Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs ...more »
Had en issue - created an content pack 🙂
So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.
It has three dashboards - Overview, changes and authentication.
Overview gives you quick insight to changes and problems in your environment.
Changes - is all about changes made by humans
Authentication - shows login attempts and failures
In the Content Packs section for Log Insight, if you look at the Shared Content, there is a tab for Alerts, but you can't build any shared alerts. It would be really useful to be able to make user level alerts shared with everyone.
When you go to look at stuff in My Content or Shared Content in the Content Packs view of Log Insight, you can't delete any content you don't want from there. You have to first open up the dashboard, query, extracted field, etc. in either the Dashboards or Interactive Analytics view. This feels like an unnecessary step. You should probably be allowed to delete things directly from the Content Packs view.
The Log Path in the default Config is empty. The Logs for the vAPI Endpoint can be found in : /var/log/vmware/vapi/endpoint/
For our "data-protection-officer", we require the possibility to anonymize user data after 7 days, if we woud store them longer than 7 days.
Maybe the "Selective log data obfuscation" is the same idea?
We have some users that want to build dashboards for our entire team to consume but we don't want to give them (or their group) privileges to create arbitrary content. It would be nice if there was a feature that allowed you to promote content created by users to be shared by everyone.
Hello, I am wondering if any one has created or know of a content pack for Cisco MDS switches
would be great if we could use the same filters as in "interactive analytics" for "new data set". At the moment there are just a few fields available. For example we would like to create a data set for some users so that they can only see events where "text"-field matches a regex query or certain words or e.g. the "event_type" field is a certain type. Custom extracted fields are also not available for data set filters. ...more »