content packs

Identity Manager content pack for Log Insight

Overview

Identity Manager is a service that extends your on-premises directory infrastructure to provide a seamless Single Sign-On (SSO) experience to web, mobile, SaaS, and legacy applications. Identity Manager leverages the same core identity management solution that may be seen powering VMware vCloud Air and the vCloud Suite in the world&#rsquo;s most advanced datacenters and enterprise-class infrastructure clouds.

The Identity Manager content pack for vRealize Log Insight provides powerful filter, logging visualization, and alerting of vIDM real-time operational activities. This enables users to effectively monitor all components of your Identity Manager environment using intuitive Log Insight UI dashboard widgets with just a couple clicks. The content pack enables:
Proactive monitoring of your Identity Manager environment
Quickly identify issues and drill down to determine the root cause with powerful visualizations of your data and targeted queries.

User and Device breakdown of Identity Manager events

Ability to analysis every user and device login to get a complete picture within an environment.

Troubleshooting and root-cause analysis

Specific queries to focus on the important events that indicate real login problems with additional information and context to resolve detected issues quickly.

 

Minimum Requirements:

VMware vIDM 2.x+ or VMware Identity Manager Cloud
VMware Log Insight 3.0+

 

Where do I get the VMware – Identity Manager Content Pack?

You can download this VMware – Identity Manager content pack from solution exchange –

https://marketplace.vmware.com/vsx/solutions/vmware-identity-manager-content-pack-1-0

OR You can download the content pack from the in-product Marketplace in Log Insight 2.5 or newer.

Got feedback?

We are happy to hear from you on loginsight.vmware.com or visit us @ VMworld 2017 (US) - Experience the Value of vRealize Log Insight Content Packs [MGT2323GU]

The post Identity Manager content pack for Log Insight appeared first on VMware Cloud Management.

Read more..

Kaminario K2 content pack for vRealize Log Insight

Overview

Kaminario K2 all-flash array delivers multi-petabyte scale storage with the performance and agility to meet the needs of an on-demand world. Kaminario K2 Gen6 is powered by VisionOSTM, a software platform that optimizes best-of-breed commodity hardware resources. K2 is built for delivering applications on highly scalable virtual environments, private clouds or as-a-service infrastructures.

K2&#rsquo;s VisionOS™ includes an open API platform – DataManage – that facilitates a tight integration with VMware vRealize Log Insight.

 

Dashboards, Fields, and Alerts provided by the Kaminario K2 Content Pack put you one click away from in depth analytics and event analysis. This content pack allows you to monitor and analyze Kaminario K2 all-flash arrays by converting the arrays&#rsquo; syslog messages into organized, pre-defined dashboard widgets.
General overview of multiple K2 all-flash arrays

 

Analyze events according to labels, severity and types

 

Audit login attempts to the K2

 

Minimum Requirements:
Kaminario K2 versions 6.0.2 or later
vRealize Log Insight 4.0 or later

Where do I get the Kaminario – K2 Content Pack?

You can download this Kaminario – K2 content pack from solution exchange –

https://marketplace.vmware.com/vsx/solutions/kaminario-k2-content-pack-for-vrealize-log-insight-1-0

OR You can download the content pack from the in-product Marketplace in Log Insight 2.5 or newer.

The post Kaminario K2 content pack for vRealize Log Insight appeared first on VMware Cloud Management.

Read more..

vRealize Log Insight agent multi-destination support

Agents make it possible to collect events from log files on Linux and Windows devices and forward them to avRealize Log Insightserver or a third-party logging system. Well … we all know that!! A LOT and yes I mean a LOT of folks from the field have asked for the agent to be able to send logs to multiple destinations and possibly over different protocols and perhaps also have filtering on the logs before they get sent as the cherry on the cake. With vRealize Log Insight v4.5 we can!

vRealize Log Insight v4.5 agent allows you to deliver collected events to multiple destinations via Ingestion API or syslog protocols simultaneously. It also has the ability to define multi-destination servers and allow filtering of events per destination based on event collecting source and the events field’s values.

You could want to do this for several reasons like deliver the same events to multiple vRLI clusters for backup or data recovery purposes. Or you may want to send different kind of events to different IT department logging systems, for example audit/system logs to the security team&#rsquo;s server, application logs to DevOps team&#rsquo;s server and system metric logs to the IT team&#rsquo;s management system.

So let&#rsquo;s look at how you can actually use it…..

 

Multiple destination connections could be defined through the [server|] section, whereis unique per configuration connection id ( i.e. per liagent.ini). For backward compatibility there could be an unnamed [server] section which will be treated as masterconnection and the current implementation assumes that it always exists by default. Only themasterconnection will be able to ask configuration from server and only if cfapi is used as connection protocol. All server sections will use all existing configurations options to define connection properties, i.e. hostname, proto, port, ssl, etc. The only exception is that ‘hostname’ option will not have a default value for non-master connections. For [server] section (without the destination_id) the default value for hostname option remains “loginsight”.

 

The following parameters can be defined in server sections: hostname,proto,port,ssl,filter.

Note:

  • Default value for ‘filter’ option is {;.*;}, which means accept all events.
  • The {;;} filter could be used to deny any event transmission to the destination, for example the connection could be used only for configuration and auto-update purposes.

 

  • Example #1 ofmulti-destination use in liagent.ini

– # First (default) destination will receive all collected events.
[server]
hostname=prod1.team.vmware.com

– # Second destination will receive just syslog events through the syslog protocol.
[server|syslog-audit]
hostname=third_party_audit_management.vmware.com
proto=syslog
filter={filelog; syslog; }

– # Third destination will receive vrops events if they have the level field equal to “error” or “warning” and they are collected by agent config sections which name begin with “vrops-“.
[server|team-prod1]
hostname=vrops-errors.team.vmware.com
filter={; vrops-.*; level == “error” || level == “warning”}

– # The filelog section below is collecting syslog messages that are sent to [server] and [server|syslog-audit]

[filelog|syslog]
directory=/var/log
include=messages

– # For various vRops logs. Note that all section names begin with “vrops-” prefix, which is used in third server destination filter above. The logs in these sections are sent to [server] and [server|team-prod1]

[filelog|vrops-ANALYTICS-analytics]
directory=/data/vcops/log
include=analytics*.log*
exclude=analytics*-gc.log*
parser=auto

[filelog|vrops-COLLECTOR-collector]
directory=/data/vcops/log
include=collector.log*
event_marker=^d{4}-d{2}-d{2}[s]d{2}:d{2}:d{2},d{3}
parser=auto

[filelog|vrops-COLLECTOR-collector_wrapper]
directory=/data/vcops/log
include=collector-wrapper.log*
event_marker=^d{4}-d{2}-d{2}[s]d{2}:d{2}:d{2}.d{3}
parser=auto

Here all logs from [filelog|syslog] section go to server third_party_audit_management.vmware.com over the syslog protocol.The vROps logs from the three filelog sections go to server vrops-errors.team.vmware.com if they are of level error or warning. And the server prod1.team.vmware.com is receiving all events.

 

  • Example #2ofmulti-destination use in liagent.ini

[server]

hostname=10.11.12.13

ssl=no

[server|desktop]

hostname=10.21.22.23

filter={winlog; System; }

[winlog|System]

channel=System

[winlog|Application]

channel=Application

[winlog|Security]

channel=Security

 

In this example all events (from all three channels) go to hostname 10.11.12.13 and server 10.21.22.23 only receives events that are received on the System channel. ssl option is not defined for [server|desktop] section therefore the default will be used which is ssl=yes.

Note: The defaults for the options in the [server] sections are still the same as before.

; Protocol can be cfapi (Log Insight REST API), syslog. Default:

;proto=cfapi

 

; Log Insight server port to connect to. Default ports for protocols (all TCP):

; syslog: 514; syslog with ssl: 6514; cfapi: 9000; cfapi with ssl: 9543. Default:

;port=9000

 

; SSL usage. Default: (Starting vRLI 4.0 default ssl value is yes)

;ssl=yes

 

It is important to note that sending logs to multiple agent destination will not send duplicate events. No events duplication will be seen at the destination servers, i.e, if more than 1 filter_tuple matches the same event, then the event will be sent just once. So the following filter definitions are equal:

  • filter ={filelog; sample.*; facility > 7},{filelog; sample.*; level == “error”}
  • filter ={filelog; sample.*; facility >7 || level == “error”}

The events with facility=8 and level=”error” will be sent just once.

 

Some additional details about Filter criteria

The filter format for an agent destination looks like { collector_type; collector_filter; event_filter }

The filter selects only logs collected by sections where collector type (i.e. filelog or winlog) matches to providedcollector_typeand name of collector_filter (identifier which goes after pipe sign e.g. filelog|syslog) matches tocollector_filterregular expression, in addition if there is anevent_filterdefined then it selects only events for which the expression evaluates to True.

collector_filterexpression should not contain ;{} characters. In case of name-spaced collectors thecollector_filtermatches only the name part ignoring the namespace, i.e “ana.*” filter will match the following section names: “com.vmware.vrops.analitics” and “anaconda” . The regular expressioncollector_filtervalue could be an empty string which doesn’t match to any collector name, i.e no events will be sent. The {;;} filter could be used to deny any event transmission to the destination, for example the connection could be used only for configuration and auto-update purposes.

event_filteris an event fields expression working in the same way as collectors ‘whitelist’ option and evaluates based on event fields values. It could be an empty string which treated as True expression.

Default value for ‘filter’ option is {;.*;}, which means accept all events.

For every collected event the connection evaluates the event properties to match the filter. All filter_tuples in the list are concatenated by logical ‘or’ operation. If event passed any filter_tuple then it will be sent to the destination server. Every filter_tuple evaluated by the following steps:
1. Ifcollector_type_listis empty or contains the collector type of the event then proceeds to the next step, otherwisedropthe event.
2. If event collector name (i.e. part of the section name after pipe sign) of the event matches thecollector_filterthen proceed to the next step, otherwisedropthe event.
3. Ifevent_filteris empty or evaluates to True then send the event to the destination, otherwisedropthe event (including the case when expression could not be evaluated because the event doesn’t have field(s) used in the expression).

Invalid values of filter options in server sections

Invalid values are generally skipped/ ignored and defaults are used which will result in all events being collected.Some examples of invalid values for the filter option are:

  • filter ={filelog; samplez.*; facility >7 || level == “error”} – If there is no log files called samplez.* events will not be collected
  • filter ={filelog; sample.*; facility <0 || level == “error”} – There are no events with facility less than zero and no events will be collected.
  • filter ={filelog; sample.*; facility >7 && level == “nolevel”} – There are no events with a level called nolevel (assuming nolevel is an invalid value) AND facility greater than 7 so no events will be collected.
  • filter ={winlog; Security;. } – &#lsquo;.&#rsquo; Is invalid option for event_filter and all events collected by agent will be sent to the server and filter is ignored.
  • filter ={mylog; sample.*; facility >7 || level == “error”} – although the collector filter and event filter are valid ; mylog is not a valid collector_type; so all events collected by agent will be sent to the server and filter is ignored.
  • filter ={winlog; NoName; } – If there is no winlog section called &#lsquo;NoName&#rsquo; then events are not collected and sent to the destination.
  • filter ={winlog; System } – there is no &#lsquo;;&#rsquo; after system this is not a valid format and all log events collected by agent will be sent to the server.

And last but not the least all errors will be reported in agent log file.Consult the log file if an unexpected behavior is encountered and fix all errors by reported agent.

Note:

  • All filter options case sensitive.
  • debug_level = 2 gives verbose information about errors as in earlier versions of the agent.
  • These options cannot be used to send importer events to multiple destinations via the Importer tool.
  • GUI does not support applying ofmulti-destination in server options to an agent yet in vRealize Log Inisight v4.5

The post vRealize Log Insight agent multi-destination support appeared first on VMware Cloud Management.

Read more..

INFINIDAT’s InfiniBox content pack for vRealize Log Insight

Enhance your insights – INFINIDAT InfiniBox monitoring using vRealize Log Insight

INFINIDAT’s InfiniBox content pack for vRealize Log Insight provides customers with the capability to easily monitor and analyze InfiniBox systems, by converting syslog messages into helpful insights.

InfiniBox is a flash optimized storage platform that provides faster than all-flash performance for real-world workloads and a truly unified SAN and NAS solution, supporting multiple protocols in a single system.

The modern data center requirements are rapidly evolving and leading to innovations that are driven by changing trends in cloud infrastructure, virtualization, storage demands, security, IPv6, and the dynamically changing enterprise needs. These trends require equally advanced solutions for managing critical IT services in physical, virtual, and cloud environments.

InfiniBox is designed to address the above challenges by delivering a solution that is incredibly efficient and easy to deploy and manage, which provides automated provisioning, management, and application integration.

Some of InfiniBox key advantages:

  • Truly unified storage - Multi-protocol support is engrained in InfiniBox architecture. Both SAN (block) and NAS (file) capabilities are native and designed to run side by side on the same platform along with advanced storage capabilities including native replication, inline data reduction and enhanced performance analytics.
  • Faster than flash performance – InfiniBox is a flash optimized, enterprise proven storage platform that can deliver faster than all-flash performance delivering over 1M IOPS with sub-millisecond latency. InfiniBox always balanced active grid delivers consistent performance, regardless to the capacity utilization or the amount of volumes and snapshots.
  • Unmatched reliability - A key attribute of the InfiniBox architecture is its unique 99.99999% uptime. This is made possible thanks to N+2 redundancy, self-healing active-grid, end-to-end data checksums (protecting against silent data corruptions) and fastest media rebuild in the industry.
  • Scalability - Up to 5.5PB of effective capacity in a single 42U rack. The system&#rsquo;s capacity can be distributed across virtually unlimited number of volumes, filesystems and snapshots.

InfiniBox and vRealize Log Insight integration

By leveraging InfiniBox advanced log mechanism, vRealize Log Insight delivers a simple and easy to understand visual representation of InfiniBox events, and provides customers an additional layer of visibility and real-time analytics across multiple systems.

InfiniBox content pack aggregates valuable information and intelligently organizes the data in 10 convenient dashboards. Each dashboard tailored for different purpose and contains several intuitive widgets.

 

Health Monitoring
Simple and comprehensive monitoring over InfiniBox capacity, connectivity, replication, nodes and media health for proactive problems detection and faster troubleshooting.

System Activities
Powerful visualization for a variety of configuration changes across multiple systems.

Security Auditing
Single pane of visibility for all authentication attempts and changes related to InfiniBox users management, which enables easy auditing and helps to detect suspicious behavior.

 

 

How to get the InfiniBox Content Pack?

INFINIDAT InfiniBox content pack is currently available and can be directly installed through the in-product Content Pack Marketplace in vRealize Log Insight 4.0 and later, orto bedownloaded from VMware Solution Exchange:

https://solutionexchange.vmware.com/store/products/infinidat-infinibox-content-pack

 

 

The post INFINIDAT’s InfiniBox content pack for vRealize Log Insight appeared first on VMware Cloud Management.

Read more..

What’s new in vRealize Log Insight 4.3: An in-depth review

We&#rsquo;re pleased to announce the new release ofvRealize Log Insight 4.3. You can download the new releasehere.

 

Read on to learn more about vRealize Log Insight 4.3 !

Let&#rsquo;s begin with some overall changes in the Log Insight product …

  • LI primarily fixed a lot of bugs in this release and is fairly light in terms of new features compared to previous versions of vRealize Log Insight.
  • Support for vIDM single sign on.
  • Silent auto update of agents …

Moving on to some …

General Enhancements

In vRealize Log Insight v 4.3 you will notice a few UI enhancements like –

  • New alert history for individual alerts
  • In vRealize Log Insight 4.0 we told you about the user alerts feature we introduced. The Ability for a user with admin permissions to Edit and Delete user alerts from administration UI. We have taken a step further and added alert history on an alert, where you click an icon and it will show you a history of when the alert fired last.

 

You can click the > icon to see a bit more of the details or click the icon to run the alert query in Interactive Analytics to view all the details.

  • New percent labels on pie charts
    • The percent label was asked for by the user community a lot and helps to slice the pie chart in percentages per slice.
  • New trendline overlay on line charts
    • Trendlinein a chart is a best-fit straightlinethat is useful for simple linear data sets. Trendlinesusually show the if the value being monitored is increasing or decreasing at a steady rate.
  • Enhanced dashboard list selection
    • Another feature asked for a lot by the user community, as to how can I tell the dashboards that are available to me without having to click them one by one and one at a time ? – The dashboard accordion solves that issue and users can see all content packs that the user has access to and expand the one they are interested in still have all the others in the list…

 

In addition to UI features we also released some Log Insight Server side features

    • Now supports VMware Identity Manager Single Sign-On (vIDM SSO); this feature was in Tech Preview or trial phase in the past release.
  • VMware Identity Manager (vIDM) Integration
    • Authentication via vIDM can be configured allowing for Single Sign-On.
    • Enable vIDM integration from Administration Authentication page UI and save.

To be able to login via vIDM user you should import group or user from Administration -> Access Control page.

Limitations:

  • Requires vIDM 2.6 or newer.

 

    • Host table entries now expire after they are idle for three months (after the last ingested event)
      • User community has also requested that we clean up the host list for hosts that have not sent events in the last 3 months or more and we listened …. The host table will not show a host in the list as long as it has been 3 months or more since the last ingested event from the host.
    • New upgrade APIs
      • We have released new APIs for upgrading vRealize Log Insight; details available along with the API documentation here.

And last but not the least we would like to call out some vRealize Log Insight Agent Features that made it into the 4.3 release

  • New FIPS-140-2 compliance
  • New silent auto-update of deployed agents
    • Again this is a feature that has been in the tech preview phase in the last release but now available for the user community.
    • Some Use Cases we try to address with Agent auto-update are:
      • As a user, I do not want to manually upgrade agent on each node.
      • As a user, I want the upgrade to be as silent as possible (e.g. no user interaction should be needed).
      • As a user, I want the auto-update to have same effects as manual one.
    • Note: if you want to opt out of this and do NOT want to enable auto-update of agents uou need to add &#rsquo;[update ]auto_update=No&#rdquo; to your agent configuration (in liagent.ini on every machine or instance where the agent is installed). In addition you still need to opt-out on the server-side for agents to NOT auto-update.
  • Enhanced timestamp parser that supports single-digit representation of days and months
  • Now supports Windows Server 2016

vRLI v4.3 compatibility with vSphere v6.5

  • vSphere 6.5 supports old interface that LI uses which means Log Insight version 3.0 and newer is compatible with vSphere 6.5
  • The vSphere content pack has now been updated for vSphere 6.5 specific logs!
  • Existing vSphere content pack widgets will continue to work with vSphere 6.5

vSphere Content pack updates include

  • All new vSphere 6.5 dashboards created
  • New dashboards for vSphere - Monitoring and Replication
  • Query performance enhancements
  • Updated and enhanced widget notes
  • Bug fixes

 

Some Useful links:

  • Product documentation:https://vmware.com/support/pubs/log-insight-pubs.html
  • Log Insight community:http://loginsight.vmware.com/

Got questions? Leave a comment below.

 

The post What&#rsquo;s new in vRealize Log Insight 4.3: An in-depth review appeared first on VMware Cloud Management.

Read more..

Go Que Newsroom Categories

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 53 bytes) in /home/content/36/8658336/html/goquecom/wp-includes/wp-db.php on line 1995