Badges [ 7 ] [-]
Activity Stream [+]
Ideas Contributed [ 11 ] [+]
It would be very useful to be able to define host groups whether the client is an agent or a syslog devices to be used in queries or to even tag events which are from these groups. It's an overhead having to create forwarding rules to tag logs on forwarders as we don't give dashboard users access to forwarders it would be much simpler to allow them to create a group of hostnames and allow that group to be used in queries. ...more »
I need to send the logs from the log insight appliances through to our SIEM solution for auditing purposes. Is there a way to do this?
Hi, Does anyone have any experience in running LI Agent on MS failover clusters? We are trying to monitor the SQL logs and obviously the clustered drive (where the logs exist) are only mounted on one server at a time, so when the LI agent starts on each server, in the pair, one can read the logs drive and the other can't so it ignores that drive as it doesn't exist. When the cluster fails over we need a way of telling ...more »
Things have improved over time and I have noted the previous feature request (http://loginsight.vmware.com/a/idea-v2/8395) however it is very difficult to manage the status of the endpoints for both agents and syslog hosts. This is important both from an operational and security point of view. Some features which would help a great deal are:- - Ability to purge the "host" page - Add last active (or last received ...more »
As part of a redesign, we're migrating our agents to a new cluster of forwarders, with a different SSL certificate. The migration will be achieved by a DNS change using the same URL. I have noticed that on the agent VM's the current SSL is downloaded into c:\ProgramData\vmware\Log Insight Agent\url-name.crt., I believe that this is used as a one way validation that we are communicating with the correct forwarder. We ...more »
When upgrading the above is displayed, would be really good to have more information, much like vROps which displays the progress on each node. Currently it just sits there even with upgrade failures.
Currently unable to set SSL=yes when using the command line parameters. It is possible to set all the other important parameters, protocol, host, port but not SSL. This is especially important if your LI servers need to be set to SSL only.
Yes you could create a MST but this is a rather complicated solution to a simple problem.
It would be great to have the ability to replicate (or even export/import) config between clusters. We currently deploying 10 3-node forwarding clusters and managing the agent config is going to be a challenge.
Would be really interested to know which agent you use on Linux servers, as I am in a debate with security team regarding whether to use the LI agent or the syslog daemon on the redhat servers. In my mind the main pros for each are:- Syslog daemon - multiple destinations (this may become a requirement) - nothing to maintain outside of base OS, i.e not 3rd party software Log Insight - cfapi support - centralised configuration ...more »
Hi, Is it possible to create custom filters for event forwarding. We would like to use IP Address or possibly other variables?
Hi, Does anyone know if the syslog client in ESXi will buffer messages locally in the event of a LI failure? The functionality would be much like the configuration parameter in LI Agent
; Max local storage usage limit (data + logs) in MBs. Valid range: 100-2000 MB.