5 Replies Latest reply on Aug 22, 2018 8:31 AM by daphnissov

    Duplicate entrys

    dgreebe Novice

      Hi all,

       

      I use LogInsight for my Windows-servers to receive the Windows events, but I see that all my events are duplicate

       

      For example;

      My Windows

       

      Loginsight:

       

       

      As you maybe can see, everything is the same in Loginsight so its 100% duplicate.

       

      I have no idea how that comes and how I can fix that.

        • 1. Re: Duplicate entrys
          daphnissov Guru
          vExpertCommunity Warriors

          Can you show what your agent group definition looks like for this host? What version of vRLI and agent are you using?

          • 2. Re: Duplicate entrys
            dgreebe Novice

            Using the lastest version of RLI on every agent, 4.6.1.8587550

            My agent groups are setup like;

             

            - Windows servers: (based on OS)

            -- Getting Windows event logs

             

            - Webservers (based on name)

            -- Getting IIS Logs.

             

            I've checked if I have set up multiple times the event logs like Windows servers which are Webservers also, but don't do that...

             

            On this particular host:

            because its a windows server also;

             

            As you see, no duplicates in receiving Event logs

             

            I also checked other Windows VM's if they have the same issue and they also have the same issue.

            All duplicate.

            • 3. Re: Duplicate entrys
              daphnissov Guru
              vExpertCommunity Warriors

              Do your non-Windows VMs not have this problem? Look at the agent logs on one of those Windows servers. Anything there indicate duplicate events? Wondering if duplicates are actually being sent or if this is a duplicate display issue at the vRLI server side.

              • 4. Re: Duplicate entrys
                dgreebe Novice

                Also an Ubuntu VM has duplicate entry's.

                I checked on that Ubuntu VM and I only see 1 entry in the that specific log

                 

                Looking at the LOG of LiAgent and I see on the Ubuntu VM:

                 

                2 server-sections.... hmm... thats interesting because I know why that is....

                 

                In the Logagent-config

                 

                I though I should see something like SERVER2, because I do have that in my Windows and that is because I've set that up in my agent group;

                 

                 

                I did that because I want to use CAFI-protocol, but I don't have yet valid SSL certificates.
                By using this SERVER2 setting, I have the option
                I also tried to rename SERVER2 to SERVER but that won't work because server already exists.
                So this all kind be the cause of my duplicate entry's, but can you tel me how I can go arround the issue with my invalid SSL certificates ?
                The loginsight-server itself has a valid SSL certificate but my VM's not.
                • 5. Re: Duplicate entrys
                  daphnissov Guru
                  Community WarriorsvExpert

                  So then that's likely the cause. If you don't have the SSL cert trusted on the node sending logs, then no point in using SSL. So you need just a single host defined because otherwise it's duplicating those messages.