Extract more Details from Windows Firewall File-Log
(ContentPack is attached)
- Blocked Connections by Source IP
- Blocked Connections by Destination IP
- Blocked Connections by Source Port
- Blocked Connections by Destination Port
- Blocked Connections by Protokoll
- Blocked Connections by Hostname
- Disabled / Enabled Firewall
From time to time there are occasions where i really would hope that blacklisting/discarding events is implemented in vRLI. For an example we currently are flooded with log entries from our 5.5 ESXi hosts which are coming from an "BUG" which is to be fixed in a patch without ETA. But there would be countless other examples too. I'm aware that there are possibilities to achieve that. One is with agents but for ESXi that ...more »
My customer (DaVita) is looking for a way to query LI, check when the last time it received logs from connected ESXi hosts, and if the time is greater than x, automate the restart of syslog on the host.
Additional conversation around this topic can be found here: https://vmware-com.socialcast.com/messages/36422396?ref=stream
LogInsight is gradually overtaking our SIEM tool due to it's incredible accessibility and performance - thank you, everyone, for building such an awesomely easy-to-use product. Unfortunately, one of the key metrics we'd like to be able to report on is IPS/IDS logs generated from our Cisco ASAs ( we have many, many ASAs) and at the moment the IPS logs are firing into a bit of splunk code that converts them for splunk ...more »
Today the webhooks alerting option sends an unauthenticated web POST to a URL. Enabling an authenticated post would open up the possibility to integrate directly with vRealize Orchestration (vRO), which can accept only authenticated posts.
Currently unable to set SSL=yes when using the command line parameters. It is possible to set all the other important parameters, protocol, host, port but not SSL. This is especially important if your LI servers need to be set to SSL only.
Yes you could create a MST but this is a rather complicated solution to a simple problem.
It would be very handy if we could resize an already added disk (enlarge it). Login insight should then at a reboot resize the volume and start using the extra space! This works with new disks, but resizing existing disks is not supported today.
All software version info should be obtainable via API, currently private, should be public
The agent should support globs (asterisk and wildcard) for folders. THe use case is IIS where multiple domains exist on the same server. Something like this
directory= E:\sitecoredata\*\Data\logs
include=log*.txt
So then I could make one that does them all type thing.
Globs are supported for files so this is an inconsistency in the product as well.
We are using a third party SIEM. Due to the layout of the network and security requirements, we can only use log insight if it can forward all syslog and event log data to our SIEM. The problem is that the SIEM relies on the source IP of the system that generated the syslog data to be able to do its analytics. It creates a log source for each new syslog packet with a distinct IP address. We would like to use Log Insight, ...more »
Initial use-case: Our team supports the Operating System, while the Application Team supports their application. The Application Team already has their own Log Insight cluster setup to collect their application logs with the LI Agent. Because of this, we are unable to use the LI Agent to collect the Operating System logs. Ideally we would like to be able to send OS logs to our LI, and application logs to their LI. Forwarding ...more »
Sometimes log messages contain embedded data with a fixed standard format, like XML, JSON or CSV, either when logging about configuration/state information or when the messages aren't really logs. Attempting to parse out any of these formats with regular expressions is difficult (and in the case of XML, strongly discouraged), especially when the structure includes nesting, lists or esoteric quoting/escaping rules. For ...more »