LogInsight is gradually overtaking our SIEM tool due to it's incredible accessibility and performance - thank you, everyone, for building such an awesomely easy-to-use product. Unfortunately, one of the key metrics we'd like to be able to report on is IPS/IDS logs generated from our Cisco ASAs ( we have many, many ASAs) and at the moment the IPS logs are firing into a bit of splunk code that converts them for splunk ...more »
Getting data in, whether from the Agent, Importer, or Syslog.
My customer (DaVita) is looking for a way to query LI, check when the last time it received logs from connected ESXi hosts, and if the time is greater than x, automate the restart of syslog on the host.
Additional conversation around this topic can be found here: https://vmware-com.socialcast.com/messages/36422396?ref=stream
From time to time there are occasions where i really would hope that blacklisting/discarding events is implemented in vRLI. For an example we currently are flooded with log entries from our 5.5 ESXi hosts which are coming from an "BUG" which is to be fixed in a patch without ETA. But there would be countless other examples too. I'm aware that there are possibilities to achieve that. One is with agents but for ESXi that ...more »