Content Packs

Content Packs are source-centric interpretations that help you make sense of your unstructured machine data.

(@anders.o)

Content Packs

Snapshot Dashboard in vSphere Content Pack seems broken

The widget "VM Snapshots Created" in the "Virtual Machine - Snapshots" Dashboard in LI 4.0 seems to be broken. Even if taking multiple snapshots and setting the dashboard time span correctly, it stays on 0 and the other widgets on the dashboard remain empty. It seems to stem from the field 'vmw_esxi_snapshot_operation', which doesn't seem to match any of the log events that ESXi or vCenter Server generates when taking... more »

(@jstandersovsystems.com)

Content Packs

vra7 setup instructions - Apache CLF

Setup instructions for VRA7 content pack specifies the following: In addition to installing and configuring the vRA content pack, the following content packs should also be installed and configured: • Apache - CLF • vRealize Orchestrator I am trying to figure out how the content pack "Apache - CLF" should be used for VRA7? For filters to select which agents receive the Agent Configuration below, which VRA server... more »

(@ryom.michaelgmail.com1)

Content Packs

Additions to vRops Content Pack

In order to help troubleshoot vRops issues - I have created a some widgets. Basicly three with some variances.

Named:

vRops Webrequest respones time

vRops Webrequest Respones Code

vRops Collector Issues

 

You can see some screenshot of it added to this discussion.

 

Also have a blog post coming which hasn't been released yet. Just a description of the value add.

 

https://michaelryom.dk/custom-vrops-content-pack/

(@ryom.michaelgmail.com1)

Content Packs

vRops Agent Configuration

I have looked at the vRops Agent setup instructions and they don't make sense to me... Rather than copy/pasting it all in here, I have attatched a file with the setup instruction. 1. In the beginning of the file, the first two lines after "Configuring the vRealize Log Insight Agent". Goes on about the liagent.ini need to be modified. 1A. This is not true as the centralized configuration is used, correct ? That part... more »

(@markus.krausgmail.com1)

Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)

 

- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall

(@heath.reynolds)

Content Packs

NSX Distributed Firewall Content Pack

I put together a quick content pack for NSX Distributed Firewall syslog analysis with Log Insight. It has field extractions for all of the relevant fields and some pre-built queries that give a solid framework to focus in on specific rules, protocols, or hosts. I wrote it to analyze potential rule impact will Allow-Log, but it also helps troubleshoot with visibility to drops as well. Content pack attached to this post.... more »