Hi Just had to had storage to a Log Insight cluster. I guess I have not do that in a while or atleast I do not remember how long it takes. As it seems like the node is just stuck doing nothing it would be nice if a progress bar/status could be shown on console when storage is expanded. A plus would be is an ETA could be shown as well 🙂 the only way to see that the VM/node is not dead is to look at disk usage ...more »
Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs ...more »
Basically, the thought is that we have a UCS Blade based host go down and we've now lost our logs. But wait, we have vRLI running and has those logs, but I don't see anyway to collect a Support Bundle for the host that would include the proper log entries for a SR request with VMware. Well, I can say I want entries from this data range with the hostname of xxx, but am I sure I got what I needed? Also, when I export ...more »
Had en issue - created an content pack 🙂
So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.
It has three dashboards - Overview, changes and authentication.
Overview gives you quick insight to changes and problems in your environment.
Changes - is all about changes made by humans
Authentication - shows login attempts and failures
A request has been made for functionality to ensure and confirm that sealed archives are absolutely tamper-proof. This will be a key requirement of audits of the customer's Log Insight implementation, specifically as it's dealing with monitoring a PCI environment.
I'm deploying systems under ansible and each has different log directories to be pushed. And I might layer different services. Similar to see /etc/rsyslog.conf and rsyslog.d, I'd like to be able to add additional configurations by just simply dropping files into a liagent.d/ directory (the path of which would be defined in the main liagent.ini) This would allow me to drop say a liagent.d/httpd.ini to grab http logs ...more »
In the UI please allow searching based on UTC time as well as client local time. Some teams work better using pure UTC time as it help to coordinate events between systems. Currently you need to do a time translation to get the correct time.
Ahoj there, i'm sending in messages directly to vRLI server over udp:514. They should be perfectly RFC compatible as it works on another syslog server (non vRLI server 😉 ). Question: i can't get vRLI to format/extract the structured data automatically. I found some docs regarding syslog structured-data extraction for agent but nothing for non-agent messages. Isn't this implemented? As an example: 2017-08-28T09:28:55.509334+02:00 ...more »
I would like two features for the dashboards. 1. A line denoting a configured threshold. 2. The ability to set a "top ten" limit on a dashboard instead of displaying all of the similar events.
Veeam has issued a content pack for their popular product Veeam Backup & Replication with several dashboards and field extractions.
Still, Agent has no configuration and does not collect Veeam events.
Simple as it is, it could be useful to have Agent configuration ready here:
Yes, that's it :)
Should I really attach it as a separate content pack here?
I am forwarding windows events collected by LI agent from Log Insight to Splunk using syslog protocol. , The box "Forward complementary tags" is not checked, but it seems to be always on. On the receiver side I see following additional stuff in the event: - - - [Originator@6876 eventid="326" task="General" keywords="Classic" level="Information" channel="Application" eventrecordid="2018" providername="ESENT"] Complementary ...more »