eladbub's Posts

HI All , looking to add Filezilla log to lognisight i already installed an agent and made a new template to the server with config of [filelog|FTP_ZILLA] directory=C:\Program Files (x86)\Fi... See more...
HI All , looking to add Filezilla log to lognisight i already installed an agent and made a new template to the server with config of [filelog|FTP_ZILLA] directory=C:\Program Files (x86)\FileZilla Server\Logs include=*.log raw_syslog=no [logging] debug_level=1 pretty strait forwards logging : 106473) 8/8/2020 21:46:19 PM - automationvid (172.18.18.1)> CWD / (106473) 8/8/2020 21:46:19 PM - automationvid (172.18.18.1)> 250 CWD successful. "/" is current directory. (106473) 8/8/2020 21:46:19 PM - automationvid (172.18.18.1)> TYPE I (106473) 8/8/2020 21:46:19 PM - automationvid (172.18.18.1)> 200 Type set to I (106473) 8/8/2020 21:46:19 PM - automationvid (172.18.18.1)> PORT 172,18,18,1,139,181 (106473) 8/8/2020 21:46:19 PM - automationvid (172.18.18.1)> 200 Port command successful whats is the best why to configure this events on loginisght?
Hi, Have you try to open an SR on the issue?
HI; iv install lunix content pack on CEntos 6.1 . i know its not fully supported but i read a lot of threads that people have installed and succeeded. so i ran the bin package 1058  chmod +x ... See more...
HI; iv install lunix content pack on CEntos 6.1 . i know its not fully supported but i read a lot of threads that people have installed and succeeded. so i ran the bin package 1058  chmod +x VMware-Log-Insight-Agent-8.0.0-14743436_172.16.10.66.bin 1059  sudo SEVERHOST=loginisght.*.* ./VMware-Log-Insight-Agent-8.0.0-14743436_172.16.10.66.bin and the agent r running and visible to LI server. i added the Centos to the cloned profile "linux" and still logs dont come to the LI server this is my liagent.ini config: [server] hostname=172.16.10.66 ; Hostname or IP address of your Log Insight server / cluster load balancer. Default: hostname=LOGINSIGHT ; Protocol can be cfapi (Log Insight REST API), syslog, syslog_udp. Default: proto=cfapi ;proto=syslog ; Log Insight server port to connect to. Default ports for protocols: ; syslog and syslog_udp: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default: port=9000 ; SSL usage. Default: ;ssl=yes ; Example of configuration with trusted CA: ssl=no ;ssl_ca_path=/etc/pki/tls/certs/ca.pem ; Time in minutes to force reconnection to the server. ; This option mitigates imbalances caused by long-lived TCP connections. Default: reconnect=30 ; Allow the agent to receive central configuration from the server. ; If disabled, only agent-side configuration will be applied. Default: central_config=yes [logging] ; Logging verbosity: 0 (no debug messages), 1 (essentials), 2 (verbose with more impact on performance). ; This option should always be 0 under normal operating conditions. Default: debug_level=0 ; Frequency to print agent dynamic information in minutes. Default: ;stats_period=15 ; Allow the agent to automatically decrease dynamic information print period to 1 minute ; in case if agent abnormal performance is detected. ; If disabled, agent performance won't be monitored at all. Default: ;smart_stats=no [storage] ; Max local storage usage limit (data + logs) in MBs. Valid range: 100-2000 MB. max_disk_buffer=200 liagent centos log file: 2020-04-07 12:20:23.024779 0x00007f203c1fb720 <trace> AgentDaemon:113    | AgentDaemon start requested. 2020-04-07 12:20:23.024897 0x00007f203c1fb720 <trace>     Agent Build     : 8.0.0.14743436     Start Time      : 2020-04-07 12:20:23.024891     Running as user : root     Our Process ID  : 23221     Executable Path : /usr/lib/loginsight-agent/bin64/liagent     Operating System: CentOS release 6.10 (Final)  x86_64 2020-04-07 12:20:23.025126 0x00007f203c1fb720 <trace> LibVersionsInfo:138| Boost version: 1.60.0 2020-04-07 12:20:23.025138 0x00007f203c1fb720 <trace> LibVersionsInfo:138| Curl version: 7.65.3 Supported features: IPv6, TLS, Unix domain sockets 2020-04-07 12:20:23.025147 0x00007f203c1fb720 <trace> LibVersionsInfo:138| libgcc version: 4.9.4 20160222 (prerelease) 2020-04-07 12:20:23.025155 0x00007f203c1fb720 <trace> LibVersionsInfo:138| libstdc++ version: 4.9.4 20160222 (prerelease) 2020-04-07 12:20:23.025162 0x00007f203c1fb720 <trace> LibVersionsInfo:138| OpenSSL version: OpenSSL 1.0.2s-fips  28 May 2019 2020-04-07 12:20:23.025170 0x00007f203c1fb720 <trace> LibVersionsInfo:138| RapidJSON version: 1.0.2 2020-04-07 12:20:23.025178 0x00007f203c1fb720 <trace> LibVersionsInfo:138| SQLite version: 3.28.0 2020-04-07 12:20:23.025185 0x00007f203c1fb720 <trace> LibVersionsInfo:138| zlib version: 1.2.11 2020-04-07 12:20:23.027979 0x00007f203c1fb720 <trace> AgentDaemon:680    | OpenSSL FIPS mode is ON 2020-04-07 12:20:23.027999 0x00007f203c1fb720 <trace> AgentDaemon:131    | Data directory: "/var/lib/loginsight-agent" 2020-04-07 12:20:23.028031 0x00007f203c1fb720 <trace> DbConnection:34    | Opening database file /var/lib/loginsight-agent/storage/liagent.db 2020-04-07 12:20:23.028196 0x00007f203c1fb720 <trace> DbConnection:104   | Locking db for exclusive usage. 2020-04-07 12:20:23.028528 0x00007f203c1fb720 <trace> DbConnection:51    | Database "/var/lib/loginsight-agent/storage/liagent.db" opened successfully 2020-04-07 12:20:23.028725 0x00007f203c1fb720 <trace> AgentDaemon:147    | Starting AgentDaemon configuration thread 2020-04-07 12:20:23.028860 0x00007f203a063700 <trace> Logger:209         | Thread "AgentDaemon Main" has id 0x7f203a063700 2020-04-07 12:20:23.028902 0x00007f203a063700 <trace> AgentDaemon:279    | AgentDaemon main thread started 2020-04-07 12:20:23.028993 0x00007f203a063700 <trace> DbStorage:301      | Checking database integrity... 2020-04-07 12:20:23.029129 0x00007f203a063700 <trace> DbStorage:339      | Database integrity check done. 2020-04-07 12:20:23.029281 0x00007f203a063700 <trace> DbStorage:142      | DbStorage stored event id's: min = 0, max = 0 2020-04-07 12:20:23.029373 0x00007f2039662700 <trace> Logger:209         | Thread "DbStorage Maintenance" has id 0x7f2039662700 2020-04-07 12:20:23.029399 0x00007f2039662700 <trace> DbStorage:442      | DbStorage maintenance thread started. 2020-04-07 12:20:23.029456 0x00007f203a063700 <trace> AgentDaemon:286    | Agent UID:420143af-2839-13bf-2da5-e081e6a829ad 2020-04-07 12:20:23.029495 0x00007f203a063700 <trace> AgentDaemon:329    | Reading configuration received from server. Hash = 8eade4c2290919ab17d5854bf63bc7c9 2020-04-07 12:20:23.029534 0x00007f203a063700 <trace> Config:138         | Reading configuration from: /var/lib/loginsight-agent/liagent.ini 2020-04-07 12:20:23.029615 0x00007f203a063700 <warng> IniFileParser:163  | INI parser Error: duplicate key 'hostname' on line 10, ignoring line. 2020-04-07 12:20:23.029860 0x00007f203a063700 <trace> Config:331         | Read config param [server].central_config = yes 2020-04-07 12:20:23.029992 0x00007f203a063700 <trace> Config:109         | The current effective configuration is dumped into file /var/lib/loginsight-agent/liagent-effective.ini 2020-04-07 12:20:23.030054 0x00007f203a063700 <trace> Config:224         | Read config param [logging].debug_level = 0 2020-04-07 12:20:23.030069 0x00007f203a063700 <trace> AgentDaemon:393    | AgentDaemon Configuring... 2020-04-07 12:20:23.030080 0x00007f203a063700 <trace> Config:351         | Configuration key [update].auto_update is not specified. Using default: yes 2020-04-07 12:20:23.030104 0x00007f203a063700 <trace> AgentDaemon:399    | Auto update enabled... 2020-04-07 12:20:23.030119 0x00007f203a063700 <trace> UpdateHelper:324   | Starting Update helper 2020-04-07 12:20:23.030137 0x00007f203a063700 <trace> MessageListener:114| Starting update channel listener... 2020-04-07 12:20:23.030193 0x00007f203a063700 <trace> MessageListener:122| Update channel listener started successfully 2020-04-07 12:20:23.030214 0x00007f203a063700 <trace> Config:292         | Read config param [update].package_type = bin 2020-04-07 12:20:23.030232 0x00007f203a063700 <trace> Config:351         | Configuration key [update].auto_update is not specified. Using default: yes 2020-04-07 12:20:23.216494 0x00007f203a063700 <trace> UpdateHelper:339   | Update helper started successfully 2020-04-07 12:20:23.216560 0x00007f203a063700 <trace> AgentDaemon:421    | Reconfiguring update helper... 2020-04-07 12:20:23.216576 0x00007f203a063700 <trace> Config:292         | Read config param [update].package_type = bin 2020-04-07 12:20:23.216587 0x00007f203a063700 <trace> Config:351         | Configuration key [update].auto_update is not specified. Using default: yes 2020-04-07 12:20:23.216933 0x00007f203a063700 <trace> AgentDaemon:427    | Configuring Data Controllers... 2020-04-07 12:20:23.216971 0x00007f203a063700 <trace> Config:224         | Read config param [storage].max_disk_buffer = 200 2020-04-07 12:20:23.217013 0x00007f203a063700 <trace> DbConnection:150   | Setting SQLite cache_size = 8388608 bytes 2020-04-07 12:20:23.217034 0x00007f203a063700 <trace> AgentDaemon:560    | Events disk storage size limit set to 147571200 for <DEFAULT> server. 2020-04-07 12:20:23.217120 0x00007f203a063700 <trace> Config:302         | Configuration key [server].filter is not specified. Using default: {;.*;} 2020-04-07 12:20:23.217237 0x00007f203a063700 <trace> DataController:89  | Configuring collectors... 2020-04-07 12:20:23.217249 0x00007f203a063700 <trace> EventCollector:22  | ConfigureAndStart invoked for collector: filelog 2020-04-07 12:20:23.217329 0x00007f203a063700 <trace> EventCollector:47  | Configuring filelog 2020-04-07 12:20:23.217577 0x00007f203a063700 <trace> Config:331         | Read config param [filelog|com.linux.messages].enabled = yes 2020-04-07 12:20:23.217900 0x00007f203a063700 <trace> EventCollector:49  | Configuration of filelog is done 2020-04-07 12:20:23.217919 0x00007f203a063700 <trace> EventCollector:56  | Starting filelog 2020-04-07 12:20:23.218239 0x00007f202bfff700 <trace> Logger:209         | Thread "ThreadPool" has id 0x7f202bfff700 2020-04-07 12:20:23.218678 0x00007f203a063700 <warng> FLogCollectorEx:894| Currently there are no log files passing through the 'include'/'exclude' file name filter for channel <com.linux.auth>. 2020-04-07 12:20:23.218727 0x00007f203a063700 <trace> FLogCollectorEx:478| Subscribed to channel <com.linux.auth>. 2020-04-07 12:20:23.218798 0x00007f202b5fe700 <trace> Logger:209         | Thread "ThreadPool" has id 0x7f202b5fe700 2020-04-07 12:20:23.219234 0x00007f203a063700 <trace> FLogCollectorEx:478| Subscribed to channel <com.linux.messages>. 2020-04-07 12:20:23.219296 0x00007f202abfd700 <trace> Logger:209         | Thread "ThreadPool" has id 0x7f202abfd700 2020-04-07 12:20:23.219523 0x00007f203a063700 <warng> FLogCollectorEx:894| Currently there are no log files passing through the 'include'/'exclude' file name filter for channel <com.linux.syslog>. 2020-04-07 12:20:23.219550 0x00007f203a063700 <trace> FLogCollectorEx:478| Subscribed to channel <com.linux.syslog>. 2020-04-07 12:20:23.219609 0x00007f202a1fc700 <trace> Logger:209         | Thread "ThreadPool" has id 0x7f202a1fc700 2020-04-07 12:20:23.219964 0x00007f203a063700 <trace> FLogCollectorEx:478| Subscribed to channel <com.linux.maillog>. 2020-04-07 12:20:23.220355 0x00007f2028dfa700 <trace> Logger:209         | Thread "FLogThreadPool" has id 0x7f2028dfa700 2020-04-07 12:20:23.220417 0x00007f200ffff700 <trace> Logger:209         | Thread "FLogThreadPool" has id 0x7f200ffff700 2020-04-07 12:20:23.220490 0x00007f203a063700 <trace> EventCollector:59  | Started filelog 2020-04-07 12:20:23.220512 0x00007f200ebfd700 <trace> Logger:209         | Thread "FLogThreadPool" has id 0x7f200ebfd700 2020-04-07 12:20:23.220524 0x00007f203a063700 <trace> EventCollector:22  | ConfigureAndStart invoked for collector: journaldlog 2020-04-07 12:20:23.220484 0x00007f200f5fe700 <trace> Logger:209         | Thread "FLogThreadPool" has id 0x7f200f5fe700 2020-04-07 12:20:23.220534 0x00007f203a063700 <trace> EventCollector:47  | Configuring journaldlog 2020-04-07 12:20:23.220563 0x00007f203a063700 <warng> JournaldCollecto:60| Cannot find any section <journaldlog> in the configuration. The journaldlog collector will stay dormant. 2020-04-07 12:20:23.220572 0x00007f203a063700 <trace> EventCollector:49  | Configuration of journaldlog is done 2020-04-07 12:20:23.220578 0x00007f203a063700 <trace> EventCollector:56  | Starting journaldlog 2020-04-07 12:20:23.220586 0x00007f203a063700 <trace> EventCollector:59  | Started journaldlog 2020-04-07 12:20:23.220592 0x00007f203a063700 <trace> DataController:101 | Configuring transport... 2020-04-07 12:20:23.220601 0x00007f203a063700 <trace> Config:292         | Read config param [server].proto = cfapi 2020-04-07 12:20:23.220609 0x00007f203a063700 <trace> DataController:167 | Creating cfapi transport 2020-04-07 12:20:23.220622 0x00007f203a063700 <trace> Config:292         | Read config param [server].hostname = 172.16.10.66 2020-04-07 12:20:23.220633 0x00007f203a063700 <trace> Config:339         | Read config param [server].ssl = no 2020-04-07 12:20:23.220655 0x00007f203a063700 <trace> Config:224         | Read config param [server].port = 9000 2020-04-07 12:20:23.220667 0x00007f203a063700 <trace> Config:224         | Read config param [server].reconnect = 30 2020-04-07 12:20:23.220675 0x00007f203a063700 <trace> Config:351         | Configuration key [server].compress is not specified. Using default: yes 2020-04-07 12:20:23.220684 0x00007f203a063700 <trace> Config:331         | Read config param [server].central_config = yes 2020-04-07 12:20:23.227064 0x00007f203a063700 <trace> DataController:105 | Starting transport... 2020-04-07 12:20:23.227229 0x00007f203a063700 <trace> AgentDaemon:431    | AgentDaemon configured successfully 2020-04-07 12:20:23.227245 0x00007f203a063700 <trace> AgentDaemon:380    | AgentDaemon started successfully 2020-04-07 12:20:23.227215 0x00007f200e1fc700 <trace> Logger:209         | Thread "CFApiTransport" has id 0x7f200e1fc700 2020-04-07 12:20:23.227325 0x00007f200e1fc700 <trace> CFApiTransport:130 | Connecting to server 172.16.10.66:9000 2020-04-07 12:20:23.228001 0x00007f200e1fc700 <trace> CFApiTransport:152 | Connection to 172.16.10.66:9000 successfully established 2020-04-07 12:20:23.313472 0x00007f2038c61700 <trace> MessageListener:75 | Started listening to the update channel: /var/lib/loginsight-agent/update.dat please advice. Regards; Elad
fount the instruction here https://marketplace.vmware.com/vsx/solutions/oracle-java-runtime-environment-jre-log-insight-content-pack?ref=related#techspecs added the path as mentioned to the l... See more...
fount the instruction here https://marketplace.vmware.com/vsx/solutions/oracle-java-runtime-environment-jre-log-insight-content-pack?ref=related#techspecs added the path as mentioned to the liagent on the server : [filelog|jre] Directory=[Path to JRE Log directory] event_marker=#.*error has been detected by the Java Runtime Environment: in my case looks like this.added at the end of the liagent.ini [filelog|jre] Directory=[D:\apache-tomcat-8.5.31\logs] event_marker=#.*error has been detected by the Java Runtime Environment: restarted the service....waited for 20m nothing comes to the LI server.
hi  just downloaded from the market place oracle-jre 1.2 but no instruction added.   can you guide me?   10x
Hi' i have a url thats contains a numeric changes in java console "CacheQueueWatcher.jsp" it count the QueueSize in our cache systems.and refresh every couple of seconds. im looking for a way ... See more...
Hi' i have a url thats contains a numeric changes in java console "CacheQueueWatcher.jsp" it count the QueueSize in our cache systems.and refresh every couple of seconds. im looking for a way to monitor this numeric counter in the url via the loginsight 4.8 i have agents on the specific servers. id like to monitor this numeric changes and show them in a simple graph.   Regards,
Hi , im using mssql plugin to monitor sql logins. so i get the error log and failed logins but without the proper info .no user is added to the error i see failed login without the user who is ... See more...
Hi , im using mssql plugin to monitor sql logins. so i get the error log and failed logins but without the proper info .no user is added to the error i see failed login without the user who is trying to login. your help needed..... regards elad
hi i created a webhook url to slack via incoming webhooks whan im creating alert in LI and pasting the webhook to test i get an error: the server is open to http/s in getting invalid payload ... See more...
hi i created a webhook url to slack via incoming webhooks whan im creating alert in LI and pasting the webhook to test i get an error: the server is open to http/s in getting invalid payload on the url channel this is form the LI Sending the webhook notification failed Bad Request          UPDATE: RESOLVED THE ISSUE WITH SHIM https://makospace.slack.com/services/556885189794?new_token=1
10x can you giva an example on how to?
Hi, im looking for a way to set enble ssd on my all enviorment since its all based on SSD. i use this to change to RR can i use it to enablr all as "mark as ssd" ? Get-VMHost | Get-ScsiLun -Lu... See more...
Hi, im looking for a way to set enble ssd on my all enviorment since its all based on SSD. i use this to change to RR can i use it to enablr all as "mark as ssd" ? Get-VMHost | Get-ScsiLun -LunType disk | Where {$_.MultipathPolicy -notlike "RoundRobin"} | Where {$_.CapacityGB -ge 40} | Set-Scsilun -MultiPathPolicy RoundRobin thanks
Hi, i wand to create on log insight a user that can only view some of the plugins? like SQL and/f5 only without the other plugins installed as a guest. icreated a "user" and gave him a use... See more...
Hi, i wand to create on log insight a user that can only view some of the plugins? like SQL and/f5 only without the other plugins installed as a guest. icreated a "user" and gave him a user role. but how can i restrict him from viewing other plugins?
HI, Yes i did. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log i see in the instructions Note: • Change the directory as per the environment.(change above) • This conte... See more...
HI, Yes i did. C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log i see in the instructions Note: • Change the directory as per the environment.(change above) • This content pack does not read SQL Server backup reports which are encoded as UTF8/ASCII. how do i know my encoding and is it related to the \MSSQL\Log encoding? pics atteched...
HI ' iv installed the mssql plugin followed the instructions. and seems like no data is comming from the SQL no "overview" "connection/permision" deadlocks" "invalid Query" etc... the only th... See more...
HI ' iv installed the mssql plugin followed the instructions. and seems like no data is comming from the SQL no "overview" "connection/permision" deadlocks" "invalid Query" etc... the only thing i see is "mssql application log" in overview buttom graph. im a sys admin in the doain and in the DBs. what am i missing? Regards EB
i love you!!! (: thanks.
Hi , I have iis content pack and 6 iis servers. 4 are in the same log location C:\Windows\System32\LogFiles\1\W3SVC2 and 2 are logged at a different location D:\Windows\System32\LogFiles\W3S... See more...
Hi , I have iis content pack and 6 iis servers. 4 are in the same log location C:\Windows\System32\LogFiles\1\W3SVC2 and 2 are logged at a different location D:\Windows\System32\LogFiles\W3SVC2 i cant put them in the same group since log location are different and can't create 2 different group since "duplication error" will rized tryed to put two folder in the group without success [filelog|IIS] ; IMPORTANT: Change the directory as per the environment directory=C:\inetpub\logs\LogFiles\W3SVC2\ directory=D:\Windows\System32\LogFiles\1\W3SVC2 include=*.log event_marker=^\d{4}-\d{2}-\d{2} tags={"ms_product":"iis"} parser=iisLogParser [parser|iisLogParser] base_parser=csv delimiter=" " fields=ms_iis_date,ms_iis_time,ms_iis_site_id,ms_iis_server_ip,ms_iis_method_type,ms_iis_url,,ms_iis_port,ms_iis_username,ms_iis_client_ip,,ms_iis_all_status,ms_iis_sub_status,,ms_iis_response_time your help needed.
I checked the agents and the host and i cant identify nothing that send logs beside the IIS plugin or the DC plugin. is there a posibilty to check it from the LI side? logs to machine with some ... See more...
I checked the agents and the host and i cant identify nothing that send logs beside the IIS plugin or the DC plugin. is there a posibilty to check it from the LI side? logs to machine with some command? BTW i removed the check box from vsphere intetgration tab to "ESXI hosts configured"  to not send logs from form my ESXI hosts. Thanks.
Hi all, having some issues with the OSI count in my enviorment LI 4.7. got 11 agents on 11 win os 7 for iis plugin/3 for windows DC plugin. and another 6 agentless plugins (4 brocades/2 f5). ... See more...
Hi all, having some issues with the OSI count in my enviorment LI 4.7. got 11 agents on 11 win os 7 for iis plugin/3 for windows DC plugin. and another 6 agentless plugins (4 brocades/2 f5). 1 vc . my count is 24. my osi count is 42????? WHY? Regard,
Hi Daphnissov , The question was if i can use the tomcat/apache plugin without writing my own parser. Thanks,
HI, im looking to monitor TOMCAT plugin without apache only tomcat installed on the server. is that posible ? installed apache/tomcat/http sever LI market place plugins. regards,
mmm... but baicicly i get there a hosts that i down want to monitor and i dont want to count them in the licence OSI. i have only 10 agents so far ans 13 ESXS and my OSI count is 42??? hoe c... See more...
mmm... but baicicly i get there a hosts that i down want to monitor and i dont want to count them in the licence OSI. i have only 10 agents so far ans 13 ESXS and my OSI count is 42??? hoe can i reduce the amount of hosts that i dont want to monitor? (agian only 10 agents are installed) regard,