VMware Cloud Community
virtech
Expert
Expert
‎03-30-2016 04:28 PM
Jump to solution

Log Insight Event Channel Logging - Default Behavior

Once a Windows Server has a Log Insight Agent deployed and configured and the System, Application and Security channels are being monitored does it send every event generated on the server back to Log Insight?  My assumption is yes, however for some events generated on the server I can't find these in a search on the log Insight Server.

0 Kudos
1 Solution

Accepted Solutions
sflanders
Commander
Commander
‎03-31-2016 07:53 AM
Jump to solution

As Yogita mentioned, it is all by default. If you believe messaging are missing, have a look at the /admin/agents page to see if any drops are being reported.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===

View solution in original post

0 Kudos
4 Replies
admin
Immortal
Immortal
‎03-30-2016 04:42 PM
Jump to solution

You can add a tag in the liagent.ini file something like:

[winlog|custom]

channel=Custom

tags={"ChannelDescription": "Events testing channel"}

To the channels of interest to you and filter on these tags in Interactive Analytics to check if you are receiving the logs from these channels.

More info here - VMware vRealize Log Insight

0 Kudos
virtech
Expert
Expert
‎03-30-2016 04:47 PM
Jump to solution

Hi thanks, aware of that 😉  My question was more around the default behaviour of the System, App & Security channels. I'm assuming all events get sent (unless filtered) to Log Insight. I'm just not seeing them in Interactive Analytics, thus the query.

0 Kudos
admin
Immortal
Immortal
‎03-30-2016 04:51 PM
Jump to solution

Yes they should all be there, I suggested tags to help narrow down the search when you look in Interactive Analytics, tags will allow to reduce the noise or the events that you do not need to see. Also check if your user name has any roles with data sets attached to it which might be filtering them out for you and hence you don't see it in Interactive analytics.

0 Kudos
sflanders
Commander
Commander
‎03-31-2016 07:53 AM
Jump to solution

As Yogita mentioned, it is all by default. If you believe messaging are missing, have a look at the /admin/agents page to see if any drops are being reported.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
0 Kudos