Good morning. I have recently installed LI and placed the pack for AD in the framework.
the only steps i have seen for installation are to add these lines to the liagent config
[winlog|DirectoryService]
channel=Directory Service
[winlog|DNS_Server]
channel=DNS Server
[winlog|DFS_Replication]
channel=DFS Replication
Actually i used the agent config portion of LI to push this config. There is no liagent file anywhere on the install.
ver 2.5 ga
pack file :active-directory-1.2.201407301311
What am i missing? The only pieces of data are security. No Ntds or DNS etc.
Thanks
If you have the above configuration then it is just a matter of time and events. Ensure the time range on the dashboards page is greater than the last 5 minutes and ensure changes are happening on your domain controllers. You could also go to /contentpack, select AD, go to extracted fields, select an extracted field name which will bring you to IA and query over the last 7 days do see if you get any results.
Thanks for replying. Odd as this thing was on for a week with no ntds and dns activity. our config has multiple DC's and there should be info within an hour.
Go to IA and add filter for channel contains dns* over all time. Do you get any results?
Nothing there.
forgive my ignorance here as I am a newbie with LI. Just some more info that might help my understanding.
Just for giggles i rebooted the 2 servers with agents. What i learned is that from IA i can see some dns, and no dfs info.
the initial question is prompted from the dashboards. I have verified that simple tasks such as dns server off and on do show up in IA. within the dash, and a custom time range of 10 days, i get no dns data (dns* filter)
Either way.. my nose is now in the docs.
Were you able to get this sorted out?
to some extent.
i have the basics for esxi, vcenter and windows systems. the AD and view components are escaping me.
It truly seems simple when editing the ini files. I thought that it may have something to do with security settings for AD.
I can view logs and search etc... but some stuff isnt behaving as i expect. That doesnt mean that its supposed to ![]()
from the AD pack, i can see security logs but nothing else still. There was an error in regard to parsing but that has been fixed as well.
Thanks so much by the way.
SO... i just noticed that the AD pack was for 2010. my functionality 2008r2 is there a pack or means to get it communicating with the logs?
Hmm, not sure if logs are version specific, but that might be the issue... I am not aware of a 2008 specific AD content pack. I would be surprised if the 2010+ one did not at least partially work, but I guess it is possible.
I find it odd that 2008r2 isnt supported, being that most of the world is still on it ![]()
it does partially work. the 2 security logs work. No NTDS and Replication which figures since it is what i wanted to work.
In regard to view... just point them to vds doesnt seem to work, but the vsphere has no issues... is there a trick there?
If you want me to send a different post for that i can.
Thanks again.
"In regard to view... just point them to vds doesnt seem to work, but the vsphere has no issues... is there a trick there?"
Sorry, not sure I follow. Can you elaborate?
following the instructions...
Tech Specs
Using the Log Insight Windows Agent, which is available for download from the Log Insight Administration --> Agents page, use this liagent.ini configuration:
[filelog|ViewMain]
directory=C:\ProgramData\VMware\VDM\logs
include=log-*.txt;debug-*.txt;pcoip_agent*.txt;pcoip_server*.txt
exclude=pcoip_perf*.txt;v4v*.log;wsnm_starts.txt
Make sure that agent is installed on the base image so that it runs on each View desktop, plus it should be installed on all the other servers as well including: ALL connection, security, & composer servers.
yields nothing.
Ah, yes separate. Let's close this one and open a new one. When you say nothing, you mean all dashboards return no results?
