Content Packs

MS Exchange Content Pack agent scripts configuration clarification needed

We have MS Exchange environment with 8 Exchange servers. We have Log Insight 4.3 with MS Exchange CP 3.2. While configuring it according to attached documentation we have encountered following problems that I ask for clarification: 1. Agents powershell scripts run on one or more MS Exchange servers 1.1 Observation: Running both scripts exchange_wrapper.ps1 and exchange_mailbox_wrapper.ps1 seems to give the same output ...more »

Submitted by (@pawel.orzechowskiindevops.com)

Voting

2 votes

Feature Requests

Add conf.d style configuration to liagent's config

I'm deploying systems under ansible and each has different log directories to be pushed. And I might layer different services. Similar to see /etc/rsyslog.conf and rsyslog.d, I'd like to be able to add additional configurations by just simply dropping files into a liagent.d/ directory (the path of which would be defined in the main liagent.ini) This would allow me to drop say a liagent.d/httpd.ini to grab http logs ...more »

Submitted by (@rrauenza)

Voting

3 votes

Content Packs

Veeam B&R Content Pack Agent configuration incomplete

Veeam has issued a content pack for their popular product Veeam Backup & Replication with several dashboards and field extractions.

Still, Agent has no configuration and does not collect Veeam events.

 

Simple as it is, it could be useful to have Agent configuration ready here:

 

[winlog|Veeam_Backup]

channel=Veeam Backup

 

Yes, that's it :)

 

Should I really attach it as a separate content pack here?

Submitted by (@o.karimov)

Voting

1 vote

Feature Requests

Better endpoint status

Things have improved over time and I have noted the previous feature request (http://loginsight.vmware.com/a/idea-v2/8395) however it is very difficult to manage the status of the endpoints for both agents and syslog hosts. This is important both from an operational and security point of view. Some features which would help a great deal are:- - Ability to purge the "host" page - Add last active (or last received ...more »

Submitted by (@hywelburris)

Voting

2 votes

Content Packs

vSphere CP - [filelog|vsphere6-linux-vapi-endpoint]

The Log Path in the default Config is empty. The Logs for the vAPI Endpoint can be found in : /var/log/vmware/vapi/endpoint/

 

[filelog|vsphere6-linux-vapi-endpoint-Custom]

directory=/var/log/vmware/vapi/endpoint/

include=*.log*;*.txt*

exclude=wrapper.log*;*-gc.log*

event_marker=^\d

tags={"vmw_product":"vcenter"}

Submitted by (@markus.krausgmail.com)

Voting

0 votes

Feature Requests

LI Agent to collect Microsoft Event Viewer in XML format

Microsoft (until recently) has not natively supported syslog. Event viewer's native format is XML. While the LI agent can collect event viewer logs, it formats them in a proprietary way. It would be ideal to collect in a standard format so when forwarding such events to a third party syslog destination (e.g. SIEM) the third party could properly parse it (without a custom parser). XML is that standard for Microsoft. ...more »

Submitted by (@steveflvmware.com)

Voting

1 vote

Feature Requests

Inherit agent groups from master cluster

We, like many other enterprise users have many distributed vRLI Servers around the world that effectively serve as forwarders to a master cluster. It would be ideal if these servers inherited the agent configuration from the master cluster so all sub-servers do not need configured with agent groups. This will prevent configuration drift of the multiple servers acting as forwarders. There should however, be the ability ...more »

Submitted by (@calebs71)

Voting

4 votes

Feature Requests

Role to manage Agent configuration

As of today, in order to manage Agent configuration the user needs to have "Super Admin" role which has very wide scope including the ability to manage access control.

 

We should be able to delegate Agent Configuration to some "power users" without giving them the ability to alter Access Control.

 

An "Agent Admin" role would great in that objective.

 

Thanks.

Laurent.

Submitted by (@lolichet)

Voting

2 votes