Has anyone out there configured Log Insight 3.6.0 to authenticate to VIDM? I found the config file but I must not have populated something right so if anyone has successfully set this up please share how you did it and the values you used.
Thanks
Steve
I have some questions
1 - i have vsphere with operation manager enterprise plus 6 so if i use Log Insight for vcenter . is there any limitation for esxi or vm etc...
2- I have cisco switchs and emc vnx 5400 storage . can i use Log Insight for it . can i take all logs of switch and storage
3- What is the difference between Arcsight and Log Insight .
Went to upgrade from 3.3.2 to 3.6 through the web user interface using the pak file and the upgrade fails with the following error in the logs.
Failed to upgrade node: {
"error": "Failed to upgrade: Failed to install or upgrade rpm: vmware-tools-foundation-10.0.6-1.sles11.x86_64.rpm. Caused by: VMware Tools cannot install because it appears that another installation ofnVMware Tools is already present. Please remove the previous installation andnthen attempt to install this copy of VMware Tools again.nnerror: %pre(vmware-tools-foundation-10.0.6-1.sles11.x86_64) scriptlet failed, exit status 1nerror: install: %pre scriptlet failed (2), skipping vmware-tools-foundation-10.0.6-1.sles11",
"success": false,
"version": "3.6.0-4202923"
}
Any suggestions on how to get around this error so that I can upgrade to 3.6 would be greatly appreciated.
Hello
I am rolling out a new dev environment and am using the latest version of VRLI and VROPS (3.0 and 6.2).
When I try to integrate in vRealize Log Insight Administration -> vRealize Operations, having the the latest management pack installed in vROps, I get "Could not connect to host".
/storage/var/loginsight/vcenter_operations.log: “failed to get versions from Vrealize Operations Manager com.vmware.loginsight.vcopssuite.vcopssuiteapieception: exception posting resource”.
Latest management pack: https://solutionexchange.vmware.com/store/products/management-pack-for-vrealize-log-insight?src=vmw_so_vex_sflan_191
This worked with vROps 6.1 and VRLI 3.0.
I have created a custom query based on the following filters:
file path contains /var/log/desktone
text contains on port 389
Now this brings me multiple entries for different host names now what I want to do is create an alarm based on this query but in the alarm have it tell me which host name is generating the alarm. Is there a way to do this or do you have to create multiple alarms per host name.
We have a number of agents listed in Log Insight that have long since ceased to exist which did not have the agent uninstalled before they went, and some that are listed multiple times with only one entry showing as used recently. Is it possible to remove these old entries from Log Insight?
Thanks
Mark
Hello,
For Log Insight 3.3 was the vCenter 6 License useable for 25 OSI
(vRealize Log Insight for vCenter FAQ - VMware Cloud Management)
Is this valid for LogInsight 4 too?
best regrards,
Mike
I've installed the Microsoft Exchange content pack in Log Insight 2.5. We have Exchange 2012 and I've installed the Log Insight windows agent onto the Exchange servers. Additionally I added the entries described in the content pack instructions to the liagent.ini. I then attempted to setup the jobs in Task Scheduler which should run the powershell scripts that would collect the data for the Log Insight agent to pick up. The problem I'm seeing is that some of these powershell scripts aren't collecting data, specifically the exchange_perfmon_counters.log. It doesn't seem to retrieve any data. The other scripts seem to collect data but I'm questioning if it's collecting all the data that it should. Additionally, when I look at the dashboard several of the sections are completely empty (no results) - Transport, Client Access & Unified Messaging, Performance Counters, and SMTP. Is anybody successfully using this content pack?
I have currently been testing LogInsight in a single node configuration. This server has approximately 1.5TB of event data. If I add 2 additional worker nodes to create an HA cluster:
1) Are all nodes required to have the same amount of storage assigned?
2) When I join the additional nodes, will LogInsight only store events on the 2 new nodes until they catch up to the original node? or will all 3 nodes grow at the same rate keeping the original node 1.5TB ahead on storage?
Thanks!
Hi,
I'm about to deploy log insight for a customer across two datacentres and looking to see if what I am suggesting is supported and looks right:
The customer has one vCenter managing about 10 hosts in head office and 2 hosts in a separate DC in another country. This second site *could* end up having a lot of endpoints generating a lot of logs.
I'm thinking that I will deploy Log Insight in cluster mode with a "master" in head office and one worker and another worker in the second DC. If the number of endpoints in the second site increases, I can add a second worker.
Does this sound about right? Is there any consideration around ingesters or load balancers - or do they get built in automatically?
Many Thanks!
I've been delving into log insight recently and have a few questions:
Log insight is a very impressive and hugely useful tool. Just a few things weren't quite straightforward to me.
Appreciate any guidance.
I was wondering if anyone can provide instructions on how to add a DNS server IP address for vRealize Log Insight v3.3.1.
Any content pack that I try to add to Log insight (appliance build latest version) gives me the following error at the top of the screen:
"! Error Installing (Name of content pack) Content Pack"
This happens for any type of content pack I try to install, vmware or otherwise. I've reinstalled the appliance from scratch twice and still have the same issue. I checked another thread here which stated to check the "runtime.log" but I found nothing similar to that users messages or any messages really that can tell me whats going on. Are there any other logs I can investigate or post for help?
I need to know if there is a way to search for certain logs, by the age of that log, and delete it. Reasoning is below.
vRealize Log Insight is a good tool, but the one area where it fails spectacularly is being able to control the retention length for logs. Since vLI uses the available storage as the mechanism to determine what logs to delete or archive (if archive is setup), it is all but impossible to guarantee that a given node will have X days of logs available in the vLI. It also makes vLI very prone to "noisy neighbor" issues, where node X is producing a lot of logs and therefore consuming a lot of disk, and reducing the number/age of logs for node Y. To combat this issue, I was hoping I could run a job where it looks for messages older than X age, and deletes them. This doesn't solve the problem entirely, but it certainly helps. However, there does not appear to be a way to delete a log entry. If there is, I cannot find it.
So to re-ask the question: Is there a way to delete log entries, specifically by searching for log entries older than a certain date?
Thanks for any help.
I was wondering if there was a way to change the OVA configuration (vCPU, RAM and disk) before or after deploying the vRealize Log Insight appliance, and still receive support from VMware? The default for the small configuration is 4 vCPU, and 8 GB of RAM. We have a scenario where we may need to deploy a vRLI for some very small environments (a handful of devices), and even the small configuration would be grossly over-sized for our requirements.
Thanks for any assistance.
I am trying to get an idea as to how well vRLI logs will compress on our SAN. I know we can encrypt the logs in transit, but I don't think they are encrypted at rest.
Additionally, I don't know what format the logs are in, so cannot forward this information to our SAN vendor to get them to estimate the compression we will receive. From what I can see, the logs appear to be compressed by vRLI, so I'm guessing that we might not get any further benefit from our SAN-level compression anyhow.
Any additional information on this would be appreciated.
do anyone know how to config the Ldap configuration for log insight 4.0?
How many days I can keep logs ? I have vCenter 6 licenses and so not enterprise license. I made a standard log insight installation.What is the difference between HP Arcsight. This product is the best product follow the log?
Hi,
Is there a way to create custom filters that can be applied in data sets? Specifically I want to create a filter for database name from SQL Server. I have already made a custom extracted field for the database name, but I'd like to use this in the data set.
The logs are collected with an agent from the Windows Application Log where SQL Server Audit writes them.
I have noticed that the vSphere Content Pack adds filters like appname, vc_username etc, but I want to add a custom filter.
Thanks for any assistance.
Hi
Anyone who has encountered a problem were Log Insight does not receive any logs from SQL Server?
I have installed the agent on the SQL server and according to Log Insight it is connected, however the liagent-effective.ini is empty so it doesn't seem to have picked up the rules for monitoring.
I have tried recreating the template, restarting the services and created some events from the SQL server but nothing has worked.
Running Log Insight 4.0 against in this case a SQL Server 2012 running on a Server 2012 R2.
/Eddie