Log InsightvRops

Troubleshooting vRops Authentication problems

I have from time to time some issues with getting vRops authentication working correctly or applying the correct rights to the user such as they are able to do the assigned tasks. To help troubleshoot these kinds of issues. I always jump to Log Insight to get a full understanding of the issue. Well you could jump into vRops nodes and do it via linux. I just find this a lot easier, if you ask me. As Log Insight isn’t tuned to understand vRops authentication. I have had to do a little digging my self. As it turns out, and it always turn out this way, it was quite easy to get Log Insight to handle vRops authentication logfiles.


I created a content pack, just so you don’t have to do this you self. The only thing the content pack includes is the extracted fields, I created. As you can see there are five fields, which are all highlighted in blue.

Field Extracted Field Desctiption
AuthSource MichaelRyom.dk_vRops_AuthSource This could be the fqdn for the authentication source fx an Active Directory
Session MichaelRyom.dk_vRops_Session This is the session ID
UserAction MichaelRyom.dk_vRops_UserAction The action performed by the user
UserAction MichaelRyom.dk_vRops_UserAction_Result What is the user action result. Fx access granted
UserID MichaelRyom.dk_vRops_UserID The ID of the user
UserName MichaelRyom.dk_vRops_UserName The name of the user authenticating


The matrix here describes each of the fields and explains there use case. Now it’s just a matter of checking if the field exists or searching for the data needed.

As always content is available on github. The way to import the content pack, is to go to content pack in Log Insight and then click import content pack. Hope you find it useful. Now take care.


Leave a Reply

Your email address will not be published. Required fields are marked *