sroethlisberger's Posts

Hello Everyone Has anyone an idea how I could filter the user Logon Events(Event ID 4624) in LogInsight? (At the moment it shows me also the system accounts) Kind regards Steve
Alright. Thank you
Hello So calls over Http won't work? Kind regards Steve
Hello Everyone I'm trying to receive a Session_Id from my LogInsight. Can anybody tell me whats wrong with my request? (I've received status 401 Unauthorized) Kind regards Steve
Hello Experts I want to create an alert for users who logs in outside of our working hours. How can I do that with VmWare LogInsight? Kind regards Steve
Hello Everyone I have a little problem. I want to forward evtx logs to my Loginsight Server. The logs are stored on a networkdrive. I temporary copied the log to a local path (Which the Login... See more...
Hello Everyone I have a little problem. I want to forward evtx logs to my Loginsight Server. The logs are stored on a networkdrive. I temporary copied the log to a local path (Which the Loginsight agent is installed). but the logs dont' arrive to the loginsight server (I find no errors in the logs you can find it in the attachment  ) 2018-01-22 11:29:56.008096 0x00000eb4 <trace> WinLogCollector:304| WinLogMonitor thread begin 2018-01-22 11:29:56.008096 0x00001bdc <trace> EventCollector:49  | Configuration of filelog is done 2018-01-22 11:29:56.008096 0x00001bdc <trace> EventCollector:56  | Starting filelog 2018-01-22 11:29:56.008096 0x00001ad0 <trace> Logger:147         | Thread "ThreadPool" has id 0x00001ad0 2018-01-22 11:29:56.008096 0x00001bdc <trace> FLogCollectorEx:477| Subscribed to channel <netapp>. 2018-01-22 11:29:56.008096 0x000044d0 <trace> Logger:147         | Thread "DirectoryMonitorEx" has id 0x000044d0 2018-01-22 11:29:56.008096 0x00001bdc <trace> EventCollector:59  | Started filelog 2018-01-22 11:29:56.008096 0x00005714 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00005714 2018-01-22 11:29:56.008096 0x00001bdc <trace> DataController:100 | Configuring transport... 2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:297         | Configuration key [server].proto is not specified. Using default: cfapi 2018-01-22 11:29:56.008096 0x00001bdc <trace> DataController:163 | Creating cfapi transport 2018-01-22 11:29:56.008096 0x00003f88 <trace> Logger:147         | Thread "DirectoryMonitorEx Polling" has id 0x00003f88 2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:287         | Read config param [server].hostname = loginsight.tdlz2.tankred.ch 2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:346         | Configuration key [server].ssl is not specified. Using default: yes 2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:252         | Configuration key [server].port is not specified. Using default: 9543 2018-01-22 11:29:56.008096 0x00001bdc <trace> Config:252         | Configuration key [server].reconnect is not specified. Using default: 30 2018-01-22 11:29:56.008096 0x00002d10 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00002d10 2018-01-22 11:29:56.008096 0x00003e58 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00003e58 2018-01-22 11:29:56.008096 0x00003598 <trace> Logger:147         | Thread "FLogThreadPool" has id 0x00003598 2018-01-22 11:29:56.039342 0x00001bdc <trace> DataController:104 | Starting transport... 2018-01-22 11:29:56.039342 0x00004bc0 <trace> Logger:147         | Thread "CFApiTransport" has id 0x00004bc0 2018-01-22 11:29:56.039342 0x00004bc0 <trace> CFApiTransport:130 | Connecting to server loginsight.tdlz2.tankred.ch:9543 2018-01-22 11:29:56.039342 0x00001bdc <trace> AgentDaemon:422    | AgentDaemon configured successfully 2018-01-22 11:29:56.039342 0x00001bdc <trace> AgentDaemon:367    | AgentDaemon started successfully 2018-01-22 11:29:56.242474 0x00004bc0 <trace> CFApiTransport:150 | Connection successfully established Can anybody help me?   Kind regards Steve