VMware Cloud Community
kevinkeeneyjr
Contributor
Contributor
Jump to solution

Trying to Collect Events from a Log File and Linux Agent installed and working - need some help.

I have modified liagent.ini per documentation...as I understand it...in fact I have modified it so many times my eyes hurt. Smiley Happy

Here it is:

; VMware Log Insight Agent configuration. Please save as UTF-8 if you use non-ASCII names / values !

; Actual configuration is this file joined with settings from server to form liagent-effective.ini

; Note: Restarting the agent is not required after making a configuration change

; Note: It may be more efficient to configure from server's Agents page !

[server]

hostname=192.168.88.89

; Hostname or IP address of your Log Insight server / cluster load balancer. Default:

;hostname=LOGINSIGHT

; Protocol can be cfapi (Log Insight REST API), syslog. Default:

proto=cfapi

; Log Insight server port to connect to. Default ports for protocols (all TCP):

; syslog: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default:

port=9000

; SSL usage. Default:

ssl=no

; Example of configuration with trusted CA:

;ssl=yes

;ssl_ca_path=/etc/pki/tls/certs/ca.pem

; Time in minutes to force reconnection to the server.

; This option mitigates imbalances caused by long-lived TCP connections. Default:

reconnect=30

[logging]

; Logging verbosity: 0 (no debug messages), 1 (essentials), 2 (verbose with more impact on performance).

; This option should always be 0 under normal operating conditions. Default:

debug_level=1

[storage]

; Max local storage usage limit (data + logs) in MBs. Valid range: 100-2000 MB.

max_disk_buffer=2000

; Uncomment the appropriate section to collect system logs

; The recommended way is to enable the Linux content pack from LI server

[filelog|bro]

directory=/data/bro/logs/2015-03-04

;include=*.log

parser=auto



I have created a support pack, should I post it here?


Message was edited by: kevinkeeneyjr I added a screenshot of the Agents status

Message was edited by: kevinkeeneyjr Added liagent.ini

Labels (1)
Tags (2)
1 Solution

Accepted Solutions
sflanders
Commander
Commander
Jump to solution

Ah! Yes, the agent is for real-time collection of events. If no new events are being written then it will not work. If you want to collect logs that were previously generated you should use the Log Insight Importer which was released with LI 3.3. I hope this helps!

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

View solution in original post

Reply
0 Kudos
15 Replies
sflanders
Commander
Commander
Jump to solution

Hey -- sorry to hear you are having trouble. Yes, can you attach a client-side support bundle (where the agent is running).

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
kevinkeeneyjr
Contributor
Contributor
Jump to solution

I have liagent running on a CentOS box inside VMware fusion.  I have LogInsight also running on VMware fusion.

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Cool and config looks good -- need liagent logs to see what the issue is.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
kevinkeeneyjr
Contributor
Contributor
Jump to solution

    Agent Up Time 02:45:00.015000

    Observed Events : 0 (total events seen for all log sources since Agent started or changed server)

    Collected Events: 0 (=Observed-Dropped)

    Sent Events     : 0 (delivered to destination server)

    Dropped Events  : 0 (dropped due to local storage overflow or rejected by the server)

    Collection State: Collecting

    Sending Rate    : 0.00 EPS (average for last minute)

    DB File Size    : 64,512 bytes

    CPU Usage       : 0.1% (average for last 900 seconds, from total available of 100%)

    Connection      : cfapi://192.168.88.89:9000

    Hostname (FQDN) : centos-fusion.keeney.local

    Disk Space Used : 885,376 bytes

    Machine UID     : 564d0b22-b6cd-300c-55a1-e7f15ee9067c

    Agent UID       : 564d0b22-b6cd-300c-55a1-e7f15ee9067c

    Performance Counters ------------------------------ For Last 900 seconds ------------------------    -------------------------- Cumulative ---------------------------

                                             count     min(us)     max(us)     avg(us)      total(us)         count      min(us)      max(us)      avg(us)       total(us)

    CFAPI Status Request                        30       3,891     623,362      29,294        878,831           330        3,403   30,404,566      131,062      43,250,626

    Internal Debug Counters -------------------------------------------------------------------------    -----------------------------------------------------------------

    CurlConnection::RequestMethod               31         592     623,280      28,289        876,972           336          592   30,404,501      128,696      43,241,956

    CurlData::PerformRequest::Transfer          31         494     623,171      28,109        871,388           336          470   30,404,384      128,496      43,174,761

    DbConnection::GetDbSize                      0                       0           0              0             2            1           89           45              90

    DbConnection::GetFreeSpaceSize           8,892          14         220          33        301,781        98,159           11        1,633           33       3,247,342

    DbStorage::CheckAndCommit                    0                       0           0              0             3            0            0            0               0

    DbStorage::CheckDb                           0                       0           0              0             1       19,000       19,000       19,000          19,000

    DbStorage::CheckVersionAndUpgrade            0                       0           0              0             1       27,828       27,828       27,828          27,828

    DbStorage::CommitChanges                     0                       0           0              0             2            9           50           29              59

    DbStorage::GetBookmark                       0                       0           0              0             1           56           56           56              56

    DbStorage::GetBookmarks                      0                       0           0              0             1          375          375          375             375

    DbStorage::StoreBookmark                     0                       0           0              0             1          416          416          416             416

    DbStorage_Maintenance                    8,892          15         221          35        312,770        98,209            0        1,634           34       3,366,101

    -------------------------------------------------------------------------------------------------    -----------------------------------------------------------------

2016-03-12 05:02:08.998955 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:02:10.309436 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:02:10.309676 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:02:10.314751 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:02:10.314824 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:02:10.314840 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:02:38.999220 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:02:39.445366 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:02:39.445529 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:02:39.449827 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:02:39.449893 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:02:39.449907 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:03:08.999492 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:03:09.364742 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:03:09.364928 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:03:09.369868 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:03:09.369937 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:03:09.369952 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:03:38.999642 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:03:39.645262 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:03:39.645394 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:03:39.709669 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:03:39.709728 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:03:39.709739 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:04:09.000260 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:04:09.617125 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:04:09.617251 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:04:09.621301 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:04:09.621350 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:04:09.621363 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:04:39.001672 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:04:39.403950 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:04:39.404116 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:04:39.409202 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:04:39.409268 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:04:39.409283 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:05:09.002443 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:05:09.408857 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:05:09.409034 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:05:09.413940 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:05:09.414007 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:05:09.414024 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:05:39.003326 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:05:39.481036 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:05:39.481203 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:05:39.485971 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:05:39.486041 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:05:39.486056 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:06:09.003508 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:06:09.531529 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:06:09.531692 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:06:09.536726 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:06:09.536840 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:06:09.536868 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:06:39.003994 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:06:39.490513 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:06:39.490661 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:06:39.495358 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:06:39.495434 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:06:39.495451 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:07:09.005873 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:07:14.249434 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:07:14.249600 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:07:14.254481 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:07:14.254552 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:07:14.254566 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:07:39.007866 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:07:39.435530 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:07:39.435658 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:07:39.439364 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:07:39.439428 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:07:39.439440 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:08:09.009196 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:08:09.571863 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:08:09.572025 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:08:09.577061 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:08:09.577132 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:08:09.577147 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:08:39.009582 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:08:44.238817 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:08:44.238997 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:08:44.244153 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:08:44.244219 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:08:44.244234 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:09:09.010185 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:09:09.644468 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:09:09.644630 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:09:09.650266 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:09:09.650337 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:09:09.650352 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:09:39.011251 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:09:39.816652 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:09:39.816839 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:09:39.821570 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:09:39.821652 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:09:39.821670 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:10:09.011913 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:10:09.311604 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:10:09.311766 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:10:09.316864 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:10:09.316935 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:10:09.316950 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:10:39.012969 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:10:44.773410 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:10:44.773589 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:10:44.778437 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:10:44.778510 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:10:44.778525 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:11:09.013882 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:11:09.743276 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:11:09.743392 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:11:09.747789 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:11:09.747842 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:11:09.747854 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:11:39.015256 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:11:39.980020 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:11:39.980143 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:11:39.983874 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:11:39.983949 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:11:39.983963 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:12:09.016276 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:12:09.777132 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:12:09.777297 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:12:09.781902 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:12:09.781968 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:12:09.781983 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:12:39.016199 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:12:39.923016 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:12:39.923179 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:12:39.928454 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:12:39.928533 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:12:39.928549 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:13:09.017844 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:13:09.503899 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:13:09.504065 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:13:09.509098 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:13:09.509165 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:13:09.509180 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:13:39.018873 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:13:39.499030 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:13:39.499150 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:13:39.503223 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:13:39.503282 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:13:39.503294 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:14:09.020115 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:14:09.650926 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:14:09.651091 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:14:09.655572 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:14:09.655642 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:14:09.655657 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:14:39.021113 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:14:39.632679 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:14:39.632867 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:14:39.648504 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:14:39.648599 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:14:39.648617 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:15:09.022908 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:15:09.377655 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:15:09.377788 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:15:09.381608 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:15:09.381675 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:15:09.381689 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:15:39.024243 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:15:39.419300 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:15:39.419463 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:15:39.425051 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:15:39.425119 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:15:39.425132 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 05:16:09.025419 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 05:16:09.500408 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 05:16:09.500575 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 05:16:09.505279 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 05:16:09.505350 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 05:16:09.505365 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

[root@centos-fusion loginsight-agent]#

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

I need the top 100 lines from the newest log file -- unfortunately the end of the file does not help.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
kevinkeeneyjr
Contributor
Contributor
Jump to solution

2016-03-12 02:17:05.745015 0x00007f4ba1864740 <trace> AgentDaemon:133    | AgentDaemon start requested.

2016-03-12 02:17:05.745551 0x00007f4ba1864740 <trace>

    Agent Build     : 3.3.0.3516686

    Start Time      : 2016-03-12 02:17:05.745515

    Running as user : root

    Our Process ID  : 1529

    Executable Path : /usr/lib/loginsight-agent/bin64/liagent

    Operating System: CentOS Linux 7 (Core)  x86_64

2016-03-12 02:17:05.745776 0x00007f4ba1864740 <trace> AgentDaemon:96     | Boost version: 1.55.0

2016-03-12 02:17:05.745787 0x00007f4ba1864740 <trace> AgentDaemon:105    | OpenSSL version: OpenSSL 1.0.1q 3 Dec 2015, SSLv3: disabled

2016-03-12 02:17:05.748021 0x00007f4ba1864740 <trace> AgentDaemon:124    | Curl version: 7.40.0 Supported features: IPv6, TLS, Unix domain sockets

2016-03-12 02:17:05.748041 0x00007f4ba1864740 <trace> AgentDaemon:126    | SQLite version: 3.8.10.1

2016-03-12 02:17:05.748051 0x00007f4ba1864740 <trace> AgentDaemon:149    | Data directory: "/var/lib/loginsight-agent"

2016-03-12 02:17:05.748225 0x00007f4ba1864740 <trace> DbConnection:34    | Opening database file /var/lib/loginsight-agent/storage/liagent.db

2016-03-12 02:17:05.760867 0x00007f4ba1864740 <trace> DbConnection:104   | Locking db for exclusive usage.

2016-03-12 02:17:05.767175 0x00007f4ba1864740 <trace> DbConnection:51    | Database "/var/lib/loginsight-agent/storage/liagent.db" opened successfully

2016-03-12 02:17:05.769179 0x00007f4ba1864740 <trace> AgentDaemon:159    | Starting AgentDaemon configuration thread

2016-03-12 02:17:05.779251 0x00007f4b9ff4d700 <trace> Logger:188         | Thread "AgentDaemon Main" has id 0x7f4b9ff4d700

2016-03-12 02:17:05.779306 0x00007f4b9ff4d700 <trace> AgentDaemon:319    | AgentDaemon main thread started

2016-03-12 02:17:05.788217 0x00007f4b9ff4d700 <trace> DbStorage:296      | Checking database integrity...

2016-03-12 02:17:05.807174 0x00007f4b9ff4d700 <trace> DbStorage:334      | Database integrity check done.

2016-03-12 02:17:05.807432 0x00007f4b9ff4d700 <trace> DbStorage:137      | DbStorage stored event id's: min = 0, max = 0

2016-03-12 02:17:05.807574 0x00007f4b9ff4d700 <trace> AgentDaemon:328    | Agent UID:564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 02:17:05.807600 0x00007f4b9ff4d700 <trace> AgentDaemon:354    | Reading configuration received from server. Hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 02:17:05.811189 0x00007f4b9ff4d700 <trace> Config:129         | Reading configuration from: /var/lib/loginsight-agent/liagent.ini

2016-03-12 02:17:05.814393 0x00007f4b9f74c700 <trace> Logger:188         | Thread "DbStorage Maintenance" has id 0x7f4b9f74c700

2016-03-12 02:17:05.814444 0x00007f4b9f74c700 <trace> DbStorage:556      | DbStorage maintenance thread started.

2016-03-12 02:17:05.817107 0x00007f4b9ff4d700 <trace> Config:101         | The current effective configuration is dumped into file /var/lib/loginsight-agent/liagent-effective.ini

2016-03-12 02:17:05.817355 0x00007f4b9ff4d700 <trace> Config:211         | Read config param logging.debug_level = 1

2016-03-12 02:17:05.817419 0x00007f4b9ff4d700 <trace> AgentDaemon:389    | AgentDaemon Configuring...

2016-03-12 02:17:05.817427 0x00007f4b9ff4d700 <trace> AgentDaemon:394    | Configuring queue...

2016-03-12 02:17:05.817438 0x00007f4b9ff4d700 <trace> Config:211         | Read config param storage.max_disk_buffer = 2000

2016-03-12 02:17:05.817487 0x00007f4b9ff4d700 <trace> DbConnection:149   | Setting SQLite cache_size = 38867968 bytes

2016-03-12 02:17:05.819601 0x00007f4b9ff4d700 <debug> ParserManager:237  | There isn't any <parser> section in the configuration. Only built in parsers are enabled.

2016-03-12 02:17:05.819637 0x00007f4b9ff4d700 <trace> AgentDaemon:414    | Configuring collectors...

2016-03-12 02:17:05.819688 0x00007f4b9ff4d700 <trace> EventCollector:22  | ConfigureAndStart invoked for collector: filelog

2016-03-12 02:17:05.819739 0x00007f4b9ff4d700 <trace> EventCollector:47  | Configuring filelog

2016-03-12 02:17:05.822350 0x00007f4b9ff4d700 <trace> EventCollector:49  | Configuration of filelog is done

2016-03-12 02:17:05.822377 0x00007f4b9ff4d700 <trace> EventCollector:56  | Starting filelog

2016-03-12 02:17:05.829143 0x00007f4b9ef4b700 <trace> Logger:188         | Thread "ThreadPool" has id 0x7f4b9ef4b700

2016-03-12 02:17:06.335111 0x00007f4b9ff4d700 <trace> FLogCollector:206  | Subscribed to channel <bro>.

2016-03-12 02:17:06.341409 0x00007f4b9cf47700 <trace> Logger:188         | Thread "FLogThreadPool" has id 0x7f4b9cf47700

2016-03-12 02:17:06.343425 0x00007f4b9df49700 <trace> Logger:188         | Thread "FLogThreadPool" has id 0x7f4b9df49700

2016-03-12 02:17:06.350086 0x00007f4b9d748700 <trace> Logger:188         | Thread "FLogThreadPool" has id 0x7f4b9d748700

2016-03-12 02:17:06.350191 0x00007f4b9ff4d700 <trace> EventCollector:59  | Started filelog

2016-03-12 02:17:06.350206 0x00007f4b9ff4d700 <trace> AgentDaemon:419    | Configuring transport...

2016-03-12 02:17:06.350216 0x00007f4b9ff4d700 <trace> Config:263         | Read config param server.proto = cfapi

2016-03-12 02:17:06.350227 0x00007f4b9ff4d700 <trace> AgentDaemon:273    | Creating cfapi transport

2016-03-12 02:17:06.350277 0x00007f4b9ff4d700 <trace> Config:263         | Read config param server.hostname = 192.168.88.89

2016-03-12 02:17:06.350300 0x00007f4b9ff4d700 <trace> Config:305         | Read config param server.ssl = no

2016-03-12 02:17:06.350364 0x00007f4b9ff4d700 <trace> Config:211         | Read config param server.port = 9000

2016-03-12 02:17:06.350377 0x00007f4b9ff4d700 <trace> Config:211         | Read config param server.reconnect = 30

2016-03-12 02:17:06.350415 0x00007f4b9ff4d700 <debug> CFApiTransportB:126| Host to connect: 192.168.88.89:9000

2016-03-12 02:17:06.753040 0x00007f4b8ffff700 <trace> Logger:188         | Thread "FLogThreadPool" has id 0x7f4b8ffff700

2016-03-12 02:17:06.775499 0x00007f4b9ff4d700 <trace> AgentDaemon:423    | Starting transport...

2016-03-12 02:17:06.775620 0x00007f4b9ff4d700 <trace> AgentDaemon:444    | AgentDaemon configured successfully

2016-03-12 02:17:06.775653 0x00007f4b9ff4d700 <trace> AgentDaemon:376    | AgentDaemon started successfully

2016-03-12 02:17:06.780105 0x00007f4b8f7fe700 <trace> Logger:188         | Thread "CFApiTransport" has id 0x7f4b8f7fe700

2016-03-12 02:17:06.780143 0x00007f4b8f7fe700 <trace> CFApiTransport:128 | Connecting to server 192.168.88.89:9000

2016-03-12 02:17:06.784716 0x00007f4b8f7fe700 <debug> CurlConnection:731 | CONNECT http://192.168.88.89:9000

2016-03-12 02:17:06.787202 0x00007f4b8f7fe700 <trace> CFApiTransport:148 | Connection successfully established

2016-03-12 02:17:07.236851 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","version":"3.3.0.3516686","ip":"192.168.88.81","fqdn":"centos-fusion.keeney.local","config_hash":"d41d8cd98f00b204e9800998ecf8427e"}

2016-03-12 02:17:07.236962 0x00007f4b8f7fe700 <debug> CurlConnection:731 | PUT http://192.168.88.89:9000/api/v1/agent/status/564d0b22-b6cd-300c-55a1-e7f15ee9067c

2016-03-12 02:17:07.264824 0x00007f4b8f7fe700 <debug> CurlConnection:236 | Status response code: 200

2016-03-12 02:17:07.264884 0x00007f4b8f7fe700 <debug> CFApiTransport:334 | Received from server config hash = d41d8cd98f00b204e9800998ecf8427e

2016-03-12 02:17:07.264894 0x00007f4b8f7fe700 <debug> CFApiTransport:217 | ControlThreadFunc thread waiting...

2016-03-12 02:17:36.787122 0x00007f4b8f7fe700 <debug> CFApiTransport:203 | Take a moment to post status...

2016-03-12 02:17:37.332827 0x00007f4b8f7fe700 <debug> CurlConnection:224 | Stats data: {"stats_as_of":1457770625807,"sent_events":0,"dropped_events":0,"event_rate":0.0,"os":"CentOS Linux 7 (Core)","vers

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Everything looks good -- what is in directory=/data/bro/logs/2015-03-04. I see the include is commented out so only *.log and *.txt files will be collected. Are you sure new events are being written to file(s) in this directory that end in .log or .txt?

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
kevinkeeneyjr
Contributor
Contributor
Jump to solution

It is a directory I created with a bunch of different .log files that Bro has generated. New events are not being written to that directory.  I am guessing that is a problem... 

I would like to have these Bro logs shipped off to LogInsight as I add them. 

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Ah! Yes, the agent is for real-time collection of events. If no new events are being written then it will not work. If you want to collect logs that were previously generated you should use the Log Insight Importer which was released with LI 3.3. I hope this helps!

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos
kevinkeeneyjr
Contributor
Contributor
Jump to solution

I can easily, delete the existing .log files and scp them back into that directory if that is helpful.  If this works I am very interested in creating a public Content Pack for BroIDS.  Most people currently use the ELK stack, but I think LogInisight has the potential to add something special.

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Well if you have "file1.log" in that directory and you copy it to "file1-copy.log" then the agent should pick up the file in its entirety -- note this is technically not supported so your mileage may vary. The importer -- which is another free utility -- supports collecting old logs and basically uses the same liagent.ini configuration file you created.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
kevinkeeneyjr
Contributor
Contributor
Jump to solution

Is this the "Importer" you speak of?

/usr/lib/loginsight/application/bin/loginsight repository import Path-To-Archived-Log-Data-Folder

Reply
0 Kudos
admin
Immortal
Immortal
Jump to solution

http://my.vmware.com/group/vmware/info?slug=infrastructure_operations_management/vmware_vrealize_log... -> Go to Downloads -> Select the Importer for Windows (MSI) or Linux (RPM, DEB or just the binary).

kevinkeeneyjr
Contributor
Contributor
Jump to solution

This is what I am getting when I try to download "VMware vRealize Log Insight 3.3.0 - Linux Importer 32/64-bit (RPM)":

You either are not entitled or do not have permissions to download this product.

Check with your My VMware Super User, Procurement Contact or Administrator.

If you recently purchased this product through VMware Store or through a third-party, try downloading later.

I using VMUG Advantage license.

Reply
0 Kudos
sflanders
Commander
Commander
Jump to solution

Yuck. Please try the agent workaround I suggested above -- it should work for now. I will look into the importer entitlement.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===