Is there any documentation or plans to release documentation about how to use the Ingest API that is part of Log Insight 2.0 Beta?
Thanks,
Steve Fowler
↧
Log Insight 2.0 Beta Ingest API Documentation?
↧
Possible bug with adding queries to favorites
I've noticed that when I build a query say with a time range of 24 hours and then click the "Add current query to favorites". When I click the "Favorite queries" button and pull it again it changes the time range to custom and goes back to the time when I originally ran the query and not for the last 24 hour period.
Is this expected behavior?
This is in the 2.0.1 beta
↧
↧
Connecting to vCenter Certificate issue in 2.0GA
I just upgraded my 2.0Beta instance to 2.0GA and was looking at the inventory dashboard and noticed that the number of vCenters connected was 0.
I figured I need to update the password, so I did and when I tested the password I got:
HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
I was working on a separate problem with someone trying to connect a tool the vcenter and they had a certificate error as well, I think it may have to do with this KB
This is an old vCenter that has been upgraded over time. It is as 5.5GA
I was able to add another vCenter that is 5.5u1 that has a 2048 bit cert.
↧
Has anyone setup Log Insight Load Balancing?
Good Morning,
We are attempting to setup Log Insight in a load balanced, and clustered configuration. After searching tirelessly for blogs, question on this forum, or others that have completed this and shared their setup I have found nothing. The only thing that comes close is http://sflanders.net/2014/05/01/log-insight-2-0-beta-load-balancing/ , but only states that HOW to do it will come in a future post!
I was going to setup HA Proxy, but from my understanding it will not handle UDP traffic the way that Log Insight will want the have the information sent to it. Since we are wanting to send most, if not all, of the syslog traffic to the Log Insight box, we would need to use UDP 514.
Those that have actually setup the load balancing, did you follow a guide? If not, would you mind sharing how you acomplished setting up your environment to load balance between multiple workers?
Any assistance is much appreciated!
-Patrick
↧
vCenter not connecting after upgrade to 2.0
I just upgraded to version 2.0 GA and after it finished I got a message about it not being able to connect to one of my vCenter servers. It was working prior to the upgrade.
When I try and test the connection I get the following error: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
I have restarted vCenter services with no change in behavior. vCenter version is 5.0 Update 2
↧
↧
VMware Log Insight 2.0 GA very high CPU when using interactive analytics and Windows content Pack installed
Hi all, I am seeing 100% CPU use and no log information when in Interactive Analytics after installing the Windows Content Pack v 1.0.201406101414. I remove the content pack and all goes back to normal. I am on version 2.0 GA (2.0.3-1879692). I never had the content pack installed before upgrading to this version last week. Thanks for any help.
↧
Windows Agent filelog question
I am trying to log DHCP data which lives in the C:\Windows\System32\dhcp directory. I keep getting an error:
2014-06-18 12:11:32.064285 0x00000f58 FLogCollector:213 | Invalid path specification was obtained. Channel [filelog|windowsAuditDHCP] will stay dormant until properly configured.
I assume this is a permissions issue because I do not get the error when pointing to a newly created c:\tmp directory.
2014-06-18 12:07:29.607531 0x00000a4c EventCollector:27 | ConfigureAndStart invoked for collector: FLogCollector
2014-06-18 12:07:29.607531 0x00000a4c EventCollector:52 | Configuring FLogCollector
2014-06-18 12:07:29.607531 0x00000a4c EventCollector:54 | FLogCollector configured
2014-06-18 12:07:29.607531 0x00000a4c EventCollector:61 | Starting FLogCollector
2014-06-18 12:07:29.607531 0x00000ef4 WinLogCollector:203| WinLogCollector thread begin
I tried enabling “Allow service to interact with desktop” in the service but did not seem to work. I also attempted logging in as a different user for the service instead of the default of “Local System account” with no luck. Thanks for any feedback / suggestions!
↧
False license count - Where can I see what OSIs are active?
Hi all,
I have installed the vCenter LogInsight 2.0 GA appliance, connected it to a vCenter server, two ESXi hosts (that are the only hosts being managed by this vCenter server) and two Windows Server VMs (via the Log Insight Windows Agent). For me this is 5 OSIs now, but in the License Management it shows 7 "Average Active OSIs".
Why? And where can I check what the additional 2 OSIs are?
Thanks
Andreas
↧
Log Insight Workers failing to join
SR: 14493589706
Log Insight Master 2.0.3
Log Insight Workers 2.0.1
Description:
I am having issues joining workers to the master installation. The workers are located in a geographically separate vCenter, and both vlans have the ability to talk between them with the only ACL, port 22.
The error that is given is:
"Failed to grant the membership to a cluster java.net.ConnectException: Connection refused"
I see on the docs that 59778 TCP, 12543 TCP, 16520 TCP, 16580 TCP, need to be open, so there is no ACL's in place for it. I also noticed that 'service iptables status' returned no firewall! So, I am out of options on how to troubleshoot this :-(
-Patrick
↧
↧
Can log insight read custom log files from other applications running on ESX host?
I want to track some metrics on ESX host. I was able to get the syslog for the ESX host dump data to the log insight manager. I cannot get my custom log file to be read by log insight manager. Is there a way?
↧
"VMs failed over by HA" in vsphere - HA dashboard Log Insight 2.0GA
I was looking at this dashboard and it seemed like a lot of VMs were being failed over.
When I dug into the VM names and looked in vCenter, the events seem to correspond to DRS events instead of HA events.
↧
Issues searching for events coming from a file log
I've got the windows agent installed on a few servers to monitor some file logs and running into issues trying to find specific events. I can see the events under IA if i do a hostname contains the server name but if i then try to filter or search that further to find specific events I get no results. Also even when i'm filtered by hostname and can see event i want if i highlight it and select "Contains: the data i want" it comes back with no results.
Any one else experience this or am i doing something wrong?
↧
NFS Archive Configuration
Does anyone know, even if it is an unsupported method, the configuration file for the workers that tells it where the NFS archive location is? While we are waiting for Log Insight to be updated to allow worker vm's to set their own NFS path, this would greatly help us out.
Sflanders, I know you had mentioned the way we are setting up our LI environment was an unsupported way, because it wasn't tested out by VMware. I would be more than happy to setup a conference call, if you are interested, to discuses how we are trying to replace a global deployment of splunk with LI. Currently, we want 1 giant master, and as many as 15-20 workers spread out in 3 separate geographical locations. We currently have it working with 1 master and 1 slave together, and 4 more workers pulling 100 more hosts, ~15 Domain Controllers and 5 vCenters, but want to more than double this.
↧
↧
vCenter Collection Failed
I just upgraded from 1.5 GA (1.5.0-1435442) to 2.0 GA (2.0.3-1879692) and now log insight is no longer collecting logs from my two vcenter servers.
I've seen all the SSL certs below 1024-bit connection discussions, but my issue seems to be different. I know the certs are greater than 1024-bit, and testing the connection from the log insight appliance works, but in the inventory I see zero vcenter servers, and no logs are being ingested. I created a ticket with vmware support, but have yet to hear from them.
I've tried restarting the appliance, and updating the vcenter server user credentials, but still nothing.
↧
Log Insight Master - Worker Query
Good Morning,
I have been trying to find this information in the documentation, but I just can't seem to find it!
How does the Master - Worker relationship work?
In our environment (I know it is 'currently' an unsupported configuration) we have 1 Master Log Insight and 8 workers that pull all syslogs, AD and Domain Controller logs are pulled via workers to their local Log Insight Workers. When someone runs a query from the master, how does the master know which node to query to find that information? Does it just query all of them the same query, and then once the worker responds "hey I have this here is the results". Or does the master keep a list of what IP/DNS is being pulled from where?
Patrick
↧
vSphere Integration, and vCenter logging Question
Good Morning,
Few questions!
- Does the vSphere Integration with the vCenter servers provide any additional functionality over just pulling all the logs from vCenter through a syslog collector?
- Do you see any issue with using either nxlog or the Log Insight Agent to pull the following logs listed below, even though they are being written do quite constantly? (Such as file permission or in use errors)
- Would there be any issue removing the vcenter/host integration into Log Insight and utilize a separate method of sending logs in to Log Insight?
- How would the Log Insight Agent handle the files that would have dynamic names? Could I just say log catalina.*.log?
- VMware KB: Location of vCenter Server log files
vpxd.log
vpxd-profiler.log
vpxd-alert.log
cim-diag.log and vws.log
ls.log
vimtool.log
stats.log
sms.log
eam.log
catalina.<date>.log and localhost.<date>.log
jointool.log
manager.<date>.log
host-manager.<date>.log
Thanks for any help!
- Patrick
- VMware KB: Location of vCenter Server log files
↧
Legend numbers do not make sense!
Question, why does the legend for the graphs show this (Microsoft - Active Directory Security - Overview)?
As this is a legend strictly for number of events, shouldn't it go: 1,10,100,1,000,1,000,000,1,000,000,000(ten, hundred, thousand, hundred-thousand, million, billion, trillion)? It seems like it is showing file size as the number of events(kilo, Mega, Giga)!
↧
↧
Microsoft Active Directory Content Pack Question
So I have installed the content pack for Microsoft Active Directory, and it works well for what it has been designed for.
Would it be possible to add another section for File Integrity Monitoring? This is a requirement for PCI compliance, and would be a great addition to this content back dashboard!
Figured I would ask in here, before making it a feature request, to see if it could possibly be just added on the fly ;-)
↧
[REQUEST] Log Insight Visio Stencils
I was wondering if there are any VMware Log Insight Visio Stencils that have been created, or plan on being created?
↧
Move from Log Insight 1.5 GA to 2.0 GA
My organization is looking to move from using Log Insight 1.5 GA to 2.0 GA. We have stood up a new instance of the virtual appliance rather than doing an in-place upgrade. Can we use the “integration” pane in the console of the appliance the same way we would if this were a first time, stand-alone deployment?
Will configuring the appliance in this way tell vSphere \vCenter\ESXi hosts and vCOPS to send logs to the new Log Insight server? Or perhaps both Log Insight servers? Is this the best way to move up to the new version? Just looking to make sure nothing breaks during the transition.
Thanks for your advice on this
↧