I put together a quick content pack for NSX Distributed Firewall syslog analysis with Log Insight. It has field extractions for all of the relevant fields and some pre-built queries that give a solid framework to focus in on specific rules, protocols, or hosts. I wrote it to analyze potential rule impact will Allow-Log, but it also helps troubleshoot with visibility to drops as well. Content pack attached to this post.... more »
Content Packs are source-centric interpretations that help you make sense of your unstructured machine data.
Extract more Details from Windows Firewall File-Log
(ContentPack is attached)
- Blocked Connections by Source IP
- Blocked Connections by Destination IP
- Blocked Connections by Source Port
- Blocked Connections by Destination Port
- Blocked Connections by Protokoll
- Blocked Connections by Hostname
- Disabled / Enabled Firewall
In the vsphere content pack, there is a pane under vcenter server overview where it Counts "vcenter servers integrated". This Count is very wrong, as it Counts occurences of the Word vcenter-server (despite showing it should Count Sources) instead of unique hostnames. In my installation it therefore shows 71 vcenters, instead of the 4 it should be. The reason is that the loginsight also receives logs regarding DRS rules,... more »
A content pack analysic netflow traffic from different sources
Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs... more »
Can we create a management pack for SRM and vSphere Replication?
Since Citrix still has "some marketshare", it would make sense to deliver a CP for it.
We are looking for Content pack for Cisco IronPorts, is that something available today or in future?
In order to help troubleshoot vRops issues - I have created a some widgets. Basicly three with some variances.
vRops Webrequest respones time
vRops Webrequest Respones Code
vRops Collector Issues
You can see some screenshot of it added to this discussion.
Also have a blog post coming which hasn't been released yet. Just a description of the value add.
In addition to the other requested Cisco devices on the forum, I think Cisco wireless controllers would be great to collect syslogs for as well!
Syslog from TippingPoint Firewall and SMS
Had en issue - created an content pack 🙂
So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.
It has three dashboards - Overview, changes and authentication.
Overview gives you quick insight to changes and problems in your environment.
Changes - is all about changes made by humans
Authentication - shows login attempts and failures
What ever happened to the Puppet Enterprise content pack that VMware created for vRealize Log insight?
Now that Puppet is a first class citizen in vRA, I think this plugin is even more important than ever.
We have MS Exchange environment with 8 Exchange servers. We have Log Insight 4.3 with MS Exchange CP 3.2. We have configured it according to attached documentation with regards to some doubts in another forum thred here. Now some dashboards are empty or contain wrong data: 1. Information on widget Microsoft - Exchange > User information > Number of users per server is wrong: Total number of users is correct (after... more »
Analyzing the weather with Log Insight: http://sflanders.net/2013/11/18/analyzing-weather-log-insight/