VMware Cloud Community
virtech
Expert
Expert
Jump to solution

Windows File Monitoring - Customizing Text Format

Just been playing around with file monitoring on Windows looking at a specific log file. Events are coming into the Log Insight server and I have then created an Alert to email the contents of a custom the search to a mailbox. (see image for search)

I'm expecting to see a similar output to the File Attached but all of the columns are together making it very hard to read the output, can this behaviour be manipulated some how?

Reply
0 Kudos
1 Solution

Accepted Solutions
sflanders
Commander
Commander
Jump to solution

Right, so vR Ops you only get title -- this would be true for webhook to vR Ops as well -- can you open a feature request on https://loginsight.vmware.com that request for more than a title be sent to vR Ops?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

View solution in original post

Reply
0 Kudos
11 Replies
sflanders
Commander
Commander
Jump to solution

Can you post a screenshot of what you are seeing with LI?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
admin
Immortal
Immortal
Jump to solution

Are you creating an alert On Every Match?

The HTML emails aren't converting whitespace to either pre-formatted (e.g., <pre>) or using  . The spaces are sent through intact, but without such encoding your mail client is almost certainly ignoring the extra whitespace. I'll consider this a bug.

Reply
0 Kudos
virtech
Expert
Expert
Jump to solution

I get this in the email which runs everyday

Total Copied Skipped Mismatch FAILED Extras Dirs : 215 0 0 0 0 0
Files : 40618 0 31605 0 0 1
Bytes : 40.313 g 0 20.313 g 0 0 383
Times : 0:00:00 0:00:00 0:00:00 0:00:00
Ended : Friday, 11 March 2016 09:39:01 a.m.

The alert looks ok in Syslog, any workaround you can think off?

Reply
0 Kudos
admin
Immortal
Immortal
Jump to solution

It's an email formatting bug. Alerts sent to vRealize Operations or a Webhook destination would be immune. I cannot think of a palatable workaround beyond modifying the messages before sending them to Log Insight.

Reply
0 Kudos
virtech
Expert
Expert
Jump to solution

Ok - If I send the same query to vROPS, All I get is the Source Event name and Event Type, There is no other information, is this expected?

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Alan is correct vR Ops is immune, however you are correct in that events are not sent to vR Ops if you use it as an alert destination today. This means your only option is webhook. Can you open a feature request on https://loginsight.vmware.com?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
virtech
Expert
Expert
Jump to solution

I see webhooks are supported in Log Insight 3.3,  does this support sending events to vROPs?

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Sorry what is the question? LI can send to vR Ops *OR* to a webhook. If the question is webhook to vROps you would need something in the middle to parse the LI webhook and send it in vROps format, but then you would be duplicating what LI does today and would suffer from the same limitations.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
virtech
Expert
Expert
Jump to solution

The question is regarding sending from Log Insight to vRops, alerts are coming though but only the name of the syslog alert is seen and the main syslog data doesn't appear.

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Right, so vR Ops you only get title -- this would be true for webhook to vR Ops as well -- can you open a feature request on https://loginsight.vmware.com that request for more than a title be sent to vR Ops?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
virtech
Expert
Expert
Jump to solution

Ok done, can't believe that functionality doesn't exist today!

Reply
0 Kudos