I have been asked a few time how to mass deploy the Log Insight Windows agent and thought I would share this documentation link, which provides all the relevant information.
Automation
Log Insight Agent: Automated Agent Configuration
I was recently asked if it was possible to automate the configuration of Log Insight agents. More specifically, the request was to modify an agent configuration as new applications were brought up on a system. In this post, I will cover a couple of ways to automate agent configuration.
Log Insight: li_rexec
One of the great things about Log Insight is that you do not need a CLI to use it. If you do decide to use the CLI you may find yourself wishing to execute commands on every node in a Log Insight cluster. While this can be done with a simple for loop, I wrote a quick wrapper script to make it even easier.
Log Insight 2.5: Agent and Ingestion API Enhancements
For Log Insight 2.5, several enhancements have been made on both the agent and ingestion API sides. I would like to cover these enhancements in detail.
Log Insight 2.x: Automated Upgrade
If you are running multiple Log Insight instances or manage a Log Insight cluster you may be looking for a way to automate upgrades. Read on to learn a couple ways to achieve this today.
Log Insight: Using the Ingestion API
As I am sure you know, Log Insight 2.0 features an ingestion API, which makes it possible to ingest information without use of the syslog protocol. The API uses a JSON string to send events to Log Insight and also supports the ability to pass fields during ingestion time. An example of a JSON message would be:
1 |
{"messages":[{"text":"Hello Log Insight"}]} |
Depending on your operating system, you have a variety tools to send API events like the above. For example:
Depending on the method you choose and the format in which you pass the information you will get one of the following return codes:
- 200 OK
- 400 Bad Request
- 500 Internal Server Error
- 503 Service Unavailable
Unless you receive 200 OK something is wrong that needs to be corrected. If you get 503 Service Unavailable then the issue is either server-side or network related. The 400 and 500 error codes point to a client-side error. The question becomes, how do you fix client-side errors?
UPDATED – Automating the Deployment of Log Insight
Just a heads-up that I have updated the Automating the Deployment of Log Insight post to handle the new features (allow extra config and root password) in Log Insight 2.0.
Automating the Configuration of Log Insight
Now that you know how to automate the deployment of Log Insight, you are probably wondering how to automate the configuration of Log Insight. Automating the configuration of Log Insight is a little harder because Log Insight does not have a configuration API today and because by default SSH is disabled until the root password is set. In addition, the root password cannot be set through OVF properties today.
So how do you automate the configuration of Log Insight?
Automating the Deployment of Log Insight
Log Insight ships as a virtual appliance. Given its single packaging model, automated deployment is easy thanks to the freely available OVF Tool. OVF Tool is a command line utility available for Windows, Linux and Mac that allows you to deploy OVA/OVF files. For the list of options available with OVF Tool run ovftool –help or see check the documentation. I would like to walk you through how to automate the deployment of Log Insight via ovftool.
Generating Syslog Configurations with syslogify
As of late, I have needed to generate syslog configurations to monitors log files multiple times. A great example would be generating the syslog configurations for vCAC log files. To save time, I created a quick script to do the work for me. I thought others may find this valuable and wanted to share.