Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)


- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall


11 votes

Feature Requests

Log Insight to properly handle Microsoft DNS debug text log

Within our environment our security team would like to enable a subset of the DNS debug log and use Log Insight to ingest it. This would allow us to capture requests to our internal space incorrectly leaving to internet resolvers, for instance. And that works well. By enabling Log Insight we would be able to keep the text debug log itself small. However this type of 'debug' log does not roll over to a newly named file ...more »


2 votes

Content Packs

using cluster and a forwarder with vRops

I have a Log Insight configuration in a LAb environment, it exists of a single LI app as a forwarder and a 3-node LI cluster for queiring etc.. The cluster has the vRops content pack installed, and in vRops I have installed the latest Log Insight package. But it seems that all the events that are forwarded are getting the same vRops identifier.... When I select an event in LI and want to jump to vRops it opens the ...more »


0 votes

Feature Requests

Allow equivalent entries to be colored the same way across widgets

If we have a dashboard and >1 widget in that dashboard tracks the same field, it would be great if there was a way to specify that the color should be the same across widgets when the same entry is being reported. For example, in my Log Insight instance, we track vCenter user logins and vCenter users creating tasks. In both cases, the value on which we are reporting is the same (vCenter users) but the report itself is ...more »


7 votes

Feature Requests

Configure ESXi syslog over SSL/TLS by default

When configuring ESXi hosts to send messages via syslog, the ESXi hosts need to be configured to trust the public key of the Log Insight server. Today this needs to be done by hand. Manipulating the ESXi host's CA trust store is done via "esxcli system security certificatestore", and esxcli is already used to read and manipulate the ESXi host's syslog configuration itself. Log Insight should support automatically pushing ...more »


1 vote

General Log Insight Q&A

Microsoft IIS Pack

I am trying to determine if my configuration is correct as I am not seeing any data on he IIS dash boards except the "All IIS Events over time". Below is a sample of the data log insight is receiving from an IIS server (i have replaced xxx for the ip addresses) 2015-12-09 18:54:26 W3SVC2 xxx.xxx.xxx.xxx POST /ExportInfo.aspx clid=0%2csid%3d2546 80 - xxx.xxx.xxx.xxx Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/47.0.2526.73+Safari/537.36 ...more »


0 votes

Feature Requests

Customize colors in charts

When group by a field in a chart it would be great if I can associate an expected value with always the same color. Use case: I want to monitor my automation test logs in LI I have built proper query that returns the executed tests grouped by their result. I know that possible result value could be PASSED, FAILED or SKIPPED. So I want in my chart PASSED to be marked always with green, FAILED with red and SKIPPED with ...more »


8 votes