VMware Cloud Community
piedthepiper
Contributor
Contributor

Active Directory Content Pack and vSphere Intigration

Hi Guys,

I have just installed Log insight and I hve been fiddling about with it.

I have installed the agent on 2 domain controllers and after much fumbling about, I have managed to get it reporting windows data......... but AD wise they both arent sending anything.

Here is the config for the liagent.ini

I don't see what is wrong? I am using version 2.5

; Client-side configuration of VMware Log Insight Agent.

; See liagent-effective.ini for the actual configuration used by VMware Log Insight Agent.

[server]

hostname=LOGINSIGHT

; Log Insight server hostname or ip address

; If omitted the default value is LOGINSIGHT

;hostname=LOGINSIGHT

; Set protocol to use:

; cfapi - Log Insight REST API

; syslog - Syslog protocol

; If omitted the default value is cfapi

;

;proto=cfapi

; Log Insight server port to connect to. If omitted the default value is:

; for syslog: 514

; for cfapi without ssl: 9000

; for cfapi with ssl: 9543

;port=9000

;ssl - enable/disable SSL. Applies to cfapi protocol only.

; Possible values are yes or no. If omitted the default value is no.

;ssl=no

; Time in minutes to force reconnection to the server

; If omitted the default value is 30

;reconnect=30

[storage]

;max_disk_buffer - max disk usage limit (data + logs) in MB:

; 100 - 2000 MB, default 200

;max_disk_buffer=200

[logging]

;debug_level - the level of debug messages to enable:

;   0 - no debug messages

;   1 - trace essential debug messages

;   2 - verbose debug messages (will have negative impact on performace)

;debug_level=0

[winlog|Application]

channel=Application

tags={"ms_product":"windows"}

[winlog|Security]

channel=Security

tags={"ms_product":"windows"}

[winlog|System]

channel=System

tags={"ms_product":"windows"}

[winlog|DirectoryService]

channel=Directory Service

tags={"ms_product":"activedirectory"}

[winlog|DNS_Server]

channel=DNS Server

tags={"ms_product":"activedirectory"}

[winlog|DFS_Replication]

channel=DFS Replication

tags={"ms_product":"activedirectory"}

Anybody kindly tell me what I am missing? haha

Also I have linked it to vSphere, it reports some stats but not others.

In VMware vSphere > General Inventory , it shows 1 vcenter but 0 VMs, which is a lie, I have about 10 running acorss 2 hosts?

Labels (3)
Reply
0 Kudos
4 Replies
sflanders
Commander
Commander

Config looks right -- looks like hostname has not been set, which means it is using "loginsight", but you said Windows is working so appears to be correct. You can search for 'error' in the agent log file (same directory as liagent.ini), but I suspect it will be fine. If you are not seeing events then this likely means that your domain controllers are fairly idle so no events are being generated. I hope this helps!

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
piedthepiper
Contributor
Contributor

Well the hostname is configured in DNS fine and it pings

I shall have a look at the log files now...

Reply
0 Kudos
piedthepiper
Contributor
Contributor

I have had a look at the log files and I dont see anything wrong.

So I will leave it runing for a bit and see if it improves.

That still doesnt explain why its showing vcenter as having 0 vms and 0 hosts, even though in adminsitration > vsphere logging is configured for both my hosts and appears to be configured correctly?

Reply
0 Kudos
sflanders
Commander
Commander

Well vCenter is working so events, tasks and alarms are being pulled in. Can you try a larger time range like last 24 hours instead of last 5 minutes? For VMs, it is common for larger time ranges to be needed and if they are idle, they may rarely appear. ESXi on the other hand is pretty verbose and I am surprised you are seeing 0 if vSphere integration confirms they are configured. Can you check the syslog configuration on one of the ESXi hosts and from the console ensure you can access the LI server? Perhaps a firewall or routing issue and preventing the events from being received.

Hope this helps! === If you find this information useful, please award points for "correct" or "helpful". ===
Reply
0 Kudos