IHAC customer (CBA) that needs to retain up to 3 months of data in vRLI. Unfortunately, my customer's vRLI setup is now only retaining 7-8 days of data (its slowly been dropping with the migrations)… this is all due to the volume of DFW (NSX) logs… The customer has discussed dropping all accepted/allowed but customer security policy informed the customer that it wouldn't be allowed to do so. The customer has queried ...more »
Administration of Log Insight
Initial deployment, user/group identity sync, backups, capacity changes, upgrades.
I have Log Insight version 4.3 installed, and I would like the capability of limiting who can schedule a query or search. I know there isn't a capability in Log Insight for this feature (yet). I know that version 2.0 introduced an alert.log file. I have a script that stays in memory. The script reads the alert.log file. If a new line is found, then the script will parse the current line and send data (syslog or snmp) ...more »
I am forwarding windows events collected by LI agent from Log Insight to Splunk using syslog protocol. , The box "Forward complementary tags" is not checked, but it seems to be always on. On the receiver side I see following additional stuff in the event: - - - [Originator@6876 eventid="326" task="General" keywords="Classic" level="Information" channel="Application" eventrecordid="2018" providername="ESENT"] Complementary ...more »
Log Insight's Forwarder supports Syslog and CFAPI (HTTP+JSON) today. The Forwarder should be extended with an additional serialization format, conforming to the Windows Events XML schema. Standard Windows Events' XML attributes should be reconstructed from standard Log Insight field=value pairs.
This aligns with http://loginsight.vmware.com/a/idea-v2/211076
Allow log insight to analyze internal (linux and application) logs in the same instance. Currently it is not supported to redirect log insight logs to itself.
Customer would like to see the list of users logged in currently and the log of user log-ins and past activities. This may be required as auditing feature (who looked at the logs, changed config and so on).
It would be nice if Log Insight could display the current log retention time and disk consumption rate (x GB/day) next to the live storage statistics in the System Monitor. I know you get this info through the Admin Alert mail, but why not show it in the System Monitor?
When Log Insight's local capacity to store messages is exhausted, messages are archived to a remote NFS location. It would be beneficial if this flow could be tiered such that data was available online as today but moved to a slower & higher-capacity tiered disks as it ages. Consider the use-case of keeping the most recent 50GB of data on SSD, migrating it to ~5TB of slower spindles over time while keeping it searchable, ...more »