VMware Log Insight Search Ideas

Please create a way to centrally manage agent configuration for multiple log insight clusters (i.e. multiple sites). Or create an easy way to sync agent configuration from one cluster to another.

One of my clients have raised the below vulnerability for LI.

Exploit CVE ID: "CVE:2009-1016"

Description:
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS.

The Client has observed suspicious traffic from log insight server on port 443.

Any Information on how to remediate... more »

There used to be Palo alto content pack https://blogs.vmware.com/management/2015/03/palo-alto-networks-content-pack-now-available.html but this is no longer available.

 

Does any one have old version that can be shared for use with fields, query and alarm definitions?

 

PS. This post should be in the Content Packs compain but I can not move it after it is created.

Most of our Clients are impressed with the capability of Log Insight and want this to be their complete go to solution for any Log Analysis. To fulfill this requirements we have a lot of customers requesting for Log Insight Agent Support for AIX and Solaris.

ms_ad_security_audit_target_account_name does not function properly. It does not show up under the fields list or extracted data nor can you create your own that is similar and have log insight extract the data.

We got some applications that are loggin very big SOAP events (not http POST) that are currently being truncated, so the 16KB log size is not enough for us. It would be very nice to have an higher limit.

An email address containing an ampersand (&) character was not allowed when configuring an alarm in Log Insight. Ampersand is among the valid special characters for the "local" portion of an email address, per RFC5322. In fact, MOST of the special characters allowed in the local-portion by RFC5322 are not considered valid in the Log Insight alarms. Please correct the defect in Log Insight that is preventing use of... more »

I would like to be able to disable alert snoozing based on grouped queries. I'm using queries with groupings now since I need to be able to only include relevant fields in the email alert, not the entire event.

I would really like to Lock a Dashboard widget to a specific time frame. For example if i make a datacollection for data just within an hour or pr 6 hours, the data could be false if someone use it With another timespan. So i would like to be able to Lock a Dashboard widget to a timeframe, like 1 hour, 3 hours, 6 hours or 24 hours. This way it would be much easier to make custom widgets With events in different timespans... more »

Hi

I have the below three syslog entries. As it can be seen the timestamp from LI (the first one), does not match the one from the syslog msg. (This also affects the sort order in Log Insight. Making it hard to troubleshoot) Why?

I'm think it might be at the source the problem is, but I cannot see what you be wrong with this syslog msg.

2018-04-2510:28:46.315
2018-04-25 10:28:26 10.65.2.14 Passwordstate: Password... more »

I need to rebuild loginsight node.

How can I backup all content pack configuration and VA configuration.

Currently, to filter a data set on a VIP tag, there needs to be existing logs with that tag. I would like to set up roles based on tenant VIPs before there's any logs, so as soon as a tenant sends logs, they will see them, rather than the tenant sending logs then creating the data set and role.

I hope someone who can make content pack for Kemp load balaning

When highlighting/colouring a widget is accepted as an enhancement, the next logical step would be to allow the same on dashbooard level. It would be brilliant if not only the fact that one widget changed state drives the dashboard state. You can define a logical rule how their state will be taken into account to drive the change.
E.g. Dashboard changes state/colour when all 3 widgets change state (widget1 & widget2 &... more »

To notify someone visually when a certain/critical situation has been identified, it would be brilliant if you can highlight/colour a widget so you get the proper attention. E.g. host disconnections have been found the information mentions this is something you should investigate. How about defining there is a certain number of messages found and the widget switches it's colour to yellow/red?