VMware Cloud Community
GregSmid
Enthusiast
Enthusiast
‎09-27-2021 11:10 PM

Log Insight 8.x - packet capture

Hi all,

I found a handy little KB for Log Insight 4.x to help verify that syslogs are making it from the clients to the LI server appliance:

https://kb.vmware.com/s/article/59473

Unfortunately, this doesn't work for Log Insight 8.4. I can SSH in to the LI appliance, but tcpdump does not appear to be installed... presumably because it's now PhotonOS instead of SLES.

Does anyone know if there is an alternate packet capture utility for a Log Insight 8.4 appliance? I have a client that's configured to send logs to the LI appliance, and I can see they're leaving the client on UDP 514, but they never show up in the LI Interactive Analytics page.

I have verified that the client and the LI appliance can ping each other, and other clients on the same subnet are able to successfully send their syslogs to this LI appliance. Just seems to be some weird issue with this particular client.

Thanks!

0 Kudos
1 Reply
SixthLevel
Contributor
Contributor
‎01-26-2023 07:51 AM

Wow, 2 years and no answers.

For those who find this via googling... vRLI is PhotonOS.  You can install tcpdump with:

 

tdnf install tcpdump

 

You will be blocked by photon_vasecurity package.   If you cannot figure your way around this, then perhaps you should not be messing around in PhotonOS.  (;

(Careful with that package manager, Eugene!)

0 Kudos