<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Log Insight 8.x - packet capture in VMware Aria Operations for Logs Discussions</title>
    <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-8-x-packet-capture/m-p/2869013#M2735</link>
    <description>&lt;P&gt;Hi all,&lt;/P&gt;&lt;P&gt;I found a handy little KB for Log Insight 4.x to help verify that syslogs are making it from the clients to the LI server appliance:&lt;/P&gt;&lt;P&gt;&lt;A href="https://kb.vmware.com/s/article/59473" target="_blank" rel="noopener"&gt;https://kb.vmware.com/s/article/59473&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Unfortunately, this doesn't work for Log Insight 8.4. I can SSH in to the LI appliance, but tcpdump does not appear to be installed... presumably because it's now PhotonOS instead of SLES.&lt;/P&gt;&lt;P&gt;Does anyone know if there is an alternate packet capture utility for a Log Insight 8.4 appliance? I have a client that's configured to send logs to the LI appliance, and I can see they're leaving the client on UDP 514, but they never show up in the LI Interactive Analytics page.&lt;/P&gt;&lt;P&gt;I have verified that the client and the LI appliance can ping each other, and other clients on the same subnet are able to successfully send their syslogs to this LI appliance. Just seems to be some weird issue with this particular client.&lt;/P&gt;&lt;P&gt;Thanks!&lt;/P&gt;</description>
    <pubDate>Tue, 28 Sep 2021 06:12:33 GMT</pubDate>
    <dc:creator>GregSmid</dc:creator>
    <dc:date>2021-09-28T06:12:33Z</dc:date>
    <item>
      <title>Log Insight 8.x - packet capture</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-8-x-packet-capture/m-p/2869013#M2735</link>
      <description>&lt;P&gt;Hi all,&lt;/P&gt;&lt;P&gt;I found a handy little KB for Log Insight 4.x to help verify that syslogs are making it from the clients to the LI server appliance:&lt;/P&gt;&lt;P&gt;&lt;A href="https://kb.vmware.com/s/article/59473" target="_blank" rel="noopener"&gt;https://kb.vmware.com/s/article/59473&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Unfortunately, this doesn't work for Log Insight 8.4. I can SSH in to the LI appliance, but tcpdump does not appear to be installed... presumably because it's now PhotonOS instead of SLES.&lt;/P&gt;&lt;P&gt;Does anyone know if there is an alternate packet capture utility for a Log Insight 8.4 appliance? I have a client that's configured to send logs to the LI appliance, and I can see they're leaving the client on UDP 514, but they never show up in the LI Interactive Analytics page.&lt;/P&gt;&lt;P&gt;I have verified that the client and the LI appliance can ping each other, and other clients on the same subnet are able to successfully send their syslogs to this LI appliance. Just seems to be some weird issue with this particular client.&lt;/P&gt;&lt;P&gt;Thanks!&lt;/P&gt;</description>
      <pubDate>Tue, 28 Sep 2021 06:12:33 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-8-x-packet-capture/m-p/2869013#M2735</guid>
      <dc:creator>GregSmid</dc:creator>
      <dc:date>2021-09-28T06:12:33Z</dc:date>
    </item>
    <item>
      <title>Re: Log Insight 8.x - packet capture</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-8-x-packet-capture/m-p/2950924#M2834</link>
      <description>&lt;P&gt;Wow, 2 years and no answers.&lt;BR /&gt;&lt;BR /&gt;For those who find this via googling... vRLI is PhotonOS.&amp;nbsp; You can install tcpdump with:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;tdnf install tcpdump&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;You will be blocked by photon_vasecurity package.&amp;nbsp; &amp;nbsp;If you cannot figure your way around this, then perhaps you should not be messing around in PhotonOS.&amp;nbsp; (;&lt;/P&gt;&lt;P&gt;(Careful with that package manager, Eugene!)&lt;/P&gt;</description>
      <pubDate>Thu, 26 Jan 2023 16:05:52 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-8-x-packet-capture/m-p/2950924#M2834</guid>
      <dc:creator>SixthLevel</dc:creator>
      <dc:date>2023-01-26T16:05:52Z</dc:date>
    </item>
  </channel>
</rss>

