I have modified liagent.ini per documentation...as I understand it...in fact I have modified it so many times my eyes hurt.
Here it is:
; VMware Log Insight Agent configuration. Please save as UTF-8 if you use non-ASCII names / values !
; Actual configuration is this file joined with settings from server to form liagent-effective.ini
; Note: Restarting the agent is not required after making a configuration change
; Note: It may be more efficient to configure from server's Agents page !
[server]
hostname=192.168.88.89
; Hostname or IP address of your Log Insight server / cluster load balancer. Default:
;hostname=LOGINSIGHT
; Protocol can be cfapi (Log Insight REST API), syslog. Default:
proto=cfapi
; Log Insight server port to connect to. Default ports for protocols (all TCP):
; syslog: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default:
port=9000
; SSL usage. Default:
ssl=no
; Example of configuration with trusted CA:
;ssl=yes
;ssl_ca_path=/etc/pki/tls/certs/ca.pem
; Time in minutes to force reconnection to the server.
; This option mitigates imbalances caused by long-lived TCP connections. Default:
reconnect=30
[logging]
; Logging verbosity: 0 (no debug messages), 1 (essentials), 2 (verbose with more impact on performance).
; This option should always be 0 under normal operating conditions. Default:
debug_level=1
[storage]
; Max local storage usage limit (data + logs) in MBs. Valid range: 100-2000 MB.
max_disk_buffer=2000
; Uncomment the appropriate section to collect system logs
; The recommended way is to enable the Linux content pack from LI server
[filelog|bro]
directory=/data/bro/logs/2015-03-04
;include=*.log
parser=auto
I have created a support pack, should I post it here?
Message was edited by: kevinkeeneyjr I added a screenshot of the Agents status
Message was edited by: kevinkeeneyjr Added liagent.ini
Ah! Yes, the agent is for real-time collection of events. If no new events are being written then it will not work. If you want to collect logs that were previously generated you should use the Log Insight Importer which was released with LI 3.3. I hope this helps!
Hey -- sorry to hear you are having trouble. Yes, can you attach a client-side support bundle (where the agent is running).
I have liagent running on a CentOS box inside VMware fusion. I have LogInsight also running on VMware fusion.
Cool and config looks good -- need liagent logs to see what the issue is.
Agent Up Time 02:45:00.015000
Observed Events : 0 (total events seen for all log sources since Agent started or changed server)
Collected Events: 0 (=Observed-Dropped)
Sent Events : 0 (delivered to destination server)
Dropped Events : 0 (dropped due to local storage overflow or rejected by the server)
Collection State: Collecting
Sending Rate : 0.00 EPS (average for last minute)
DB File Size : 64,512 bytes
CPU Usage : 0.1% (average for last 900 seconds, from total available of 100%)
Connection : cfapi://192.168.88.89:9000
Hostname (FQDN) : centos-fusion.keeney.local
Disk Space Used : 885,376 bytes
Machine UID : 564d0b22-b6cd-300c-55a1-e7f15ee9067c
Agent UID : 564d0b22-b6cd-300c-55a1-e7f15ee9067c
Performance Counters ------------------------------ For Last 900 seconds ------------------------ -------------------------- Cumulative ---------------------------
count min(us) max(us) avg(us) total(us) count min(us) max(us) avg(us) total(us)
CFAPI Status Request 30 3,891 623,362 29,294 878,831 330 3,403 30,404,566 131,062 43,250,626
Internal Debug Counters ------------------------------------------------------------------------- -----------------------------------------------------------------
CurlConnection::RequestMethod 31 592 623,280 28,289 876,972 336 592 30,404,501 128,696 43,241,956
CurlData::PerformRequest::Transfer 31 494 623,171 28,109 871,388 336 470 30,404,384 128,496 43,174,761
DbConnection::GetDbSize 0 0 0 0 2 1 89 45 90
DbConnection::GetFreeSpaceSize 8,892 14 220 33 301,781 98,159 11 1,633 33 3,247,342
DbStorage::CheckAndCommit 0 0 0 0 3 0 0 0 0
DbStorage::CheckDb 0 0 0 0 1 19,000 19,000 19,000 19,000
DbStorage::CheckVersionAndUpgrade 0 0 0 0 1 27,828 27,828 27,828 27,828
DbStorage::CommitChanges 0 0 0 0 2 9 50 29 59
DbStorage::GetBookmark 0 0 0 0 1 56 56 56 56
DbStorage::GetBookmarks 0 0 0 0 1 375 375 375 375
DbStorage::StoreBookmark 0 0 0 0 1 416 416 416 416
DbStorage_Maintenance 8,892 15 221 35 312,770 98,209 0 1,634 34 3,366,101
------------------------------------------------------------------------------------------------- -----------------------------------------------------------------
2016-03-12 05:02:08.998955 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:02:10.309436 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:02:10.309676 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:02:10.314751 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:02:10.314824 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:02:10.314840 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:02:38.999220 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:02:39.445366 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:02:39.445529 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:02:39.449827 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:02:39.449893 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:02:39.449907 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:03:08.999492 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:03:09.364742 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:03:09.364928 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:03:09.369868 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:03:09.369937 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:03:09.369952 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:03:38.999642 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:03:39.645262 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:03:39.645394 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:03:39.709669 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:03:39.709728 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:03:39.709739 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:04:09.000260 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:04:09.617125 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:04:09.617251 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:04:09.621301 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:04:09.621350 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:04:09.621363 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:04:39.001672 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:04:39.403950 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:04:39.404116 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:04:39.409202 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:04:39.409268 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:04:39.409283 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:05:09.002443 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:05:09.408857 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:05:09.409034 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:05:09.413940 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:05:09.414007 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:05:09.414024 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:05:39.003326 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:05:39.481036 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:05:39.481203 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:05:39.485971 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:05:39.486041 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:05:39.486056 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:06:09.003508 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:06:09.531529 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:06:09.531692 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:06:09.536726 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:06:09.536840 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:06:09.536868 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:06:39.003994 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:06:39.490513 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:06:39.490661 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:06:39.495358 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:06:39.495434 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:06:39.495451 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:07:09.005873 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:07:14.249434 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:07:14.249600 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:07:14.254481 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:07:14.254552 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:07:14.254566 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:07:39.007866 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:07:39.435530 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:07:39.435658 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:07:39.439364 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:07:39.439428 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:07:39.439440 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:08:09.009196 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:08:09.571863 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:08:09.572025 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:08:09.577061 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:08:09.577132 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:08:09.577147 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:08:39.009582 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:08:44.238817 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:08:44.238997 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:08:44.244153 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:08:44.244219 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:08:44.244234 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:09:09.010185 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:09:09.644468 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:09:09.644630 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:09:09.650266 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:09:09.650337 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:09:09.650352 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:09:39.011251 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:09:39.816652 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:09:39.816839 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:09:39.821570 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:09:39.821652 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:09:39.821670 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:10:09.011913 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:10:09.311604 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:10:09.311766 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:10:09.316864 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:10:09.316935 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:10:09.316950 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:10:39.012969 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:10:44.773410 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:10:44.773589 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:10:44.778437 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:10:44.778510 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:10:44.778525 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:11:09.013882 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:11:09.743276 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:11:09.743392 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:11:09.747789 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:11:09.747842 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:11:09.747854 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:11:39.015256 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:11:39.980020 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:11:39.980143 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:11:39.983874 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:11:39.983949 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:11:39.983963 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:12:09.016276 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:12:09.777132 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:12:09.777297 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:12:09.781902 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:12:09.781968 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:12:09.781983 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:12:39.016199 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:12:39.923016 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:12:39.923179 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:12:39.928454 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:12:39.928533 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:12:39.928549 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:13:09.017844 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:13:09.503899 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:13:09.504065 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:13:09.509098 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:13:09.509165 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:13:09.509180 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:13:39.018873 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:13:39.499030 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:13:39.499150 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:13:39.503223 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:13:39.503282 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:13:39.503294 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:14:09.020115 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:14:09.650926 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:14:09.651091 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:14:09.655572 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:14:09.655642 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:14:09.655657 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:14:39.021113 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:14:39.632679 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:14:39.632867 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:14:39.648504 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:14:39.648599 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:14:39.648617 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:15:09.022908 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:15:09.377655 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:15:09.377788 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:15:09.381608 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:15:09.381675 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:15:09.381689 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:15:39.024243 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:15:39.419300 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:15:39.419463 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:15:39.425051 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:15:39.425119 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:15:39.425132 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 05:16:09.025419 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 05:16:09.500408 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 05:16:09.500575 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 05:16:09.505279 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 05:16:09.505350 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 05:16:09.505365 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
[root@centos-fusion loginsight-agent]#
I need the top 100 lines from the newest log file -- unfortunately the end of the file does not help.
2016-03-12 02:17:05.745015 0x00007f4ba1864740 <trace> AgentDaemon:133 | AgentDaemon start requested.
2016-03-12 02:17:05.745551 0x00007f4ba1864740 <trace>
Agent Build : 3.3.0.3516686
Start Time : 2016-03-12 02:17:05.745515
Running as user : root
Our Process ID : 1529
Executable Path : /usr/lib/loginsight-agent/bin64/liagent
Operating System: CentOS Linux 7 (Core) x86_64
2016-03-12 02:17:05.745776 0x00007f4ba1864740 <trace> AgentDaemon:96 | Boost version: 1.55.0
2016-03-12 02:17:05.745787 0x00007f4ba1864740 <trace> AgentDaemon:105 | OpenSSL version: OpenSSL 1.0.1q 3 Dec 2015, SSLv3: disabled
2016-03-12 02:17:05.748021 0x00007f4ba1864740 <trace> AgentDaemon:124 | Curl version: 7.40.0 Supported features: IPv6, TLS, Unix domain sockets
2016-03-12 02:17:05.748041 0x00007f4ba1864740 <trace> AgentDaemon:126 | SQLite version: 3.8.10.1
2016-03-12 02:17:05.748051 0x00007f4ba1864740 <trace> AgentDaemon:149 | Data directory: "/var/lib/loginsight-agent"
2016-03-12 02:17:05.748225 0x00007f4ba1864740 <trace> DbConnection:34 | Opening database file /var/lib/loginsight-agent/storage/liagent.db
2016-03-12 02:17:05.760867 0x00007f4ba1864740 <trace> DbConnection:104 | Locking db for exclusive usage.
2016-03-12 02:17:05.767175 0x00007f4ba1864740 <trace> DbConnection:51 | Database "/var/lib/loginsight-agent/storage/liagent.db" opened successfully
2016-03-12 02:17:05.769179 0x00007f4ba1864740 <trace> AgentDaemon:159 | Starting AgentDaemon configuration thread
2016-03-12 02:17:05.779251 0x00007f4b9ff4d700 <trace> Logger:188 | Thread "AgentDaemon Main" has id 0x7f4b9ff4d700
2016-03-12 02:17:05.779306 0x00007f4b9ff4d700 <trace> AgentDaemon:319 | AgentDaemon main thread started
2016-03-12 02:17:05.788217 0x00007f4b9ff4d700 <trace> DbStorage:296 | Checking database integrity...
2016-03-12 02:17:05.807174 0x00007f4b9ff4d700 <trace> DbStorage:334 | Database integrity check done.
2016-03-12 02:17:05.807432 0x00007f4b9ff4d700 <trace> DbStorage:137 | DbStorage stored event id's: min = 0, max = 0
2016-03-12 02:17:05.807574 0x00007f4b9ff4d700 <trace> AgentDaemon:328 | Agent UID:564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 02:17:05.807600 0x00007f4b9ff4d700 <trace> AgentDaemon:354 | Reading configuration received from server. Hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 02:17:05.811189 0x00007f4b9ff4d700 <trace> Config:129 | Reading configuration from: /var/lib/loginsight-agent/liagent.ini
2016-03-12 02:17:05.814393 0x00007f4b9f74c700 <trace> Logger:188 | Thread "DbStorage Maintenance" has id 0x7f4b9f74c700
2016-03-12 02:17:05.814444 0x00007f4b9f74c700 <trace> DbStorage:556 | DbStorage maintenance thread started.
2016-03-12 02:17:05.817107 0x00007f4b9ff4d700 <trace> Config:101 | The current effective configuration is dumped into file /var/lib/loginsight-agent/liagent-effective.ini
2016-03-12 02:17:05.817355 0x00007f4b9ff4d700 <trace> Config:211 | Read config param logging.debug_level = 1
2016-03-12 02:17:05.817419 0x00007f4b9ff4d700 <trace> AgentDaemon:389 | AgentDaemon Configuring...
2016-03-12 02:17:05.817427 0x00007f4b9ff4d700 <trace> AgentDaemon:394 | Configuring queue...
2016-03-12 02:17:05.817438 0x00007f4b9ff4d700 <trace> Config:211 | Read config param storage.max_disk_buffer = 2000
2016-03-12 02:17:05.817487 0x00007f4b9ff4d700 <trace> DbConnection:149 | Setting SQLite cache_size = 38867968 bytes
2016-03-12 02:17:05.819601 0x00007f4b9ff4d700 <debug> ParserManager:237 | There isn't any <parser> section in the configuration. Only built in parsers are enabled.
2016-03-12 02:17:05.819637 0x00007f4b9ff4d700 <trace> AgentDaemon:414 | Configuring collectors...
2016-03-12 02:17:05.819688 0x00007f4b9ff4d700 <trace> EventCollector:22 | ConfigureAndStart invoked for collector: filelog
2016-03-12 02:17:05.819739 0x00007f4b9ff4d700 <trace> EventCollector:47 | Configuring filelog
2016-03-12 02:17:05.822350 0x00007f4b9ff4d700 <trace> EventCollector:49 | Configuration of filelog is done
2016-03-12 02:17:05.822377 0x00007f4b9ff4d700 <trace> EventCollector:56 | Starting filelog
2016-03-12 02:17:05.829143 0x00007f4b9ef4b700 <trace> Logger:188 | Thread "ThreadPool" has id 0x7f4b9ef4b700
2016-03-12 02:17:06.335111 0x00007f4b9ff4d700 <trace> FLogCollector:206 | Subscribed to channel <bro>.
2016-03-12 02:17:06.341409 0x00007f4b9cf47700 <trace> Logger:188 | Thread "FLogThreadPool" has id 0x7f4b9cf47700
2016-03-12 02:17:06.343425 0x00007f4b9df49700 <trace> Logger:188 | Thread "FLogThreadPool" has id 0x7f4b9df49700
2016-03-12 02:17:06.350086 0x00007f4b9d748700 <trace> Logger:188 | Thread "FLogThreadPool" has id 0x7f4b9d748700
2016-03-12 02:17:06.350191 0x00007f4b9ff4d700 <trace> EventCollector:59 | Started filelog
2016-03-12 02:17:06.350206 0x00007f4b9ff4d700 <trace> AgentDaemon:419 | Configuring transport...
2016-03-12 02:17:06.350216 0x00007f4b9ff4d700 <trace> Config:263 | Read config param server.proto = cfapi
2016-03-12 02:17:06.350227 0x00007f4b9ff4d700 <trace> AgentDaemon:273 | Creating cfapi transport
2016-03-12 02:17:06.350277 0x00007f4b9ff4d700 <trace> Config:263 | Read config param server.hostname = 192.168.88.89
2016-03-12 02:17:06.350300 0x00007f4b9ff4d700 <trace> Config:305 | Read config param server.ssl = no
2016-03-12 02:17:06.350364 0x00007f4b9ff4d700 <trace> Config:211 | Read config param server.port = 9000
2016-03-12 02:17:06.350377 0x00007f4b9ff4d700 <trace> Config:211 | Read config param server.reconnect = 30
2016-03-12 02:17:06.350415 0x00007f4b9ff4d700 <debug> CFApiTransportB:126| Host to connect: 192.168.88.89:9000
2016-03-12 02:17:06.753040 0x00007f4b8ffff700 <trace> Logger:188 | Thread "FLogThreadPool" has id 0x7f4b8ffff700
2016-03-12 02:17:06.775499 0x00007f4b9ff4d700 <trace> AgentDaemon:423 | Starting transport...
2016-03-12 02:17:06.775620 0x00007f4b9ff4d700 <trace> AgentDaemon:444 | AgentDaemon configured successfully
2016-03-12 02:17:06.775653 0x00007f4b9ff4d700 <trace> AgentDaemon:376 | AgentDaemon started successfully
2016-03-12 02:17:06.780105 0x00007f4b8f7fe700 <trace> Logger:188 | Thread "CFApiTransport" has id 0x7f4b8f7fe700
2016-03-12 02:17:06.780143 0x00007f4b8f7fe700 <trace> CFApiTransport:128 | Connecting to server 192.168.88.89:9000
2016-03-12 02:17:06.784716 0x00007f4b8f7fe700 <debug> CurlConnection:731 | CONNECT http://192.168.88.89:9000
2016-03-12 02:17:06.787202 0x00007f4b8f7fe700 <trace> CFApiTransport:148 | Connection successfully established
2016-03-12 02:17:07.236851 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}
2016-03-12 02:17:07.236962 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c
2016-03-12 02:17:07.264824 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200
2016-03-12 02:17:07.264884 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e
2016-03-12 02:17:07.264894 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...
2016-03-12 02:17:36.787122 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...
2016-03-12 02:17:37.332827 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","vers
Everything looks good -- what is in directory=/data/bro/logs/2015-03-04. I see the include is commented out so only *.log and *.txt files will be collected. Are you sure new events are being written to file(s) in this directory that end in .log or .txt?
It is a directory I created with a bunch of different .log files that Bro has generated. New events are not being written to that directory. I am guessing that is a problem...
I would like to have these Bro logs shipped off to LogInsight as I add them.
Ah! Yes, the agent is for real-time collection of events. If no new events are being written then it will not work. If you want to collect logs that were previously generated you should use the Log Insight Importer which was released with LI 3.3. I hope this helps!
I can easily, delete the existing .log files and scp them back into that directory if that is helpful. If this works I am very interested in creating a public Content Pack for BroIDS. Most people currently use the ELK stack, but I think LogInisight has the potential to add something special.
Well if you have "file1.log" in that directory and you copy it to "file1-copy.log" then the agent should pick up the file in its entirety -- note this is technically not supported so your mileage may vary. The importer -- which is another free utility -- supports collecting old logs and basically uses the same liagent.ini configuration file you created.
http://my.vmware.com/group/vmware/info?slug=infrastructure_operations_management/vmware_vrealize_log... -> Go to Downloads -> Select the Importer for Windows (MSI) or Linux (RPM, DEB or just the binary).
This is what I am getting when I try to download "VMware vRealize Log Insight 3.3.0 - Linux Importer 32/64-bit (RPM)":
You either are not entitled or do not have permissions to download this product.
Check with your My VMware Super User, Procurement Contact or Administrator.
If you recently purchased this product through VMware Store or through a third-party, try downloading later.
I using VMUG Advantage license.
Yuck. Please try the agent workaround I suggested above -- it should work for now. I will look into the importer entitlement.