Hi
When logs are collected from Log Insight node(s) them self, these can cloud the searches by including previous searches found in log insight log files.
Therefore it would be nice if all log insight searches/queries would by default exclude events where "appname" "contains" "loginsight".
Hi
In /var/lib/loginsight-agent/liagent.ini "hosnamet" is default not uncomment and is listed as "lol.eng.vmware.com" - for some reason is doesn't resolve very well ;)
Would have expected the line to be commented out and host to be equal "loginsight".
Extract more Details from Windows Firewall File-Log
(ContentPack is attached)
- Blocked Connections by Source IP
- Blocked Connections by Destination IP
- Blocked Connections by Source Port
- Blocked Connections by Destination Port
- Blocked Connections by Protokoll
- Blocked Connections by Hostname
- Disabled / Enabled Firewall
Loginsight will be very powerful if it serves Graylog Style Extractors via web GUI
http://docs.graylog.org/en/1.3/pages/extractors.html#the-problem-explained
Within our environment our security team would like to enable a subset of the DNS debug log and use Log Insight to ingest it. This would allow us to capture requests to our internal space incorrectly leaving to internet resolvers, for instance. And that works well. By enabling Log Insight we would be able to keep the text debug log itself small. However this type of 'debug' log does not roll over to a newly named file ...more »
React to Events like Alerts
Syslog from TippingPoint Firewall and SMS
I have a Log Insight configuration in a LAb environment, it exists of a single LI app as a forwarder and a 3-node LI cluster for queiring etc.. The cluster has the vRops content pack installed, and in vRops I have installed the latest Log Insight package. But it seems that all the events that are forwarded are getting the same vRops identifier.... When I select an event in LI and want to jump to vRops it opens the ...more »
I install VSAN content pack. I did not see any data on the screen
I installed v.3.2 exchange content pack.
I can run both wrapper PS1 script in Exchange powershell cmmand and created the log.
But it cannot create log via Task schedule manager
I hope we can control the archive and delete data
If we have a dashboard and >1 widget in that dashboard tracks the same field, it would be great if there was a way to specify that the color should be the same across widgets when the same entry is being reported. For example, in my Log Insight instance, we track vCenter user logins and vCenter users creating tasks. In both cases, the value on which we are reporting is the same (vCenter users) but the report itself is ...more »
When configuring ESXi hosts to send messages via syslog, the ESXi hosts need to be configured to trust the public key of the Log Insight server. Today this needs to be done by hand. Manipulating the ESXi host's CA trust store is done via "esxcli system security certificatestore", and esxcli is already used to read and manipulate the ESXi host's syslog configuration itself. Log Insight should support automatically pushing ...more »
I am trying to determine if my configuration is correct as I am not seeing any data on he IIS dash boards except the "All IIS Events over time". Below is a sample of the data log insight is receiving from an IIS server (i have replaced xxx for the ip addresses) 2015-12-09 18:54:26 W3SVC2 xxx.xxx.xxx.xxx POST /ExportInfo.aspx clid=0%2csid%3d2546 80 - xxx.xxx.xxx.xxx Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/47.0.2526.73+Safari/537.36 ...more »
When group by a field in a chart it would be great if I can associate an expected value with always the same color. Use case: I want to monitor my automation test logs in LI I have built proper query that returns the executed tests grouped by their result. I know that possible result value could be PASSED, FAILED or SKIPPED. So I want in my chart PASSED to be marked always with green, FAILED with red and SKIPPED with ...more »