I have from time to time some issues with getting vRops authentication working correctly or applying the correct rights to the user such as they are able to do the assigned tasks. To help troubleshoot these kinds of issues. I always jump to Log Insight to get a full understanding of the issue. Well you could jump into vRops nodes and do it via linux. I just find this a lot easier, if you ask me. As Log Insight isn’t tuned to understand vRops authentication. I have had to do a little digging my self. As it turns out, and it always turn out this way, it was quite easy to get Log Insight to handle vRops authentication logfiles.
I created a content pack, just so you don’t have to do this you self. The only thing the content pack includes is the extracted fields, I created. As you can see there are five fields, which are all highlighted in blue.
|AuthSource||MichaelRyom.dk_vRops_AuthSource||This could be the fqdn for the authentication source fx an Active Directory|
|Session||MichaelRyom.dk_vRops_Session||This is the session ID|
|UserAction||MichaelRyom.dk_vRops_UserAction||The action performed by the user|
|UserAction||MichaelRyom.dk_vRops_UserAction_Result||What is the user action result. Fx access granted|
|UserID||MichaelRyom.dk_vRops_UserID||The ID of the user|
|UserName||MichaelRyom.dk_vRops_UserName||The name of the user authenticating|
The matrix here describes each of the fields and explains there use case. Now it’s just a matter of checking if the field exists or searching for the data needed.
As always content is available on github. The way to import the content pack, is to go to content pack in Log Insight and then click import content pack. Hope you find it useful. Now take care.