<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>Cederberg Tracker</title>
    <link>https://communities.vmware.com/wbsdv95928/tracker</link>
    <description>Cederberg Tracker</description>
    <pubDate>Wed, 15 Nov 2023 08:40:00 GMT</pubDate>
    <dc:date>2023-11-15T08:40:00Z</dc:date>
    <item>
      <title>Re: Vrealize log insight 8.10 upgrade</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Vrealize-log-insight-8-10-upgrade/m-p/2984989#M2894</link>
      <description>&lt;P&gt;Hello&lt;BR /&gt;Yes you can upgrade Log insight 8.10 to the rebranded 8.12. It is not a new product just a new name.&lt;BR /&gt;From the release notes of Vmware aria operations for logs 8.12&lt;BR /&gt;"To upgrade to VMware Aria Operations for Logs 8.12, you must be running VMware Aria Operations for Logs 8.10.x."&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/vmware-aria-operations-for-logs-812-release-notes/index.html" target="_blank"&gt;https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/vmware-aria-operations-for-logs-812-release-notes/index.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;There is also an issue with certificates in older 8.10 and a new requirement of custom certificates with 8.12 so i recommend you read the above release notes and this KB before doing the upgrade.&lt;BR /&gt;&lt;A href="https://kb.vmware.com/s/article/92080" target="_blank"&gt;https://kb.vmware.com/s/article/92080&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;Good luck wtih your upgrade.&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 01 Sep 2023 06:48:04 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Vrealize-log-insight-8-10-upgrade/m-p/2984989#M2894</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2023-09-01T06:48:04Z</dc:date>
    </item>
    <item>
      <title>Re: Incorrect timestamp in syslog messages forwarded to SIEM from vRealize LogInsight</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Incorrect-timestamp-in-syslog-messages-forwarded-to-SIEM-from/m-p/2950648#M2833</link>
      <description>&lt;P&gt;Hi. There seems to be a fix in 8.10.2 for that according to the release notes&lt;/P&gt;&lt;P&gt;"The vCenter Server logs forwarded from vRealize Log Insight have 0 timestamp at the destination. When vCenter Server logs are ingested into vRealize Log Insight and forwarded to another destination through the syslog protocol, the logs' timestamp is lost."&lt;/P&gt;&lt;P&gt;&lt;A href="https://docs.vmware.com/en/vRealize-Log-Insight/8.10.2/rn/vrealize-log-insight-8102-release-notes/index.html" target="_blank"&gt;https://docs.vmware.com/en/vRealize-Log-Insight/8.10.2/rn/vrealize-log-insight-8102-release-notes/index.html&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 25 Jan 2023 12:57:21 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Incorrect-timestamp-in-syslog-messages-forwarded-to-SIEM-from/m-p/2950648#M2833</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2023-01-25T12:57:21Z</dc:date>
    </item>
    <item>
      <title>Re: VRLI is not showing a filter by source address, destination address, port number</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/VRLI-is-not-showing-a-filter-by-source-address-destination/m-p/2936239#M2810</link>
      <description>&lt;P&gt;&lt;SPAN&gt;Hi.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;As you can see in your third screenshot, the log entry is not parsed. It only identified source, event_type, Facility, priority, hostname, appname. which seems like default fields to me. To get the log entry divided into fields it needs to be parsed. If you can successfully parse the logs you can then search the specific fields produced by the parser&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;I'm not sure where the logs are from but if there is a matching Content pack (Content packs -&amp;gt; Market place) you can install it and it should be able to identify the fields for you. If for example it is a NSX-T log the content pack VMware-NSX should provide the parsing for you.&lt;/SPAN&gt;&lt;BR /&gt;&lt;SPAN&gt;If you are collecting the logs with loginsight agent (For example a file log) you need to define a parser either from scratch or using one of the templates contained in relevent content pack. under Management -&amp;gt; Agents&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 01 Nov 2022 13:00:44 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/VRLI-is-not-showing-a-filter-by-source-address-destination/m-p/2936239#M2810</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2022-11-01T13:00:44Z</dc:date>
    </item>
    <item>
      <title>Re: Log4j log insight usage in v4.7</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log4j-log-insight-usage-in-v4-7/m-p/2884108#M2755</link>
      <description>&lt;P&gt;Hello.&lt;BR /&gt;&lt;BR /&gt;According to to updated KB you are linking to 4.X, 8.0 and 8.1 are not affected by log4j&amp;nbsp;&lt;SPAN&gt;CVE-2021-44228&amp;nbsp;and&amp;nbsp;CVE-2021-45046.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;A href="https://kb.vmware.com/s/article/87089" target="_blank"&gt;https://kb.vmware.com/s/article/87089&lt;/A&gt;&amp;nbsp;Updated today with the above information&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 17 Dec 2021 21:32:48 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log4j-log-insight-usage-in-v4-7/m-p/2884108#M2755</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-12-17T21:32:48Z</dc:date>
    </item>
    <item>
      <title>Re: Retrospectively enabling archiving</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Retrospectively-enabling-archiving/m-p/2869311#M2741</link>
      <description>&lt;P&gt;On this link there is a better explanation of Log Insight storage.&lt;/P&gt;&lt;P&gt;&lt;A href="https://blogs.vmware.com/management/2020/05/vrealize-log-insight-index-partitions-and-variable-retention-deep-dive.html" target="_blank"&gt;https://blogs.vmware.com/management/2020/05/vrealize-log-insight-index-partitions-and-variable-retention-deep-dive.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 29 Sep 2021 13:45:07 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Retrospectively-enabling-archiving/m-p/2869311#M2741</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-09-29T13:45:07Z</dc:date>
    </item>
    <item>
      <title>Re: Retrospectively enabling archiving</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Retrospectively-enabling-archiving/m-p/2869310#M2740</link>
      <description>&lt;P&gt;From what i have read there is no way of archiving a sealed bucket. Thats because a bucket only gets marked for archiving when its beeing sealed it can't be done afterwards. The only difference for a bucket that is marked for achiving and one that is not are that the archiving one will be copied to nfs as soon as possible after it beeing sealed. Both remains on the appliance and is searchable until it ages out and gets deleted to make space for newer events. To be clear Archiving doesn't delete anything it copies it to NFS to be saved and imported later if the data should be needed.&lt;/P&gt;&lt;P&gt;The retention period of the Partitions will not help you with archiving. It will only partition the data from and then save them for different amount of time. Say that you have two Partitions. On that collects informational logs and one that takes the rest. If you set the retention period for the informational logs partition to two weeks it will age out any bucket in that partition after two weeks or if the log insight appliance runs out of diskspace. The other partition could have another retention period or not anyone defined and the buckets in that partition will age out according to that.&lt;/P&gt;</description>
      <pubDate>Wed, 29 Sep 2021 13:41:38 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Retrospectively-enabling-archiving/m-p/2869310#M2740</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-09-29T13:41:38Z</dc:date>
    </item>
    <item>
      <title>Re: Retrospectively enabling archiving</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Retrospectively-enabling-archiving/m-p/2869288#M2737</link>
      <description>&lt;P&gt;Hi.&amp;nbsp;&lt;/P&gt;&lt;P&gt;VMware Log insight saves events in what they call buckets, which is 0,5GB in size. When the bucket is full it will seal it self and become read only. If you have achiving enabled at the time the bucket will be marked for achiving and copied to the NFS server. Then the bucket will remain on the log insight storage until it is aged out either by the Log Insight running out of space or if you have set any retention periods with partitions.&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/vRealize-Log-Insight/8.4/com.vmware.log-insight.getting-started.doc/GUID-D60C6B21-2134-4E72-8496-9A169634DBB8.html" target="_blank"&gt;https://docs.vmware.com/en/vRealize-Log-Insight/8.4/com.vmware.log-insight.getting-started.doc/GUID-D60C6B21-2134-4E72-8496-9A169634DBB8.html&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;There is also a good explanation on this blog but it's a bit old so the specifics might not be 100% acurate but it explains how it works.&lt;BR /&gt;&lt;A href="https://sflanders.net/2015/07/01/log-insight-system-architecture-part-3-archiving/" target="_blank"&gt;https://sflanders.net/2015/07/01/log-insight-system-architecture-part-3-archiving/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;From my understanding you can't remove events from an log insight appliance manualy. It will age out it's data with the first in first out principle if you are not using partitions to give your data different retention periods.&lt;BR /&gt;Regards&lt;BR /&gt;//Cederberg&lt;/P&gt;</description>
      <pubDate>Wed, 29 Sep 2021 11:19:18 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Retrospectively-enabling-archiving/m-p/2869288#M2737</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-09-29T11:19:18Z</dc:date>
    </item>
    <item>
      <title>Make Log insight trust Certificates issued by local CA environment</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Make-Log-insight-trust-Certificates-issued-by-local-CA/m-p/2868168#M2734</link>
      <description>&lt;P&gt;Hi.&lt;BR /&gt;&lt;BR /&gt;Is there a way to add the root certificate and intermidiate certificate to Log Insight to make it trust our localy issued certificates from or CA environment?&lt;BR /&gt;The problem i'm looking to fix is every now nad then the active directory logins stops working. To fix it you need to log in to Log insight with local administrator account and go to active directory settings and accept the certificate again. I'm guessing this is because the certificate on our Active directory servers have been replaced. The certificates on our Active directory servers have Certificates issued by our local CA/PKI environment so if the log insight appliance would trust de chain for our certificates the need for accepting the certificates would be gone.&lt;BR /&gt;&lt;BR /&gt;Regards&lt;BR /&gt;//Cederberg&lt;/P&gt;</description>
      <pubDate>Thu, 23 Sep 2021 09:20:04 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Make-Log-insight-trust-Certificates-issued-by-local-CA/m-p/2868168#M2734</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-09-23T09:20:04Z</dc:date>
    </item>
    <item>
      <title>Does parser field names need to be unique?</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Does-parser-field-names-need-to-be-unique/m-p/2860636#M2726</link>
      <description>&lt;P&gt;Hi.&lt;BR /&gt;Since i've been using Log insight I've made the field name for every parser unique. But is that really necessary? I can think of a use case where it would be great to not have the fields be unique. for example source ip in windows firewall, IIS-logs and NSX and so on. To be able to find a specific IP address in all thoose logs at the same time would be a huge gain. I guess I could just use text search for IP address without specifying a field but the i would get other hits as well.&lt;BR /&gt;&lt;BR /&gt;So how are you doing it, unique field names or do you use the same names for fields?&lt;BR /&gt;&lt;BR /&gt;Regards&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 04 Aug 2021 06:05:11 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Does-parser-field-names-need-to-be-unique/m-p/2860636#M2726</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-08-04T06:05:11Z</dc:date>
    </item>
    <item>
      <title>Re: Windows Firewall Parsing</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Windows-Firewall-Parsing/m-p/2847414#M2709</link>
      <description>&lt;P&gt;Ok thats a bit wierd.&lt;/P&gt;&lt;P&gt;I don't know if it matters or if its a typo but you have a space before field Logtime.&lt;BR /&gt;You can try enabling the debug mode and the log files on the agent will probably tell you whats wrong. but remember to turn it off afterwards as it can generate much logs. The log file is located&amp;nbsp; here C:\ProgramData\VMware\Log Insight Agent\log on the agent server and called liagent_Date.log&lt;/P&gt;&lt;P&gt;This is the config i'm using. I have tried to make the fields unique with a prefix WinFW_. I don't really know if that matters.other than that it seems to be the same as yours except for the timestamp parser.&lt;/P&gt;&lt;P&gt;[filelog|WindowsFirewallLogFile]&lt;BR /&gt;directory=C:\Windows\System32\LogFiles\Firewall&lt;BR /&gt;include=*.log&lt;BR /&gt;parser=WinFWLogParser&lt;BR /&gt;tags={"label":"windows_firewall_logfile"}&lt;/P&gt;&lt;P&gt;[parser|WinFWLogParser]&lt;BR /&gt;base_parser=csv&lt;BR /&gt;fields=WinFW_Date,WinFW_Time,WinFW_action,WinFW_protocol,WinFW_srcip,WinFW_dstip,WinFW_srcport,WinFW_dstport,WinFW_size,WinFW_tcpflags,WinFW_tcpsyn,WinFW_tcpack,WinFW_tcpwin,WinFW_icmptype,WinFW_icmpcode,WinFW_info,WinFW_path&lt;BR /&gt;delimiter=" "&lt;BR /&gt;debug=no&lt;/P&gt;</description>
      <pubDate>Mon, 17 May 2021 07:36:23 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Windows-Firewall-Parsing/m-p/2847414#M2709</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-05-17T07:36:23Z</dc:date>
    </item>
    <item>
      <title>Re: Windows Firewall Parsing</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Windows-Firewall-Parsing/m-p/2847404#M2707</link>
      <description>&lt;P&gt;Hi.&lt;/P&gt;&lt;P&gt;With the csv parser it's very important to have the right amount of fields specified. I think the problem is that there is a space between the date and the time so the csv parser sees two fields wich makes it a total of 17 fields and you have only specified 16. Timestamp should be 2 fields Date and Time&lt;/P&gt;&lt;P&gt;If you want timestamp to be one field i guess you need to use another parser.&lt;/P&gt;&lt;P&gt;Regards&lt;BR /&gt;//Cederberg&lt;/P&gt;</description>
      <pubDate>Mon, 17 May 2021 06:33:50 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Windows-Firewall-Parsing/m-p/2847404#M2707</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-05-17T06:33:50Z</dc:date>
    </item>
    <item>
      <title>Re: log Insight - License Violation</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/log-Insight-License-Violation/m-p/2843469#M2703</link>
      <description>&lt;P&gt;Hi.&lt;/P&gt;&lt;P&gt;If I read this passage right in the documentation for log insight it seems as if the ESXi hosts are listed even if they don't send logs if a vcenter integration is added to Log insight.&lt;/P&gt;&lt;P&gt;"&lt;SPAN&gt;If you have configured a vCenter Server to send events and alarms, but have not configured the individual ESXi hosts to send logs, the Hostname column lists both the vCenter Server and the individual ESXi hosts as the source instead of listing just the vCenter Server."&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/vRealize-Log-Insight/8.3/com.vmware.log-insight.administration.doc/GUID-0E19DA57-D3BC-4160-ABC6-070109B06781.html" target="_blank"&gt;https://docs.vmware.com/en/vRealize-Log-Insight/8.3/com.vmware.log-insight.administration.doc/GUID-0E19DA57-D3BC-4160-ABC6-070109B06781.html&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;If you check under Administration -&amp;gt; Hosts you will se everything the log insight server counts as a OSI.&lt;BR /&gt;&lt;BR /&gt;I think you need to contact VMware support to see if this is an actual license violation.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 23 Apr 2021 06:03:26 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/log-Insight-License-Violation/m-p/2843469#M2703</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-04-23T06:03:26Z</dc:date>
    </item>
    <item>
      <title>Re: VRealize log insight Cluster HA Testing in 8.00</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/VRealize-log-insight-Cluster-HA-Testing-in-8-00/m-p/2840862#M2702</link>
      <description>&lt;P&gt;Hi.&lt;BR /&gt;&lt;BR /&gt;The cluster doesn't replicate events between the cluster nodes. So if a node is down all events that was contained on the node will be unavaliable.&lt;BR /&gt;If you ment that the cluster dind't recieve any events when the master node is down. You have probably configured your agents/syslog clients to send their events directly to the master nodes IP. To use the cluster you need to configure a&amp;nbsp; Virtual IP adress in the integrated load balancer in the cluster settings and configure your Agents/Syslog clients to send to that ip adress instead.&lt;BR /&gt;&lt;BR /&gt;When the node containing the VIP goes down it will move to another host and with that move of IP the cluster sees to it that at leaste one node is avaliable to recieve events.&lt;/P&gt;&lt;P&gt;You can read about the Backup and restore in the documentation.&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/vRealize-Log-Insight/8.0/com.vmware.log-insight.administration.doc/GUID-144FEF17-3DA3-4F98-980B-56674B1E1655.html" target="_blank"&gt;https://docs.vmware.com/en/vRealize-Log-Insight/8.0/com.vmware.log-insight.administration.doc/GUID-144FEF17-3DA3-4F98-980B-56674B1E1655.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;And this link is also usefull.&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/vRealize-Suite/2019/backup-and-restore-netbackup/GUID-58481996-AF7C-4B9B-9A75-9D9C98643412.html" target="_blank"&gt;https://docs.vmware.com/en/vRealize-Suite/2019/backup-and-restore-netbackup/GUID-58481996-AF7C-4B9B-9A75-9D9C98643412.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 09 Apr 2021 08:28:30 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/VRealize-log-insight-Cluster-HA-Testing-in-8-00/m-p/2840862#M2702</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-04-09T08:28:30Z</dc:date>
    </item>
    <item>
      <title>Re: Single vCenter - 2 vSAN Clusters</title>
      <link>https://communities.vmware.com/t5/App-Volumes/Single-vCenter-2-vSAN-Clusters/m-p/2836800#M8383</link>
      <description>&lt;P&gt;Hi.&lt;BR /&gt;I have not tried it but may be storage groups can be helpful. Sounds like it would replicate the appvolumes and writable volumes between storages.&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/VMware-App-Volumes/2012/app-volumes-admin-guide/GUID-174CA732-BFC6-4930-BADB-656E79C19369.html" target="_blank"&gt;https://docs.vmware.com/en/VMware-App-Volumes/2012/app-volumes-admin-guide/GUID-174CA732-BFC6-4930-BADB-656E79C19369.html&lt;/A&gt; There is also another technology in vpshere 7.0 U1 thats called hci mesh. that would allow your vsan clusters to share storage with eachother.&lt;BR /&gt;&lt;A href="https://blogs.vmware.com/virtualblocks/2020/09/16/introducing-vmware-vsan-hci-mesh/" target="_blank"&gt;https://blogs.vmware.com/virtualblocks/2020/09/16/introducing-vmware-vsan-hci-mesh/&lt;/A&gt;&lt;/P&gt;&lt;P&gt;As i have said i have not tried theese solutions but they could maybe be an input for you ro research further.&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 19 Mar 2021 08:30:33 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/App-Volumes/Single-vCenter-2-vSAN-Clusters/m-p/2836800#M8383</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-03-19T08:30:33Z</dc:date>
    </item>
    <item>
      <title>Re: Log Insight agents - force upgrade</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-agents-force-upgrade/m-p/2828642#M2692</link>
      <description>&lt;P&gt;Hi.&lt;/P&gt;&lt;P&gt;First of all i don't think there was an agent update to 8.1.1 from 8.1. The installer is still&amp;nbsp;8.1.0-15876228 when i click download agent in loginsight 8.1.1 now I don't have an 8.1 enviroment to compare it to so I can't be sure.&lt;/P&gt;&lt;P&gt;Apparently the autoupdate feature is enabled in the agent by default so your uncommenting of the line auto update = yes had no effect according to this link. "&lt;SPAN&gt;Auto-update for agents is enabled by default. So, the default value for&amp;nbsp;&lt;/SPAN&gt;auto_update&lt;SPAN&gt;&amp;nbsp;is "yes", even when commented."&lt;/SPAN&gt;&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/vRealize-Log-Insight/8.1/com.vmware.log-insight.agent.admin.doc/GUID-F2FF4FE4-9660-4A5A-B5DD-9621CC3C8231.html" target="_blank" rel="noopener"&gt;https://docs.vmware.com/en/vRealize-Log-Insight/8.1/com.vmware.log-insight.agent.admin.doc/GUID-F2FF4FE4-9660-4A5A-B5DD-9621CC3C8231.html&lt;/A&gt;&lt;/P&gt;&lt;P&gt;I don't think there is any force command other than maybe trying to disable then enable the enable auto update all agents switch. But the again it should have updated all agents if there where an update as the autoupdate on the agent is enabled until you specificaly uncomment it and set it to no.&lt;/P&gt;</description>
      <pubDate>Tue, 09 Feb 2021 12:37:03 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-agents-force-upgrade/m-p/2828642#M2692</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-02-09T12:37:03Z</dc:date>
    </item>
    <item>
      <title>Re: Loginsight query question</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Loginsight-query-question/m-p/2825996#M2689</link>
      <description>&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;With not much info in your post i'm just guessing at the most basic things i can think of.&lt;/P&gt;&lt;P&gt;Are the esxi servers configured to send syslog to Log insight? Are there an firewall between your Management network on the ESXi and the log insight server?&lt;/P&gt;&lt;P&gt;The default when opening interactive analytics is the query only the last 5 minutes, did you check that?&lt;/P&gt;&lt;P&gt;i'm sorry if this is to basic but you got to start somewhere.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 28 Jan 2021 11:40:07 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Loginsight-query-question/m-p/2825996#M2689</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2021-01-28T11:40:07Z</dc:date>
    </item>
    <item>
      <title>Re: upgrade from 4.8 to 8.1.x totally failed</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/upgrade-from-4-8-to-8-1-x-totally-failed/m-p/2818997#M2684</link>
      <description>&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;You have probably encountered the bug with Grub selecting 4.8 (Suse Linux) as default boot instead of the new 8.1.1 (PhotonOS).&amp;nbsp;&lt;/P&gt;&lt;P&gt;Here is a KB from VMware that helps you solve the issue so that it boots on 8.1.1 instead of the 4.8&lt;BR /&gt;&lt;A href="https://kb.vmware.com/s/article/79592" target="_blank"&gt;https://kb.vmware.com/s/article/79592&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 23 Dec 2020 11:33:58 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/upgrade-from-4-8-to-8-1-x-totally-failed/m-p/2818997#M2684</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2020-12-23T11:33:58Z</dc:date>
    </item>
    <item>
      <title>Re: App Volumes 4 - Multiple Instances with One Database</title>
      <link>https://communities.vmware.com/t5/App-Volumes/App-Volumes-4-Multiple-Instances-with-One-Database/m-p/2818851#M8276</link>
      <description>&lt;P&gt;Hi.&lt;/P&gt;&lt;P&gt;Yes it's supported and I belive it's the only way to get High availability on the app volume manager.&lt;BR /&gt;Here is a link descibing how to set up and scale the App volumes manager.&lt;BR /&gt;&lt;A href="https://docs.vmware.com/en/VMware-App-Volumes/2009/app-volumes-install-guide/GUID-62828123-0D4A-455D-AA52-CAF54CBA7500.html" target="_blank"&gt;https://docs.vmware.com/en/VMware-App-Volumes/2009/app-volumes-install-guide/GUID-62828123-0D4A-455D-AA52-CAF54CBA7500.html&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;regards&lt;BR /&gt;//Cederberg&lt;/P&gt;</description>
      <pubDate>Tue, 22 Dec 2020 14:14:31 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/App-Volumes/App-Volumes-4-Multiple-Instances-with-One-Database/m-p/2818851#M8276</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2020-12-22T14:14:31Z</dc:date>
    </item>
    <item>
      <title>Re: Log Insight Master Node disk is full while Other Worker nodes are free</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-Master-Node-disk-is-full-while-Other-Worker-nodes/m-p/2815256#M2674</link>
      <description>&lt;P&gt;Hi.&lt;BR /&gt;&lt;BR /&gt;I believe that the cluster only distributes the current incoming events/logs and not taking the available storage space in to consideration. So if I'm right the master node will continue to age out the oldest logs and the worker nodes will have a higher retention untill they are all at about the same storage usage level.&lt;/P&gt;</description>
      <pubDate>Mon, 07 Dec 2020 09:49:04 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/Log-Insight-Master-Node-disk-is-full-while-Other-Worker-nodes/m-p/2815256#M2674</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2020-12-07T09:49:04Z</dc:date>
    </item>
    <item>
      <title>Re: NSX-T firewall log retention</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/NSX-T-firewall-log-retention/m-p/2812850#M2670</link>
      <description>&lt;P&gt;Hi.&lt;/P&gt;&lt;P&gt;I'm starting with saying that we have not implemented Partitions yet and ar not all the way through with our plans for retention. But from my understanding the partitions is more for clearing out what you don't want to save for longer. I can't really find any info on this but this is my&amp;nbsp;interpretation of it. The partitions doesn't guarantee that the data is avaliable for 3 months or what you set as thats depends on available diskspace. But it will how ever age out the data at those 3 months.&amp;nbsp;&lt;/P&gt;&lt;P&gt;When i check our enviroment the fields we defined when we fetch logs via agents are avaliable to use for filters. Have you installed the content pack for nsx-t? Maybe it will provide you with som defined fields to use for filter.&lt;/P&gt;&lt;P&gt;So if you need to have something live searchable for 3 months you need to try to calculate how much data u need to save and then add storage to the log insight server or scale out to a cluster, 3+ nodes. There are also archiving that lets you save the data on a share and then import them in a log insight enviroment when you need to look at them if the auditor is OK with that.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 26 Nov 2020 13:05:00 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Operations-for-Logs/NSX-T-firewall-log-retention/m-p/2812850#M2670</guid>
      <dc:creator>Cederberg</dc:creator>
      <dc:date>2020-11-26T13:05:00Z</dc:date>
    </item>
  </channel>
</rss>

