Can log insight 4.0 receive SNMP traps?
↧
Can log insight 4.0 receive SNMP traps
↧
Log insight 4.0 & 4.5- IMPORT CONTENT PACKs
Log insight 4.0 & 4.5 deployed in two different environments which has no internet access. I could not able to import content pack. I am not getting option "+IMPORT CONTENT PACK" at lower left bottom of the screen.
Is there a option for manually copy and install? or how to get UI option?
↧
↧
LogInsight 4.5 fails to install on Vsphere 6.5 latest version
Just tried installing LogInsight 4.5 onto a vSphere 6.5 host (patched to latest build). The install fails - error message relates to fschk of sda2 disk. The same OVA installs fine on vSphere 6.0. Is this a known bug? Any advice very welcome.
Rob Sullivan (UK)
London VMUG
↧
VMware Log Insight Archival throughput requirement
What is the end-to-end NFS throughput requirement between the Log Insight appliance and the NFS server ?
Is this documented anywhere?
Thanks in advance,
Renu
↧
Proxy
Is it possible to set proxy for log insight? i want to send web-hook traffic via proxy
↧
↧
download LI for vCenter
Is it just me or is latest update 4.5.1 not available with free version included with vCenter?
my.vmware > my products > downloads > only lists 4.5.0
and I am not entitled to download from https://my.vmware.com/group/vmware/details?downloadGroup=VRLI-451&productId=658&rPId=19274
↧
how can I point the liagent to collect from a network share? ie. directory = [network location]
I've got windows ms sql cluster built on smb 3 for its shared storage. The liagent doesn't seem to recognize anything other than drive letters... any suggestions?
↧
SharePoint Content Pack
Hello,
where can I find the "ms_sharePoint_usageData_logging_2013.ps1"?
The downloaded ZIP does not contain any PowerShell Scripts...
Kind Regards,
Markus
↧
vRLI and webhook alerts
All I am new this so help is appreciated
We have vRLI setup to send alerts to a webhook shim server. The shim server has and endpoint configured and forwarding on modified payloads to our upstream service
This is working well for our vrops alerting but there are some event based alerts that we want to setup for auditing in our upstream service. some of which vrops cant alert on so we set up vrli to alert through to vrops which in turn sent the rest payload to the SHIM but vrops does not seem to pass on any of the description or recommendations for Notification alerts so i get an audit event on the object in the up stream service but no data as to what it is.
I then setup a new endpoint for vrli and sent the alert directly from vrli to the SHIM server. This sends the description but i cant seem to find the source in the payload that the SHIM receives
Below is the log of the SHIM ( this is a simple event for SSH being enabled on a host for testing) as you can see there is no host name listed. I change the host name to colour in the py script just to get it to forward out of the SHIM and not error out
Nov 21 04:19:50 xxxxxx iptables[197]: 2017-11-21 04:19:50,364 INFO Parsed={'hookName': 'Log Insight', 'color': 'red', 'AlertName': 'SSH Enabled (W
ebhook)', 'info': 'Test webhook Discription', 'Messages': [], 'url': 'https://vrli-xxxxxxxxxxx', 'editurl': 'https://vrli-xxxxxxxxx/s/nnv2dq', 'HasMoreResults': 'False', 'NumHits': '0', 'icon': 'http://blogs.vmware.com/management/files/2015/04/li-logo.png', 'more
info': 'Hello from the webhook shim! This is a test webhook alert.\n\nAlert Name: SSH Enabled (Webhook)\nAlert Info: Test webhook Discription', 'fi
elds': [{'name': 'HasMoreResults', 'content': 'False'}, {'name': 'NumHits', 'content': '0'}]}
Nov 21 04:19:50 xxxxx iptables[197]: 2017-11-21 04:19:50,364 INFO URL=http://xxxxxx:50070
Nov 21 04:19:50 xxxxx iptables[197]: 2017-11-21 04:19:50,364 INFO Headers={'Content-type': 'application/json', 'Accept': 'application/json'}
Nov 21 04:19:50 xxxxx iptables[197]: 2017-11-21 04:19:50,365 INFO Body={"result": {"AlertMessage": "Test webhook Discription", "Criticality": "re
d", "EventInstance": "red", "EventName": "SSH Enabled (Webhook)", "HostName": "red", "TransformerName": "VMWare", "type": "link", "url": "https://v
rli-xxxxxxxxxx/s/barcgx"}}
Nov 21 04:19:50 xxxxx iptables[197]: 2017-11-21 04:19:50,365 INFO Check=True
Nov 21 04:19:50 xxxxx iptables[197]: 2017-11-21 04:19:50,367 DEBUG Starting new HTTP connection (1): xxxxxxxxx
Nov 21 04:19:50 xxxxx iptables[197]: 2017-11-21 04:19:50,373 DEBUG http://xxxxxxx:50070 "POST / HTTP/1.1" 200 None
Nov 21 04:19:50 xxxxx iptables[197]: 2017-11-21 04:19:50,374 INFO 10.195.239.11 - - [21/Nov/2017 04:19:50] "POST /endpoint/vrli HTTP/1.1" 200 -
Am i doing something wrong?
This is the event i am alerting on.
↧
↧
Unable to download Exchange Content Pack
Hi there,
I'm currently unable to download the full vCenter Log Insight Content Pack for Microsoft Exchange zip archive to access the necessary scripts required for installation.
This is being accessed from VMware Solution Exchange (VMware Solution Exchange) and issue occurs due to a broken link at https://marketplace-download.vmware.com/repo/vsx/Microsoft_-_Exchange__v3.2_Published.zip
Chrome:
The webpage at https://marketplace-download.vmware.com/repo/vsx/Microsoft_-_Exchange__v3.2_Published.zip might be temporarily down or it may have moved permanently to a new web address.
IE:
This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
Please advise asap. (have also submitted to VSX Alliance, however submitting here in the hope to have resolved soon).
Many thanks,
Will
↧
Log Insight enhancements
Hey,
Where does a person submit a request for an enhancement to Log Insight? I used to utilize the site at VMware Log Insight | Recent The site appears to not be accepting new requests or votes on existing enhancements.
Or has the process changed to submitting a ticket to VMWare support?
↧
Unique count of hostname as a single value - export list?
I have LI version 4.3 installed. I have an interactive search where I want to see the unique count of hostname as a single value. I get the metric, and this is good! Is there a way to export the list of hostnames that determine the metric?
↧
Can't Login
I deployed the ova template...
Setup the appliance through the web, Setup the 3rd party pluggins (Veeam, Synology, emc).
Connected both the vCenters and the Realize Operations Manager.
I even added a 2nd username for myself to login.
I went to lunch and when I got back I had a message I was logged out.
When I tried to login I get a Failed error message.
tried on both logins, Rebooted and tried with no luck.
↧
↧
Is liagentd supposed to run on the vRLI server itself?
I've got vRLI v4.5.1 installed and I see that the agent is set to run automatically on the server itself:
# chkconfig --list liagentd liagentd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
Is it suppsed to? It seems to not be configured properly:
Cannot find section for [server].hostname in config. Using default: loginsight Transport error while trying to connect to 'loginsight': Couldn't resolve host name
A full logoutput-snip:
# cat /var/log/loginsight-agent/liagent_2017-11-30_00.log
2017-11-30 13:07:27.700617 0x00007f0d094e9700 <warng> AgentDaemon:433 | Cannot find any section <server> in the configuration. The default will be configured.
2017-11-30 13:07:27.700756 0x00007f0d094e9700 <warng> Config:307 | Cannot find section for [server].filter in config. Using default: {;.*;}
2017-11-30 13:07:27.700884 0x00007f0d094e9700 <trace> DataController:88 | Configuring collectors...
2017-11-30 13:07:27.700899 0x00007f0d094e9700 <trace> EventCollector:22 | ConfigureAndStart invoked for collector: filelog
2017-11-30 13:07:27.700908 0x00007f0d094e9700 <trace> EventCollector:47 | Configuring filelog
2017-11-30 13:07:27.700915 0x00007f0d094e9700 <warng> FLogCollectorEx:380| Cannot find section <filelog> in the configuration. The flat file log collector will stay dormant.
2017-11-30 13:07:27.700925 0x00007f0d094e9700 <trace> EventCollector:49 | Configuration of filelog is done
2017-11-30 13:07:27.700931 0x00007f0d094e9700 <trace> EventCollector:56 | Starting filelog
2017-11-30 13:07:27.700938 0x00007f0d094e9700 <trace> EventCollector:59 | Started filelog
2017-11-30 13:07:27.700944 0x00007f0d094e9700 <trace> DataController:100 | Configuring transport...
2017-11-30 13:07:27.700951 0x00007f0d094e9700 <warng> Config:307 | Cannot find section for [server].proto in config. Using default: cfapi
2017-11-30 13:07:27.700959 0x00007f0d094e9700 <trace> DataController:163 | Creating cfapi transport
2017-11-30 13:07:27.700972 0x00007f0d094e9700 <warng> Config:307 | Cannot find section for [server].hostname in config. Using default: loginsight
2017-11-30 13:07:27.700981 0x00007f0d094e9700 <warng> Config:370 | Cannot find section for [server].ssl in config. Using default: yes
2017-11-30 13:07:27.701011 0x00007f0d094e9700 <warng> Config:256 | Cannot find section for [server].port in config. Using default: 9543
2017-11-30 13:07:27.701024 0x00007f0d094e9700 <warng> Config:256 | Cannot find section for [server].reconnect in config. Using default: 30
2017-11-30 13:07:27.705360 0x00007f0d094e9700 <trace> DataController:104 | Starting transport...
2017-11-30 13:07:27.705460 0x00007f0d094e9700 <trace> AgentDaemon:422 | AgentDaemon configured successfully
2017-11-30 13:07:27.705453 0x00007f0d037fe700 <trace> Logger:188 | Thread "CFApiTransport" has id 0x7f0d037fe700
2017-11-30 13:07:27.705476 0x00007f0d094e9700 <trace> AgentDaemon:367 | AgentDaemon started successfully
2017-11-30 13:07:27.705517 0x00007f0d037fe700 <trace> CFApiTransport:130 | Connecting to server loginsight:9543
2017-11-30 13:07:27.727726 0x00007f0d037fe700 <error> CurlConnection:781 | Transport error while trying to connect to 'loginsight': Couldn't resolve host name
2017-11-30 13:07:27.727758 0x00007f0d037fe700 <trace> CFApiTransport:108 | DoConnectJob [Postpone connection by 1 sec]
2017-11-30 13:07:28.727848 0x00007f0d037fe700 <trace> CFApiTransport:128 | Re-connecting to server loginsight:9543
2017-11-30 13:07:28.731489 0x00007f0d037fe700 <error> CurlConnection:781 | Transport error while trying to connect to 'loginsight': Couldn't resolve host name
2017-11-30 13:07:28.731546 0x00007f0d037fe700 <trace> CFApiTransport:108 | DoConnectJob [Postpone connection by 2 sec]
2017-11-30 13:07:30.731672 0x00007f0d037fe700 <trace> CFApiTransport:128 | Re-connecting to server loginsight:9543
2017-11-30 13:07:30.736886 0x00007f0d037fe700 <error> CurlConnection:781 | Transport error while trying to connect to 'loginsight': Couldn't resolve host name
2017-11-30 13:07:30.736930 0x00007f0d037fe700 <trace> CFApiTransport:108 | DoConnectJob [Postpone connection by 7 sec]
2017-11-30 13:07:37.737023 0x00007f0d037fe700 <trace> CFApiTransport:128 | Re-connecting to server loginsight:9543
2017-11-30 13:07:37.741783 0x00007f0d037fe700 <error> CurlConnection:781 | Transport error while trying to connect to 'loginsight': Couldn't resolve host name
2017-11-30 13:07:37.741816 0x00007f0d037fe700 <trace> CFApiTransport:108 | DoConnectJob [Postpone connection by 11 sec]
2017-11-30 13:07:48.741923 0x00007f0d037fe700 <trace> CFApiTransport:128 | Re-connecting to server loginsight:9543
2017-11-30 13:07:48.747042 0x00007f0d037fe700 <error> CurlConnection:781 | Transport error while trying to connect to 'loginsight': Couldn't resolve host name
2017-11-30 13:07:48.747071 0x00007f0d037fe700 <trace> CFApiTransport:108 | DoConnectJob [Postpone connection by 23 sec]
I know I could configure /var/lib/loginsight-agent/liagent.ini and set a correct hostname in the server section (or hack hosts file and point loginsight to localhost or server IP), but unless it's supposed to use it's own agent to log to it's database, I'd wait. Maybe the agent should be stopped?
Anyone?
↧
Can't log in with http or https://loginsight/ip
In my test,I'm creater a cluster with three loginsight server.Then,I delete two worker loginsight server with vmdk in the vcenter server,and i reboot master server.Now,I can't login ui with http or https://servername or ip.
↧
LogInsight DNS queries - How to minimize?
Hi all,
Loginsight Appliance 4.5 is generating a large number of DNS queries. Is it possible to disable IPv6 Queries or VM queries for example or change the way it caches DNS queries? Any idea?
Best regards
Jörg
↧
Unique count of hostname as single value varies day to day
I have 20K hosts that I am trying to validate logging in Log Insight. On Friday, I ran a query in version 4.3 of Log Insight for "unique count of hostname as a single value" for the time period 2017-11-14 00:00:00.000 to 2017-12-14 15:54:16.053. The count was 8627. I run this same query today for the same time period and see a value of 7650. On both runs, I see a small alert triangle noting "Results may be inaccurate because some groups have too many distinct values."
Is this the root cause of the reported differences? No data has aged out of the cluster during this time period (per the email notifications that I would receive on dast aging).
↧
↧
Disconnected cfapi vRLI Agent alerts?
So I have these cfapi vRLI agents which are randomly disconnecting from vRLI and I need to generate an alert when they end up in a state of "disconnected"...
I was thinking this would be a straight forward and simple thing to do but I for the life of me cant find a way to do it!
does anyone have a solution?
Cheers
vMAN
↧
alerts and dashboard help
Hello team,
I am new to loginsight, in our environment we have vsphere/vsan/nsx/vio. can someone help me to understand what are the alert that we have to configure, is there any document/website available to get some idea about required alerts and dashboards
↧
Configuring vIDM via API
I've been working through creating workflows of what I'm going to call "routine configurations" that a person does when standing up a new Log Insight instance/cluster (tested on 4.5.1), but when I try and go and create the API call to establish vIDM configuration... the API is returning an error related to the self-signed certificate from vIDM.... which is, to put it mildly, highly annoying. My request looks like this (sanitized):
`
curl --request POST \
--url https://<li-host>:9543/api/v1/vidm \
--header 'authorization: Bearer SEUrE+BeXqIOGWE7Mzwza+WC8VD0yzojqHg6NTcy42UOB2NqLa2NI9ROHIQulAX1H93HH4K92neE7XLBYm4cNcxGkzJnA2V6Wpwx93bGslkM7FNBXCkZfAV/JpRkUxEvWmx98kxxZczsu5g6xiruID2jzbAwrPnF9ap5xDCIcaxyvX495uH0n7pYFp6wFGuOgi0gqfd2+BbXRtJe2A2/qisazkWsNrp7mJ7SDkw1OVSGruuAokH65QRPAjdN8c//vomgTRGS4WBzCkkT+Sl/jw==' \
--header 'content-type: application/json' \
--cookie JSESSIONID=51A9140CD5C6590958C0295E6A8B4263 \
--data '{
"acceptCert" : true,
"enabled": true,
"hostname": "<vidm-fqdn>",
"port": "443",
"tenant": "vsphere.local",
"redirectURL": "<li-vip>",
"username": "admin@vsphere.local",
"password": "<password>"
}'
And the response I'm getting from the API is:
{
"errorMessage": "VMware Identity Manager provided custom CA certificate. Unable to make SSL connection.", "errorCode": "VIDM_ERROR", "errorDetails": { "errorCode": "com.vmware.loginsight.api.providers.vidm.custom_ca_certificate" }
}
Anybody have any ideas why it would work in the UI (where I can review the SSL cert and accept), but not via the API? Is there something possibly missing from the API docs around a query parameter to force acceptance of the cert? I'd think the "acceptCert" parameter would do that in the JSON body, but well.........
↧