how to integrate Cisco ISR Router(cisco ISR4351/K9) with Solarwinds LEM ( Log & Event Manager)?
↧
Cisco ISR Router(cisco ISR4351/K9) with Solarwinds LEM
↧
File monitoring on Linux
Hey guys,
What connector would you guys use to monitor changes made to a file on a Linux host? Specifically a log file.
I would like to be able to generate events noting the changes made to said file. Is there a connector that can handle this?
Thanks,
Diogenes
↧
↧
Alert on login attempts of disabled accounts
I am pretty new to LEM (6.3.1) and am having some problems setting up a new rule. I am trying to create a rule that will email me an alert when there is a login attempt of a disabled domain account. I have email and the Directory Services Connector working for other rules so I'm okay there. I have a Directory Services Group defined for the Domain group I created called "Disabled Accounts". My problem is I am not sure how to craft the Correlations to get LEM to alert on login attempts for that group.
I would rather learn this and not just be handed a solution so if anyone could point me in the right direction that would be great. I found nothing useful in the User Guide nor the KB's on Solarwinds site but if there is something in either place that I missed that answers my question a link/page number would be perfect.
thank you
Arch
↧
Still no support for MSSQL Auditor running on MSSQL Server 2017 ?
As there seems to be little update on progress for MSSQL Auditor support for SQL 2017, I want to ask if we can expect any approximate timeline of when this will happen ?
Even on ticket support, I am left in dark over this, with no timeframe available.
It's frustrating to not have support for a widely adopted SQL server version, which is around for ~2.5 years (since Oct 2, 2016)
Has anyone managed to make this work (maybe with a workaround) ?
If not, what is the alternative way you use to check MSSQL 2017 logs ?
jhynds can you expand on your hint from this thread >
↧
Ops Center 2.0 - What charts would you like to see?
As per the Security Event Manager WWWO post, we are busy working on log visualization within the new HTML5 interface, which is intended to replace the Ops Center in Flash. The Ops Center currently includes no less than 60 out of the box charts and graphs. I'd really like to know:
- Which out of the box charts you find most valuable today?
- Have you built any custom charts and if so, what data are you visualizing?
- Are there any new out of the box charts that you'd like to see in our new interface?
Please provide your comments and feedback below!
Thanks!
↧
↧
Destination Account does not equal Source Account
Is there a way to do this? I would like to create a rule where changes made to an account were not made by the user of that account. I think this, along with other criteria, will get me what I want, but I don't know if it is possible to compare two fields to see if they are equal or not.
↧
LEM Backup fails - SMBv1
We recently tried configuring the backup functionality in a newly installed instance of LEM but couldn't get it to connect to the target network share, If you're have a similar problem, perhaps after disabling SMBv1 in the wake of Wannacry this is for you.
The following messages were displayed when we tried to run the backup:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Share credentials validated.
Backup configured to run daily.
Would you like to run the backup now? <y/N> y
Running backup, please wait...
20170718: Checking for other running processes
2017/07/18 14:52:34: Checking archive schedule with daily...
2017/07/18 14:52:34: Not checking schedule, assuming on-demand archive.
2017/07/18 14:52:34: unmounting old shares, in case any stale shares exist.
umount: /tmp/smb: not mounted
2017/07/18 14:52:34: mounting share //share/share with user USER on domain DOMAIN to mount point /tmp/smb
Trying ntlmsspi
Mount failed for //share/share as user USER ntlmsspi
Trying ntlmssp
Mount failed for //share/share as user USER ntlmssp
Trying ntlmv2
Mount failed for //share/share as user USER ntlmv2
Trying ntlm2
Mount failed for //share/share as user USER ntlm2
Trying ntlm
Mount failed for //share/share as user USER ntlm
Trying insecure communication
Mount failed for //share/share as user USER insecure communication
2017/07/18 14:52:35: Beginning dump of alertdb to /tmp/smb/SolarWindsLEMAlertDBArchive
2017/07/18 14:52:35: First I will do a touch test of SolarWindsLEMAlertDBArchive.test to see if I can create a file
2017/07/18 14:52:35: Starting archive to SolarWindsLEMAlertDBArchive
2017/07/18 14:52:46: done with archive. Result (if any): Success
2017/07/18 14:52:46: Cleaning Up.
umount: /tmp/smb: not mounted
2017/07/18 14:52:46: done!
We raised a case with Solarwinds support and the cause of the failure is that LEM can only use SMBv1 for backup, it doesn't support SMBv2 or 3. As we've disabled SMBv1 due to it's known security vulnerabilities we can't backup our LEM. SW support advise that a fix will be included in the next major release (possibly 6.4) but cannot give even an estimate as to timescales for a release date so we are unable to backup our LEM for the time being unless we choose to compromise security on our file storage system and the word on that is "no".
Given that SMBv1 has been known to be vulnerable for several years you might have thought LEM would by now support something more secure. Apparently not.
↧
Print Queue Management
I have several problematic Windows 2012R2 managed print queues that I would like out LEM to monitor to let me know when the queues have back up or stopped responding, is there anything in the LEM that can do this.
↧
unable to resolve username
Hi all,
I have an LEM server taking in logs from our domain controller and most of the built-in alerts are working correctly. The problem is when we make a change group memberships the alerts we receive are not resolving the username of the person changing the memberships. I have a recent example alert below (### indicates personal info). Any ideas?
Domain ### group properties updated by unable to resolve username..
Summary: cn=###,ou=distribution groups,ou=groups,dc=###,dc=###
Date: 2019-01-16 14:29:02.0
↧
↧
Help Troubleshooting Crystal Reports
Hello,
I have been experiencing issues generating reports from the separately downloadable Crystal Reports module. I need to pull reports from the beginning of 2019, and I cannot get this piece to function.
I just managed to get the reports module from the Logon failure issue, to actually generate a report, but everything is reporting with a count of 0, so its still not receiving log data from the source. Screenshots are attached of this as well@@.
I don't know where to continue my search, so please let me know if you have experienced anything like this.
Thank you,
Nickolas
↧
LEM Web Console
HI I'm unable to login with web browser ... it says invalid login .... i've tried admin and password... its not working anyyy help ... bit of urgent ???
↧
LEM: How to access printer log events (syslog)?
I want to monitor a few key printers via syslog. All are HP devices, and I've logged into them and set the syslog properties to point at my LEM with the appropriate IP address and priority.
I went to go add a syslog node - entered the IP address of the printer and selected "HP" as the manufacturer. LEM reports back that it "has not found any new nodes or connectors in the syslog files that are being monitored". I tried all 4 of my syslog configured printers with the same result.
So I did a lot of searching here at Thwack, I read a bunch of discussions and I watched two videos on configuring and troubleshooting syslog monitoring. After this I logged into the command line console (cmc) and ran the "checklogs" command in the the APPLIANCE section.
All of my syslog logs (local0 thru local7) are empty. But the Printer log has data. If I view the Printer log data I can see the events coming in from my configured printers (see screenshots).
But I cannot get a proper syslog connector set up. I can't view the events in the Monitor or nView areas of the web console - even if I search for the IP addresses. How do I get to this data?
What the heck am I missing here? It's driving me nuts!
(LEM version 6.1, by the way...)
Thanks!
↧
LEM does not show Client Source IP when reading Kerio Control Logs
Hi guys
i have an issue regarding Kerio Logs when reading those. when i ssh to appliance and read logs i see Kerio is sending logs correctly (at least at it own way) but when i confiure Connector for Kerio Control and want to watch for events there is a big problem. All the Detection IPs are Kerio IP itelf and field related to Machin IP or Client IP is empty. however in SSH i can see which computer or IP addres tried that specific URL. may you help me please ?
thanks in advance
Mohammad
↧
↧
Alert on login attempts of disabled accounts
I am pretty new to LEM (6.3.1) and am having some problems setting up a new rule. I am trying to create a rule that will email me an alert when there is a login attempt of a disabled domain account. I have email and the Directory Services Connector working for other rules so I'm okay there. I have a Directory Services Group defined for the Domain group I created called "Disabled Accounts". My problem is I am not sure how to craft the Correlations to get LEM to alert on login attempts for that group.
I would rather learn this and not just be handed a solution so if anyone could point me in the right direction that would be great. I found nothing useful in the User Guide nor the KB's on Solarwinds site but if there is something in either place that I missed that answers my question a link/page number would be perfect.
thank you
Arch
↧
LEM Response is very slow
I have LEM 6.3.1. The size of the disk reaches 300+ GB. Now I have a weird response. It takes about 30 minutes to log through the web application. I have to restart the LEM Manager so as to log the web faster (2 min). It doesn't stop at this limit.
When I log in through the web application and begin to configure or work on ndepth. It is very slow and after 1hr or more, the session stops and It doesn't respond to any change. When this happened I tried to access it through the desktop application but It couldn't log in.
If I try to close the Internet Explorer and log in again, I fail to log in till I restart the LEM Manager.
I am in a closed loop now and I don't know what is happening
Any advice
↧
SEM Agent Memory issues
We recently upgraded our SEM appliance from LEM 6.6.0 to SEM 6.7.0. After the upgrade, the appliance went through all of the client nodes (we only use this on windows servers) and upgraded their agents to 6.7.0 as well.
After this, we noticed that some of our servers were running with very high memory & the process was Javaw.exe. Removing the SEM agent (using the uninstaller) also stopped the javaw.exe process and brought the memory right back down. It seems that there might be memory issues/leak with this client? I have now uninstalled the 6.7 agent from all of our nodes (windows 2008R2 and 2012R2) and will be testing reinstalling the previous client (6.6)
Has anyone else has a similar issue & is able to give any advice?
Thanks!
↧
Cisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational.
solarwinds appears to recommend "debugging"?
Integrate Cisco network devices with SolarWinds LEM - SolarWinds Worldwide, LLC. Help and Support
↧
↧
Multiple Failed Login attempts by different users but same IP
Does anyone know how to setup a filter and/or rule that will notice multiple failed login attempts by multiple users (before account lockout) originating from same IP within a certain time frame?
Thanks,
Jeremy
↧
LEM Oracle Unified Auditing
I'm trying to get Oracle Unified Auditing connector to work in LEM.
I currently have Oracle Database connector working - connected to two other databases.
I have Unified Auditing turned on in Oracle 12c and have created a dedicated user to connect from LEM. The user has been granted the AUDIT_VIEWER role and I can login as that user and see data in the SYS.UNIFIED_AUDIT_TRAIL view.
When I setup the connector in LEM and start it I can see an "Internal Tool Online" event in nDepth, but that is the only message I'm getting.
I have tried different variables in the settings within the connector (IP instead of servername, different users, etc) to no avail. I also am not seeing any audit entries within the database that says the connector is attempting to make a connection.
↧
Fortimail And FortiWeb Logging
Hi,
has anyone successfully setup the fortimail or fortiweb to successfully log on SEM?
i am running the latest update for the virtualised appliances of both.
i can see the logs passing the firewall and going to the LEM. I just cant get the console to show the info through the connectors.
Am i missing something? Any help would be appreciated.
Regards
Paul Dyball
↧