Skip main navigation (Press Enter).

VMware Aria

View Only

Back to discussions

Expand all | Collapse all

Log Insight 8.x - packet capture

Greg SmidSep 28, 2021 06:11 AM

Hi all, I found a handy little KB for Log Insight 4.x to help verify that syslogs are making it from ...

SixthLevelJan 26, 2023 03:52 PM

Wow, 2 years and no answers. For those who find this via googling... vRLI is PhotonOS. You can install ...

1. Log Insight 8.x - packet capture

Recommend
Greg Smid
Posted Sep 28, 2021 06:11 AM

Reply Reply Privately
Hi all,
I found a handy little KB for Log Insight 4.x to help verify that syslogs are making it from the clients to the LI server appliance:
https://kb.vmware.com/s/article/59473
Unfortunately, this doesn't work for Log Insight 8.4. I can SSH in to the LI appliance, but tcpdump does not appear to be installed... presumably because it's now PhotonOS instead of SLES.
Does anyone know if there is an alternate packet capture utility for a Log Insight 8.4 appliance? I have a client that's configured to send logs to the LI appliance, and I can see they're leaving the client on UDP 514, but they never show up in the LI Interactive Analytics page.
I have verified that the client and the LI appliance can ping each other, and other clients on the same subnet are able to successfully send their syslogs to this LI appliance. Just seems to be some weird issue with this particular client.
Thanks!
2. RE: Log Insight 8.x - packet capture

Recommend
SixthLevel
Posted Jan 26, 2023 03:52 PM

Reply Reply Privately
Wow, 2 years and no answers.

For those who find this via googling... vRLI is PhotonOS. You can install tcpdump with:

tdnf install tcpdump

You will be blocked by photon_vasecurity package. If you cannot figure your way around this, then perhaps you should not be messing around in PhotonOS. (;
(Careful with that package manager, Eugene!)

Copyright 2024. All rights reserved.

Powered by Higher Logic

Global message icon