General Log Insight Q&A

Log processing rate in vRealize Log Insight

Hi to all members. Could anyone help if we can capture the log processing rate and the log arrival rate by vRealize Insight ? I am particularly interested in 1. Capturing the arrival rate of the logs to the Log Insight in events/sec or bytes/sec 2. The processing rate of the logs by Log Insight in events/sec or bytes/sec. 3. Ensure my Log Insight processing rate is higher than the arrival rate. There are statistics ...more »

Submitted by (@sreejithparakkatil)

Voting

2 votes

Collection

Blacklisting/Discarding Events

From time to time there are occasions where i really would hope that blacklisting/discarding events is implemented in vRLI. For an example we currently are flooded with log entries from our 5.5 ESXi hosts which are coming from an "BUG" which is to be fixed in a patch without ETA. But there would be countless other examples too. I'm aware that there are possibilities to achieve that. One is with agents but for ESXi that ...more »

Submitted by (@rockaut)

Voting

3 votes

Feature Requests

Native support for AWS CloudTrail

AWS CloudTrail is a web service that records API calls made during AWS infrastructure provisioning, including time of the call and identify of the caller.

 

Log Insight should natively consume events from AWS LogTrail, such as via the CloudTrail Processing Library consuming from an AWS SQS queue. Should not require running external services and should be enabled similarly to vSphere Integration.

Submitted by (@acastonguayvmware.com)

Voting

4 votes

Feature Requests

Log Insight to properly handle Microsoft DNS debug text log

Within our environment our security team would like to enable a subset of the DNS debug log and use Log Insight to ingest it. This would allow us to capture requests to our internal space incorrectly leaving to internet resolvers, for instance. And that works well. By enabling Log Insight we would be able to keep the text debug log itself small. However this type of 'debug' log does not roll over to a newly named file ...more »

Submitted by (@c.ferreira)

Voting

2 votes

Feature Requests

Drop specific incoming messages

An administrator may deem some messages undesirable, either specific logs produced by a source or a whole source. Such messages may result in CPU/disk resources being expended unnecessarily. Undesired log messages may result in Log Insight's data store being rotated more quickly than desired. In terms of licensing, one may wish to drop log messages from unlicensed sources, restricting sources from which log messages are ...more »

Submitted by (@acastonguayvmware.com)

Voting

35 votes