Log Insight Agent: Windows Configurations for Common Applications

In my previous post, I discussed how to build Log Insight Windows agent configuration sections for monitoring log files, in this post I would like to provide some additional sample configurations for common Microsoft and VMware applications. I will be updating this post over time so be sure to check back from time to time!

li-heart-microsoft

NOTES:

– If you are running an agent version 2.5 or newer you do not need to restart the agent for changes to take effect. For version older than 2.5 you do need to restart the agent for changes to take effect.

– You can add configuration client-side via the liagent.ini file, server-side from /admin/agents or a combination of both.

– The configurations listed below are meant to be samples and may need to be adjusted for your specified environment.

Microsoft

Windows

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

To track logon events, you must enable both the “Success” and “Failure” Security Settings of the “Audit account logon events” policy in Group Policy.  To track UAC-related events, you must enable both the “Success” and “Failure” Security Settings of the “Audit privilege use” and “Audit process tracking” policies in Group Policy.

For the latest information, see Solution Exchange.

Active Directory

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

To track logon events, you must enable both the “Success” and “Failure” Security Settings of the “Audit account management” and “Audit account logon events” policies in Group Policy.

For the latest information, see Solution Exchange.

DHCP

Exchange

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

To track even more information from Exchange, see Solution Exchange.

IIS

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

SQL

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

VMware

Dump Collector

Horizon View

For the latest information, see Solution Exchange.

SRM

UM (Update Manager)

vCAC

Covered in this postthis post and this post.

vCS

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

Other

Apache

IMPORTANT: If you are running Log Insight 3.0 or newer, install the content pack from the in-product marketplace and enable the included agent group(s) to get the latest configuration.

 

© 2014 – 2016, Steve Flanders. All rights reserved.

4 thoughts on “Log Insight Agent: Windows Configurations for Common Applications

  1. Hi Steve, thanks for expertise shared here. I’m using them, and things start appearing! I was wondering why before, spending hours figuring out what on earth I did wrong 🙂 Just adding a little note for your blog audience, no restart required!

    BTW, instead of copying the config for each app, can we just copy all of them and have a big config file? In future, if we can just put the config file on the log insight server as mount point, so we just update at 1 place. Easier this way 🙂

    • Hey Iwan – Thanks for the comment! Yes, if you are running the 2.5 version of the agent then no restart is required. I covered this in a different post, but will add a note here. As for configuration consolidation, you can do that today! Go to /admin/agents and add your configuration 🙂

    • Hey Sam — Thanks for the comment! Starting with LI 3.0, the vSphere content pack comes with LI agent groups to configure vCenter Server. I would encourage you to use those. I hope this helps!

Leave a Reply