Content Packs

Content Packs are source-centric interpretations that help you make sense of your unstructured machine data.

(@heath.reynolds)

Content Packs

NSX Distributed Firewall Content Pack

I put together a quick content pack for NSX Distributed Firewall syslog analysis with Log Insight. It has field extractions for all of the relevant fields and some pre-built queries that give a solid framework to focus in on specific rules, protocols, or hosts. I wrote it to analyze potential rule impact will Allow-Log, but it also helps troubleshoot with visibility to drops as well. Content pack attached to this post.... more »

(@markus.krausgmail.com1)

Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)

 

- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall

(@hawkienorwayhotmail.com)

Content Packs

Bug in vsphere content pack - count of vcenter servers

In the vsphere content pack, there is a pane under vcenter server overview where it Counts "vcenter servers integrated". This Count is very wrong, as it Counts occurences of the Word vcenter-server (despite showing it should Count Sources) instead of unique hostnames. In my installation it therefore shows 71 vcenters, instead of the 4 it should be. The reason is that the loginsight also receives logs regarding DRS rules,... more »

(@ronny.berntzen)

Content Packs

Super Pack for non-log data from Active Directory

Upon request from our security people, I have made a PowerShell module that collects non-log data from AD and pushes it as logs to the loginsight server. This way they can have a Dashboard of data that is either not accessible from logs, or where log retreival would mean a massive search from all data available, and thus very slow searches. I have built this in this way: 1. Powershell scripts running as scheduled jobs... more »

(@ryom.michaelgmail.com1)

Content Packs

Additions to vRops Content Pack

In order to help troubleshoot vRops issues - I have created a some widgets. Basicly three with some variances.

Named:

vRops Webrequest respones time

vRops Webrequest Respones Code

vRops Collector Issues

 

You can see some screenshot of it added to this discussion.

 

Also have a blog post coming which hasn't been released yet. Just a description of the value add.

 

https://michaelryom.dk/custom-vrops-content-pack/

(@ryom.michaelgmail.com1)

Content Packs

HP OA content pack

Hi

 

Had en issue - created an content pack 🙂

 

So here it is the HP OA content pack. All there is required is to set HP OA til send syslog to log insight.

 

It has three dashboards - Overview, changes and authentication.

 

Overview gives you quick insight to changes and problems in your environment.

Changes - is all about changes made by humans

Authentication - shows login attempts and failures

(@pawel.orzechowskiindevops.com)

Content Packs

MS Exchange Content Pack dashboards empty

We have MS Exchange environment with 8 Exchange servers. We have Log Insight 4.3 with MS Exchange CP 3.2. We have configured it according to attached documentation with regards to some doubts in another forum thred here. Now some dashboards are empty or contain wrong data: 1. Information on widget Microsoft - Exchange > User information > Number of users per server is wrong: Total number of users is correct (after... more »