I have been asked a few time how to mass deploy the Log Insight Windows agent and thought I would share this documentation link, which provides all the relevant information.
Automation
Log Insight Agent: Automated Agent Configuration
I was recently asked if it was possible to automate the configuration of Log Insight agents. More specifically, the request was to modify an agent configuration as new applications were brought up on a system. In this post, I will cover a couple of ways to automate agent configuration.
Log Insight: li_rexec
One of the great things about Log Insight is that you do not need a CLI to use it. If you do decide to use the CLI you may find yourself wishing to execute commands on every node in a Log Insight cluster. While this can be done with a simple for loop, I wrote a quick wrapper script to make it even easier.
Log Insight 2.5: Agent and Ingestion API Enhancements
For Log Insight 2.5, several enhancements have been made on both the agent and ingestion API sides. I would like to cover these enhancements in detail.
Log Insight 2.x: Automated Upgrade
If you are running multiple Log Insight instances or manage a Log Insight cluster you may be looking for a way to automate upgrades. Read on to learn a couple ways to achieve this today.
Log Insight: Using the Ingestion API
As I am sure you know, Log Insight 2.0 features an ingestion API, which makes it possible to ingest information without use of the syslog protocol. The API uses a JSON string to send events to Log Insight and also supports the ability to pass fields during ingestion time. An example of a JSON message would be:
|
1 |
{"messages":[{"text":"Hello Log Insight"}]} |
Depending on your operating system, you have a variety tools to send API events like the above. For example:
Depending on the method you choose and the format in which you pass the information you will get one of the following return codes:
- 200 OK
- 400 Bad Request
- 500 Internal Server Error
- 503 Service Unavailable
Unless you receive 200 OK something is wrong that needs to be corrected. If you get 503 Service Unavailable then the issue is either server-side or network related. The 400 and 500 error codes point to a client-side error. The question becomes, how do you fix client-side errors?
UPDATED – Automating the Deployment of Log Insight
Just a heads-up that I have updated the Automating the Deployment of Log Insight post to handle the new features (allow extra config and root password) in Log Insight 2.0.
