Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs... more »
Content Packs are source-centric interpretations that help you make sense of your unstructured machine data.
A content pack analysic netflow traffic from different sources
Extract more Details from Windows Firewall File-Log
(ContentPack is attached)
- Blocked Connections by Source IP
- Blocked Connections by Destination IP
- Blocked Connections by Source Port
- Blocked Connections by Destination Port
- Blocked Connections by Protokoll
- Blocked Connections by Hostname
- Disabled / Enabled Firewall
debug the powershell script
How can I debug "Exchange envirotment" script? I can run it. But it cannot product the output file.
Had en issue - created an content pack 🙂
So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.
It has three dashboards - Overview, changes and authentication.
Overview gives you quick insight to changes and problems in your environment.
Changes - is all about changes made by humans
Authentication - shows login attempts and failures
We have MS Exchange environment with 8 Exchange servers. We have Log Insight 4.3 with MS Exchange CP 3.2. We have configured it according to attached documentation with regards to some doubts in another forum thred here. Now some dashboards are empty or contain wrong data: 1. Information on widget Microsoft - Exchange > User information > Number of users per server is wrong: Total number of users is correct (after... more »
I put together a quick content pack for NSX Distributed Firewall syslog analysis with Log Insight. It has field extractions for all of the relevant fields and some pre-built queries that give a solid framework to focus in on specific rules, protocols, or hosts. I wrote it to analyze potential rule impact will Allow-Log, but it also helps troubleshoot with visibility to drops as well. Content pack attached to this post.... more »
The widget "VM Snapshots Created" in the "Virtual Machine - Snapshots" Dashboard in LI 4.0 seems to be broken. Even if taking multiple snapshots and setting the dashboard time span correctly, it stays on 0 and the other widgets on the dashboard remain empty. It seems to stem from the field 'vmw_esxi_snapshot_operation', which doesn't seem to match any of the log events that ESXi or vCenter Server generates when taking... more »
Veeam has issued a content pack for their popular product Veeam Backup & Replication with several dashboards and field extractions.
Still, Agent has no configuration and does not collect Veeam events.
Simple as it is, it could be useful to have Agent configuration ready here:
Yes, that's it :)
Should I really attach it as a separate content pack here?
In addition to the other requested Cisco devices on the forum, I think Cisco wireless controllers would be great to collect syslogs for as well!
Can we create a management pack for SRM and vSphere Replication?
In the vsphere content pack, there is a pane under vcenter server overview where it Counts "vcenter servers integrated". This Count is very wrong, as it Counts occurences of the Word vcenter-server (despite showing it should Count Sources) instead of unique hostnames. In my installation it therefore shows 71 vcenters, instead of the 4 it should be. The reason is that the loginsight also receives logs regarding DRS rules,... more »
Community content pack done by: http://velemental.com/2013/08/22/emc-avamar-with-vcenter-log-insight/
The Content Pack can be downloaded from here: http://velemental.com/?attachment_id=1200