If a content pack is installed and a new version becomes available, it would be very useful to know, via an email, that an update has been posted and can be applied.
Since Log Insight v3.3 can now be licensed via a vCenter 6 license, having a similar ability like what has been possible in vRealize Orchestrator, to connect to vCenter and extract that license for Log Insight's use would eliminate the need to copy and paste a license key.
In the case where multiple vCenter servers (each with different hosts) are registered to a single PSC, having the ability for Log Insight to connect to said PSC and simultaneously register all included vCenters and hosts in a single step would be useful. This eliminates the need to register vCenter servers individually.
Ideally, we'd be able to leverage something like vIDM or our existing ADFS authentication... more »
At the moment when creating Alerts from Log Sight and sending these to vROPS only the title of the Alert is sent to vROPs and the syslog event data is excluded. Feature request please to include the syslog event message data also to vROPs so more information on the alert can be seen
I would like to have the possibility to filter on what the graph should show based on the number of events for a given count.
Fx. I have a query where I only want shown when ever there is more than 30 unique events per group.
But also "limit" and "top 10" would be nice.
Currently for an alarm to go to vRops, one needs to specify which object to apply it to. This behavior is very annoying.
Would like Log Insight to "be intelligent" enough to know to which object the alarm should be applied. Given that the vRops integration is set up.
So only ask to which object this... more »
Maybe it's on the Roadmap of Log Insight, i don't know, but it would maybe a good Idea to use the mapreduce technology of a hadoop cluster for log insight (vSphere Big Data Extentions?). This allows a better scale of the Log Insight's Database with a really fast search engine with the extreme fast distributed search technology of mapreduce.
1) There is no way to use an agent and logs are not getting properly parsed on the server
2) Agent is installed, but administrator prefer not to risk any additional load on the source system caused by agent-side parsing
Solution: configure parsing (analogue to agent-side parsing) on the server or dedicated forwarder
Some alerts should be only active during certain times:
for example admin log in should not be alerted during working hours, but is worth alerting in the middle of the night. Same may apply to certain configuration changes (VM configuration changed outside normal working hours).
At the moment WebHooks are very Static regarding output format.
That is a problem if you have a monitoring Solution that is also very static by receiving WebHooks:
PRTG Only excepts this syntax
https://fqnd:5050/loginsight?content=XML String with fixed Syntax
Is there a way to integrate a WebHook Syntax Builder?
Priority = Facility*8 + Severity.
For example, below is one of the RFC5424 Standard syslog message
SYSLOG: <14>1 1970-01-01T00:01:24.143Z - ICX7250-Router - msgId [meta sequenceId=10] BOMSystem: Interface ethernet 1/2/2, state up
Here value(14) between angular... more »
Organizations with PHI/PCI or other regulatory compliance requirements may need to allow a person to Administer a LogInsight Server or Agents but not allow them to view logs collected by the agents or retained by the server.
Add ability to tag any data in search results. For example, NAA. addresses could be right clicked on in results and tagged with the name of the datastore. Consequently, any time that NAA address appears in results it would display as the tagged name. It would be idea if tagged data was highlighted or in a different color so you know that it is a tag. Hovering over the tag would show the underlying value.