Badges [ 7 ] [-]
Activity Stream [+]
Ideas Contributed [ 11 ] [+]
I am forwarding windows events collected by LI agent from Log Insight to Splunk using syslog protocol. , The box "Forward complementary tags" is not checked, but it seems to be always on. On the receiver side I see following additional stuff in the event: - - - [Originator@6876 eventid="326" task="General" keywords="Classic" level="Information" channel="Application" eventrecordid="2018" providername="ESENT"] Complementary ...more »
Some alerts should be only active during certain times:
for example admin log in should not be alerted during working hours, but is worth alerting in the middle of the night. Same may apply to certain configuration changes (VM configuration changed outside normal working hours).
1) There is no way to use an agent and logs are not getting properly parsed on the server
2) Agent is installed, but administrator prefer not to risk any additional load on the source system caused by agent-side parsing
Solution: configure parsing (analogue to agent-side parsing) on the server or dedicated forwarder
We have devices like raspberies, routers, modems, voip devices which run Linux on non-intel architectures. It would be great to have LI agent pre-compiled (or the source) for the most popular non-intel cpu architectures.
Data and privacy protection laws in some countries demand that user names and other persona related data should be anonymized. So fields like user names should be replacable by hashes.
It would be great if we could use variable (for example $HOSTNAME) and other environment settings in the liagent.ini file. We would be able to use variables for tagging or log file locations.
This would allow to refine configurations and use the same file on a number of systems.
Extend vR Ops to integration beyond notification and launch in context: deliver metrics (i.e. number of events, number of error / warning events, number of tasks, kernel warnings, VOB events) to vROps and match it to existing vROps objects (vCenter, hosts, VMs).
Allow log insight to analyze internal (linux and application) logs in the same instance. Currently it is not supported to redirect log insight logs to itself.
Customer would like to see the list of users logged in currently and the log of user log-ins and past activities. This may be required as auditing feature (who looked at the logs, changed config and so on).
If you configure an alert for a certain condition for a VM or host a it would be great to assign it to all objects of certain kind in vC Ops or matching objects according to any variable or regexp.
At the moment each notification must be configured individually and no generic rules are possible.