For those of you who have followed my blog you will know that I deal with Log Insight quite a bit in our production environments. Because of this I was excited that in the latest release of Log Insight 3.3 there are several new Configuration API’s released under Tech Preview status. That said, the documentation around these APIs is very difficult to nail down. The exciting part is that I’ve just uploaded a new and unofficial standalone audit and remediation tool to my github repo! As always this code is my personal code and not supported or officially recognized by VMware.
Here’s how it works:
The tool reads the desired state of your Log Insight Server from a JSON file that you define. It can use that file to then connect to the Log Insight Server and audit it to see if it matches your desired state. If you wish you can throw in the -r switch and the script will make the Log Insight Server match your desired state.
Let’s see it in action:
First up, let’s pull up the embedded documentation by running the script with the -d switch to see what the JSON file needs to look like. I’ve taken pains to try and include complex examples so that you won’t be left in the dark on anything.
After creating a new JSON file with our desired state it’s time to run the tool in audit only mode by just specifying the -f flag and the name of our JSON file. The results that come back are that we have several areas that need remediation (email, event forwarders) and 1 (content packs) that cannot be remediated yet (hopefully in a later version).