Skip to content

Tag: syslog

Log Insight: Syslog Event Forwarder Prefix

The event forwarder feature of Log Insight is powerful for a variety of reasons (several covered in this post). When it comes to event forwarding over the syslog protocol (i.e. to a third-party destination), some people have commented on the prefix Log Insight adds to forwarder events. It turns out this is true for event forwarding as well as for the Log Insight agent. In this post, I would like to discuss the prefix and why it exists. Read on to learn more!

Log Insight: Ingestion API versus Syslog Protocol Part 2/2

In my last post, I talked about the differences between how events are displayed over the syslog protocol, which has a strict format structure, and the ingestion API, which sends events as-is. In this post, I would like to talk about the differences between using the syslog protocol versus the ingestion API when it comes to the Log Insight agent and the Log Insight forwarder.

Log Insight: Ingestion API versus Syslog Protocol Part 1/2

As you know, Log Insight introduced an ingestion API with the 2.0 release. This ingestion API can be used by anyone, but is leveraged by default by the Log Insight agent available for Windows as of 2.0 and Linux as of 2.5. The ingestion API is powerful because it provides functionality beyond what the syslog RFC defines, but it is important to note that events received over each protocol may look different. Read on to learn more.

ESXi Remote Syslog – It's All or Nothing

I frequently get questions around how to forward only certain log files from ESXi or how to collect a log file that is missing. I get the question so frequently that it warrants a quick post. The title of this post says it all – it’s all or nothing. If you configure remote syslog on ESXi then you will get all configured logs files from ESXi. There is no supported way today to customize what logs files are stored locally versus sent remotely. The only customization that you can make is what severity logs messages are forwarded to the remote syslog destinations by changing log verbosity, however this is not recommended (read here for more information).