Re: Log Insight for vCenter Questions

TanyaVM · ‎03-17-2016

I just deployed Log Insight for vCenter and have a few questions.

1. I realized that I did not have reverse DNS entries for some of my hosts. This caused my OSI count to increase. Is there a way to delete the older log entries so I can stay compliant? I'm concerned that it will stop accepting logs if I go over 25, when in reality, I have about 18 OSI.

2. What is the default retention setting and how can we change it?

3. Does it automatically rotate/purge logs when we reach fill up the storage retention?

Thanks.

sflanders · ‎03-17-2016

1. It is a daily average so OSI will get fixed automatically. Also LI will continue to work event if over limit -- you will just see a warning. There is no way to delete, once the data is retired (rotates out) it will automatically get removed

2. 1 month, see /admin/general

3. Yes

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

TanyaVM · ‎03-17-2016

Regarding the retention question #2, under Admin | General is the "Retention Notification Threshold" which by default will "Send a notification when capacity drops below 1 month of data in the system". I'm interpreting this as just a notification, but not a setting of what my retention period is. If I'm not ingesting several logs, I won't hit that threshold for several months and based on this, it appears the retention is based on the size of the storage. I guess I should have clarified my question more - What if I wanted to rotate out logs every 24 hours, where is that setting?

Thanks again!

admin · ‎03-17-2016

You're correct - retention is based on storage space in Log Insight today. Date-based retention controls are under consideration - please see this feature request: http://loginsight.vmware.com/a/dtd/Variable-retention-periods/8997-24427

All

Log Insight for vCenter Questions