Skip to content

Month: October 2013

Log Insight: Does Not Contain Regular Expression

I have received some requests for more advanced posts regarding Log Insight so here is one for those requesting! I recently was asked how to query in Log Insight for when some subset of characters did not exist within a keyword. The specific question was in regards to Active Directory events. Let me walk you through an example and how to solve the problem.

Syslog Agents on Windows

In order to send events from a Windows device to a remote syslog server like Log Insight, you need a syslog agent. Windows does not natively support syslog. The good news is that several syslog agents for Windows exist. I would like to cover my considerations and recommendations for a syslog agent on Windows.
UPDATE: As of Log Insight 2.0, Log Insight offers a free Windows agent that supports the syslog protocol and Log Insight’s ingestion API. For more information see these┬áposts.

Syslog Agents on Linux

In order to send events from a Linux device to a remote syslog server like Log Insight, you need a syslog agent. Most Linux operating systems ship with a syslog agent and if one is not available, one can be easily installed. The two most common syslog agents used on Linux systems today are rsyslog and syslog-ng. I would like to cover how to configure these syslog agents to send events to a remote syslog server.

Announcing Log Insight 1.5 Beta (TP3)

Today, VMware released the 1.5 public beta of the Log Insight product, which can be downloaded when you sign up for an account here. All of the enhancements available as part of Log Insight 1.5 TP2 are also available as part of the public beta. To learn more about the enhancements in Log Insight 1.5 TP2, see this post: Announcing Log Insight 1.5 TP2. I would like to highlight some of the changes since 1.5 TP2.