General Log Insight Q&A

Vulnerability triggering from Log Insight Server

One of my clients have raised the below vulnerability for LI.

Exploit CVE ID: "CVE:2009-1016"

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS.

The Client has observed suspicious traffic from log insight server on port 443.

Any Information on how to remediate... more »

General Log Insight Q&A

syslog timestamp not working


I have the below three syslog entries. As it can be seen the timestamp from LI (the first one), does not match the one from the syslog msg. (This also affects the sort order in Log Insight. Making it hard to troubleshoot) Why?

I'm think it might be at the source the problem is, but I cannot see what you be wrong with this syslog msg.

2018-04-25 10:28:26 Passwordstate: Password... more »

General Log Insight Q&A

Configure vIDM Authentication via API

Cross-linking from VMTN, for more visibility!

Recap: When I try and configure vIDM as an authentication provider via the API, the API is rejecting due to using a "custom CA certificate" (in this instance, self-signed).... I would think the property for accepting the certificate would tell the API to, well, accept the certificate... but, that doesn't seem to be the case. Shouldn't... more »

General Log Insight Q&A

Log processing rate in vRealize Log Insight

Hi to all members.
Could anyone help if we can capture the log processing rate and the log arrival rate by vRealize Insight ?
I am particularly interested in

1. Capturing the arrival rate of the logs to the Log Insight in events/sec or bytes/sec
2. The processing rate of the logs by Log Insight in events/sec or bytes/sec.
3. Ensure my Log Insight processing rate is higher than the arrival rate.

There are statistics... more »

General Log Insight Q&A

STRUCTURED-DATA for non-agent messages

Ahoj there,

i'm sending in messages directly to vRLI server over udp:514. They should be perfectly RFC compatible as it works on another syslog server (non vRLI server 😉 ). Question: i can't get vRLI to format/extract the structured data automatically. I found some docs regarding syslog structured-data extraction for agent but nothing for non-agent messages. Isn't this implemented?

As an example:
2017-08-28T09:28:55.509334+02:00... more »

General Log Insight Q&A

New Mouse-Over feature (v4.5) - need to disable, maybe per Dashboard or globally

The new feature "Dashboard legend mouse-over in one widget now highlights corresponding chart items across widgets" is really bad on some dashboards, so that some dashboards are not useable anymore, because the screen is filled up with mouse-over informations and on some dashboards it flipps between mouse-over hints and back and back to mouse-over - because of to many informations that will be displayed and between chart... more »

General Log Insight Q&A

Agents, MS Cluster Services and Logs on cluster disks


Does anyone have any experience in running LI Agent on MS failover clusters?

We are trying to monitor the SQL logs and obviously the clustered drive (where the logs exist) are only mounted on one server at a time, so when the LI agent starts on each server, in the pair, one can read the logs drive and the other can't so it ignores that drive as it doesn't exist.

When the cluster fails over we need a way of telling... more »

General Log Insight Q&A

Builtin vSphere dashboard queries in Log Insight not displaying host events

I noticed that some of the built-in vSphere Log Insight 4.x dashboard queries, for example, the VM Snapshots dashboard, don't seem to work correctly (or perhaps I'm not doing something correctly). The ESXi hosts are 5.5 and 6.0 hosts.

For instance - If I open the "VM snapshots created" report, I see that it is filtering on "vmw_esxi_snapshot_operation" contains "create". But that does not bring up any snapshot related... more »

General Log Insight Q&A

VCSA 6.0 syslog forwarding versus agent

Why is it that the Log Insight 4.x documentation recommends using a VCSA agent over the syslog forwarding for 6.0? Example:

"For earlier versions of vSphere, while the vCenter Server Appliance does contain a syslog daemon that
could be used to route logs, the preferred method is to install a vRealize Log Insight agent."

Was going to setup the VCSA syslog forwarding as detailed in the following blog post: more »