login per day.
Cross-linking from VMTN, for more visibility! https://communities.vmware.com/thread/579407 Recap: When I try and configure vIDM as an authentication provider via the API, the API is rejecting due to using a "custom CA certificate" (in this instance, self-signed).... I would think the property for accepting the certificate would tell the API to, well, accept the certificate... but, that doesn't seem to be the case. Shouldn't ...more »
Hi to all members. Could anyone help if we can capture the log processing rate and the log arrival rate by vRealize Insight ? I am particularly interested in 1. Capturing the arrival rate of the logs to the Log Insight in events/sec or bytes/sec 2. The processing rate of the logs by Log Insight in events/sec or bytes/sec. 3. Ensure my Log Insight processing rate is higher than the arrival rate. There are statistics ...more »
Ahoj there, i'm sending in messages directly to vRLI server over udp:514. They should be perfectly RFC compatible as it works on another syslog server (non vRLI server 😉 ). Question: i can't get vRLI to format/extract the structured data automatically. I found some docs regarding syslog structured-data extraction for agent but nothing for non-agent messages. Isn't this implemented? As an example: 2017-08-28T09:28:55.509334+02:00 ...more »
After uninstalling a content pack. Log Insight still tries to access the last used content pack, which in this case has been uninstalled. This results in Log Insight loading "forever" - Atleast i did not see it timeout.
Workaround close all browsers and log in again.
The new feature "Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets" is really bad on some dashboards, so that some dashboards are not useable anymore, because the screen is filled up with mouse-over informations and on some dashboards it flipps between mouse-over hints and back and back to mouse-over - because of to many informations that will be displayed and between chart ...more »
Failed to create cluster snapshot
Hi, Does anyone have any experience in running LI Agent on MS failover clusters? We are trying to monitor the SQL logs and obviously the clustered drive (where the logs exist) are only mounted on one server at a time, so when the LI agent starts on each server, in the pair, one can read the logs drive and the other can't so it ignores that drive as it doesn't exist. When the cluster fails over we need a way of telling ...more »
I noticed that some of the built-in vSphere Log Insight 4.x dashboard queries, for example, the VM Snapshots dashboard, don't seem to work correctly (or perhaps I'm not doing something correctly). The ESXi hosts are 5.5 and 6.0 hosts. For instance - If I open the "VM snapshots created" report, I see that it is filtering on "vmw_esxi_snapshot_operation" contains "create". But that does not bring up any snapshot related ...more »
Why is it that the Log Insight 4.x documentation recommends using a VCSA agent over the syslog forwarding for 6.0? Example: "For earlier versions of vSphere, while the vCenter Server Appliance does contain a syslog daemon that could be used to route logs, the preferred method is to install a vRealize Log Insight agent." Was going to setup the VCSA syslog forwarding as detailed in the following blog post: http://www.virtuallyghetto.com/2015/03/a-preview-of-native-syslog-support-in-vcsa-6-0.html ...more »