I have Log Insight version 4.3 installed, and I would like the capability of limiting who can schedule a query or search. I know there isn't a capability in Log Insight for this feature (yet). I know that version 2.0 introduced an alert.log file. I have a script that stays in memory. The script reads the alert.log file. If a new line is found, then the script will parse the current line and send data (syslog or snmp) ...more »
A request has been made for functionality to ensure and confirm that sealed archives are absolutely tamper-proof. This will be a key requirement of audits of the customer's Log Insight implementation, specifically as it's dealing with monitoring a PCI environment.
The current SSL certificate installation procedure is (IMHO) unnecessarily complex, since 90 % of the work needs to be done manually outside vRLI using weird command line instructions. It's like if the first instruction after buying an IKEA shelf would be "hey, go out and buy some screws and make your own wooden plugs". I think the procedure should be more like in NSX, where the product web UI can be used to create ...more »
As of today, in order to manage Agent configuration the user needs to have "Super Admin" role which has very wide scope including the ability to manage access control.
We should be able to delegate Agent Configuration to some "power users" without giving them the ability to alter Access Control.
An "Agent Admin" role would great in that objective.
PCI-DSS 10.5.5 requires logs integrity mechanism. That would be great to have some kind of hashing for log entries/buckets, or any other way to check integrity. Also that should be possible to generate alerts on an attempt to tamper stored logs. 10.5 Secure audit trails so they cannot be altered 10.5.5 Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed ...more »
As a vRLI Administrator, I would like to have control over which users have access to which vRLI features because I want to revoke the ability for a user to perform an export of the data.
Organizations with PHI/PCI or other regulatory compliance requirements may need to allow a person to Administer a LogInsight Server or Agents but not allow them to view logs collected by the agents or retained by the server.
When configuring ESXi hosts to send messages via syslog, the ESXi hosts need to be configured to trust the public key of the Log Insight server. Today this needs to be done by hand. Manipulating the ESXi host's CA trust store is done via "esxcli system security certificatestore", and esxcli is already used to read and manipulate the ESXi host's syslog configuration itself. Log Insight should support automatically pushing ...more »
I'd like to setup Security Event Forwarding of anything in the ESXi Security logs (or any other Security-related logs in ESXi and vCenter) but I don't know the complete list of eventIDs or eventTypes to configure in my fowarder. It would be nice if LogInsight had an option in the Forward Events setup to check boxes for the different "known categories" (meaning, the categories VMware specifies that exist in the SysLog ...more »
Allow log insight to analyze internal (linux and application) logs in the same instance. Currently it is not supported to redirect log insight logs to itself.
Customer would like to see the list of users logged in currently and the log of user log-ins and past activities. This may be required as auditing feature (who looked at the logs, changed config and so on).