<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Is there a way to include the Host IP (Source IP or Hostname) in the Log Insight User Alerts? in VMware Aria Operations for Logs Discussions</title>
    <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Is-there-a-way-to-include-the-Host-IP-Source-IP-or-Hostname-in/m-p/519050#M386</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;STRONG&gt;Hi Chaps,&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;I setup an alert to notify me via email whenever an RDP event log is created.&lt;/P&gt;&lt;P&gt;This alert is working though what I am figuring out now is how to include the exact Source IP of that RDP session.&lt;/P&gt;&lt;P&gt;What's included in the alert is the "Network Address" of that endpoint.&lt;/P&gt;&lt;P&gt;e.g. I RDP in to 10.1xx.10.40, and it only shows the Network address in the alert; which is 10.1xx.10.1.&lt;/P&gt;&lt;P&gt;Here's the actual email alert:&lt;/P&gt;&lt;P&gt;_________________________________________________________&lt;/P&gt;&lt;P&gt;This alert is about your Log Insight installation on &lt;A href="https://192.168.10.8/"&gt;https://x.x.x.x/&lt;/A&gt;&lt;BR /&gt; Log Insight found the following 1 event matching the criteria for alert "A successful Windows RDP login was detected":&lt;BR /&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;Remote Desktop Services: User authentication succeeded:&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;User: user1&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;Domain: domain1&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;Source Network Address: 10.1xx.10.1&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Note:&lt;/STRONG&gt; To avoid raising duplicate alerts, this alert will now be snoozed for the next 5 minutes (the search period for this alert).&lt;/P&gt;&lt;P&gt;_________________________________________________________&lt;/P&gt;&lt;P&gt;I have been searching online and going through VRLI gui one section at a time (including the User alert settings), though I can't seem to find where to configure this.&lt;/P&gt;&lt;P&gt;Any assistance will be greatly appreciated!&lt;BR /&gt;Thanks mates!&lt;/P&gt;&lt;P&gt;Sincerely,&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Eugene&lt;/STRONG&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Sat, 25 Apr 2020 02:46:44 GMT</pubDate>
    <dc:creator>eugenea</dc:creator>
    <dc:date>2020-04-25T02:46:44Z</dc:date>
    <item>
      <title>Is there a way to include the Host IP (Source IP or Hostname) in the Log Insight User Alerts?</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Is-there-a-way-to-include-the-Host-IP-Source-IP-or-Hostname-in/m-p/519050#M386</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;STRONG&gt;Hi Chaps,&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;I setup an alert to notify me via email whenever an RDP event log is created.&lt;/P&gt;&lt;P&gt;This alert is working though what I am figuring out now is how to include the exact Source IP of that RDP session.&lt;/P&gt;&lt;P&gt;What's included in the alert is the "Network Address" of that endpoint.&lt;/P&gt;&lt;P&gt;e.g. I RDP in to 10.1xx.10.40, and it only shows the Network address in the alert; which is 10.1xx.10.1.&lt;/P&gt;&lt;P&gt;Here's the actual email alert:&lt;/P&gt;&lt;P&gt;_________________________________________________________&lt;/P&gt;&lt;P&gt;This alert is about your Log Insight installation on &lt;A href="https://192.168.10.8/"&gt;https://x.x.x.x/&lt;/A&gt;&lt;BR /&gt; Log Insight found the following 1 event matching the criteria for alert "A successful Windows RDP login was detected":&lt;BR /&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;Remote Desktop Services: User authentication succeeded:&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;User: user1&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;Domain: domain1&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN style="font-family: 'courier new', courier;"&gt;&lt;STRONG&gt;Source Network Address: 10.1xx.10.1&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Note:&lt;/STRONG&gt; To avoid raising duplicate alerts, this alert will now be snoozed for the next 5 minutes (the search period for this alert).&lt;/P&gt;&lt;P&gt;_________________________________________________________&lt;/P&gt;&lt;P&gt;I have been searching online and going through VRLI gui one section at a time (including the User alert settings), though I can't seem to find where to configure this.&lt;/P&gt;&lt;P&gt;Any assistance will be greatly appreciated!&lt;BR /&gt;Thanks mates!&lt;/P&gt;&lt;P&gt;Sincerely,&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;Eugene&lt;/STRONG&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Sat, 25 Apr 2020 02:46:44 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Is-there-a-way-to-include-the-Host-IP-Source-IP-or-Hostname-in/m-p/519050#M386</guid>
      <dc:creator>eugenea</dc:creator>
      <dc:date>2020-04-25T02:46:44Z</dc:date>
    </item>
  </channel>
</rss>

