Badges [ 7 ] [-]
Memberships [ 1 ] [+]
Activity Stream [+]
Ideas Contributed [ 17 ] [+]
ms_ad_security_audit_target_account_name does not function properly. It does not show up under the fields list or extracted data nor can you create your own that is similar and have log insight extract the data.
We have discovered that export feature is not working in 3.3.2. I've tried restarting the log insight machine and it doesn't appear to fix it.. Any help would be great.
I am just clicking around searching in TP2. Suddenly my connection will start getting refused to log insight. After it comes back it will keep saying I'm not authorized. This can happen literally right after I log in. I added more ram thinking maybe it was just getting overloaded but ram usage is staying fairly flat. Checking the logs doesn't seem to show any issues. This message keeps occurring as well even though the ...more »
I have tags placed on my file logs. So I search for the tag name lets call it website1 and it finds nothing. I have to actually go put a filter in that says "site" = "website1". I used to be able to just type website1 and it would bring this up.
I upgraded to TP3 and for some reason my hosts do not send logs to log insight anymore.. I tried to reconfigure them with the wizard in log insight and got "cannot reload syslog".. Saw vmware said this is a harmless message. Don't understand why they don't send anymore.. Shows clearly in their advanced settings that they are to send to log insight and we have the firewall ports open for the esxi hosts..
When exporting data from the event logs it doesn't keep the date/time stamp of the event. It needs to do this as when your presenting it to someone else they have no idea when the events occurred.
Pretty sure this is a bug.. Since installing the update yesterday 2.5 I've noticed my system resources are being sucked dry.. I have 91 megabytes read from disk constantly since yesterday, a constant 65%+ CPU resource consumption ram at 66% or higher and a ton of read IO.. I have a flash system behind this that I was testing so its not bogged my normal environment down to much but still.. Seems like its using way to many ...more »
The agent should support globs (asterisk and wildcard) for folders. THe use case is IIS where multiple domains exist on the same server. Something like this
So then I could make one that does them all type thing.
Globs are supported for files so this is an inconsistency in the product as well.
When I click an alert then I click the next alert it will show the same information as the last alert. The same email addresses and such when I know it wasn't.
1.) Admin users need ability to shutdown a user's alerts (e.g. misconfiguration, user is unavailable, etc) Example: Alerts need to be editable by ANY admin.. We currently have an issue right now where an admin who created most of the alerts is on vacation and since we use AD authentication they only way I could technically "fix" a problem we have right now is to change his password or have him log in. It should allow ...more »
As it stands users can flood the server with queries and I have no idea who is doing it. It just tells me how long its ran. Its very important to know whose running what though since if its someone I know and know they know what they are doing. Then I don't want to cancel their query but if someone is just running massive queries then I should be able to pick them out and hopefully help them understand better how to run ...more »
Load Query should be able to show "Shared" queries from other users. Other users should be able to share their queries if they want instead of using dashboards..