Tag: vRLI

vRealize Log Insight Domain Login Problem

0

Today a blog post about vRealize Log Insight domain login problems. After some time I wanted to check my vRealize Log Insight instance but somehow the domain authentication was not working anymore. So it was time for a new blog post about this issue.

Environment

The vRealize Log Insight instance is deployed in my 24×7 Lab environment that is running vExpert licenses. I am analyzing my logging and checking my login attempts in vRealize Log Insight.

So I am running the following version but I have seen this issue reoccurring in the last years:

  • VMware vRealize Log Insight 8.X (vRLI) (my screenshots are from version 8.8.2).
  • Windows Server 2022 Domain Controllers (as domain connected to vRealize Log Insight)

Problem

So let’s start with the actual problem. At first, the domain login is working for months… nothing strange and everything is fine but then one day it doesn’t work anymore. A vRealize Log Insight cluster restart doesn’t help nor do other basic troubleshooting steps. The local account like the admin account is still working, SSH access is also still working. So it is related to the domain accounts that are provided by my Active Directory.

Here is my configuration and screenshots of the domain login problem issue:

Fix

Now it is time to fix the issue. As always not difficult unless you know what is going wrong.

So let’s start with the actual problem, the problem is that every year the certificates of the domain controllers are replaced by my Certificate Authority and extended by a year. At that moment vRealize Log Insight doesn’t trust the domain controllers anymore as a login source.

So how do we fix it? By adding and trusting the new certificate on the vRealize Log Insight appliance. Luckily this can be done with the GUI so it is straightforward.

Procedure

  1. Log in as the local “admin” account on the vRealize Log Insight appliance web interface (TCP 443).
  2. Go to the following location “Configuration > Authentication > Active Directory”.
  3. Click on the following button “Test Connection“.
  4. Accept all the offered certificates.
  5. This must result in the green text “Succeeded“.

Now try to log in again with a domain account, this should be working again (for another year in my case).

Wrapup

So that was my blog post about the vRealize Log Insight domain login problems. I hope it was useful for somebody because I always run into this issue. It happens in my Lab but also with customers that are using the Active Directory integration.

This wraps up the blog article hopefully it is useful for somebody, please respond below if you have any comments or additional information! See you next time! 🙂

VMware vRealize Log Insight content pack for Cisco ASA

0

In this blog, we are going to set up the VMware vRealize Log Insight content pack for a Cisco ASA device for capturing syslog information. With setting up this pack we are able to provide a central location for storing the logging information and a way to maintain the data for longer periods of time.

Almost a year ago I moved from pfSense to a physical Cisco ASA firewall and it was time to improve the visibility into the firewall rules that were blocking and allowing traffic in my network. This was a nice opportunity to configure VMware vRealize Log Insight with an additional content pack.

Environment

When I was writing this blog post I was using the following software releases:

In essence, the procedure is the same for older and newer versions of Log Insight and a Cisco ASA.

Log Insight Content Pack

Let’s start by installing the content pack on vRealize Log Insight. Make sure you install the Cisco ASA content pack for vRealize Log Insight. This can be found in the VMware marketplace that is available in the central VMware vRealize Log Insight interface.

Here is a screenshot with the location of were you can find the content pack:

Cisco ASA Configuration

Login into your Cisco ASA firewall with a console or SSH session and configure the syslog settings as displayed below. Keep in mind this is an example configuration, change the config based on your needs!

Here is an basic configuration example:

config t
  logging enable
  logging timestamp
  logging trap debugging
  logging host %interface% %ip-address_syslog_facility%
exit

To verify the status of the configuration run the following commands


### Show configuration and logging forwarding status
show logging

### View configuration
show run | grep logging

Here is an example output of my Cisco ASA:

Viewing information

After everything has been set up the dashboards will be populated with information received from the Cisco ASA.

Here are some screenshots from my environment:

Here are some useful examples of with kind of information you can expect from the Cisco ASA Content Pack for vRealize Log Insight. I personally think it is one of the best free content packs because the dashboards are really good at providing a lot of information with good solid diagrams.