VMware Cloud Community
dgreebe
Contributor
Contributor
‎08-22-2018 07:36 AM
Jump to solution

Duplicate entrys

Hi all,

I use LogInsight for my Windows-servers to receive the Windows events, but I see that all my events are duplicate

For example;

My Windows

pastedImage_0.png

Loginsight:

pastedImage_1.png

As you maybe can see, everything is the same in Loginsight so its 100% duplicate.

I have no idea how that comes and how I can fix that.

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
‎08-22-2018 08:31 AM
Jump to solution

So then that's likely the cause. If you don't have the SSL cert trusted on the node sending logs, then no point in using SSL. So you need just a single host defined because otherwise it's duplicating those messages.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

View solution in original post

Reply
0 Kudos
5 Replies
daphnissov
Immortal
Immortal
‎08-22-2018 07:46 AM
Jump to solution

Can you show what your agent group definition looks like for this host? What version of vRLI and agent are you using?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
dgreebe
Contributor
Contributor
‎08-22-2018 07:56 AM
Jump to solution

Using the lastest version of RLI on every agent, 4.6.1.8587550

My agent groups are setup like;

- Windows servers: (based on OS)

-- Getting Windows event logs

- Webservers (based on name)

-- Getting IIS Logs.

I've checked if I have set up multiple times the event logs like Windows servers which are Webservers also, but don't do that...

On this particular host:

pastedImage_0.png

because its a windows server also;

pastedImage_2.png

As you see, no duplicates in receiving Event logs

I also checked other Windows VM's if they have the same issue and they also have the same issue.

All duplicate.

Reply
0 Kudos
daphnissov
Immortal
Immortal
‎08-22-2018 08:12 AM
Jump to solution

Do your non-Windows VMs not have this problem? Look at the agent logs on one of those Windows servers. Anything there indicate duplicate events? Wondering if duplicates are actually being sent or if this is a duplicate display issue at the vRLI server side.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
dgreebe
Contributor
Contributor
‎08-22-2018 08:26 AM
Jump to solution

Also an Ubuntu VM has duplicate entry's.

I checked on that Ubuntu VM and I only see 1 entry in the that specific log

Looking at the LOG of LiAgent and I see on the Ubuntu VM:

pastedImage_0.png

2 server-sections.... hmm... thats interesting because I know why that is....

In the Logagent-config

pastedImage_2.png

I though I should see something like SERVER2, because I do have that in my Windows and that is because I've set that up in my agent group;

pastedImage_3.png

I did that because I want to use CAFI-protocol, but I don't have yet valid SSL certificates.
By using this SERVER2 setting, I have the option
pastedImage_4.png
I also tried to rename SERVER2 to SERVER but that won't work because server already exists.
So this all kind be the cause of my duplicate entry's, but can you tel me how I can go arround the issue with my invalid SSL certificates ?
The loginsight-server itself has a valid SSL certificate but my VM's not.
Reply
0 Kudos
daphnissov
Immortal
Immortal
‎08-22-2018 08:31 AM
Jump to solution

So then that's likely the cause. If you don't have the SSL cert trusted on the node sending logs, then no point in using SSL. So you need just a single host defined because otherwise it's duplicating those messages.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos