LEM 3.0 template rules
Does anyone know if the template rules in LEM3.0 have been updated? I have some rules (windows disk full) which appears to be triggering off from old events. Not sure if it has been updated from the...
View ArticleUpgrade to 6.0.1 Flex error
When I load the GUI after the upgrade I get this error:Flex Error #1001: Digest mismatch with RSL https://10.162.1.40:8443/lem/rsl/TriGeoFlexFramework.swf. Redeploy the matching RSL or relink your...
View Article3Par Connector
I am trying to get our hp 3par to syslog to LEM. Can anyone help with the 3par settings as well as if there is even a connector for the 3par. Thanks,
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleWill the Linux auditd collector collect logs from other nodes that have...
We have a high speed guard product that we are using on a set of Linux servers. Ive placed an LEM agent on the Linux Red Hat server head node and setup auditd collectors for /var/log/secure,...
View ArticleCreate Rule to warn when no events are received - Offline Node
Hi, Can someone please advise how to create a rule when a node stops sending logs or is offline. This is for a node that does not have the Agent installed(Citrix Netscaler in this case). I have been...
View ArticleLEM Log Retention settings
Hi All, How can I check LEM log retention settings? I've already read some discussion about this and learned that LEM is configured to automatically purge the oldest logs, but how can I check if our...
View ArticleQuestion on "Correlation Time" in LEM Rules
I am trying to understand this section better. I need to send an email for when I have "host flapping" on an interface. Problem is, I need to alert on the first log (unique to device and port) but...
View ArticleFile writes to usb
Hi I have a need to create a rule that sends an email when: The user is a member of an AD group "LEAVERS" AND they copy files to a usb device The email should ONLY trigger once and if possible have...
View Articleunstructured app logs in LEM?
hi. About to try an evaluation of LEM, but wanted to know if it's capable of handling unstructured logs as well as standardized system logs. For example, we would have an application log that is...
View ArticleBlock IP Address on FortiGate's Firewall Failing
Hi everyone, I'm having an issue where I setup a rule to block an IP address using the Block Active Response on SW LEM: Using the Block IP Active Response - SolarWinds Worldwide, LLC. Help and Support...
View ArticleAuditing Group Policy Changes
Hi, Can anyone tell me how to set up a rule to track group policy changes? This is for tracking admin users who modify the Group Policy Object(I am not talking about creating a new one or renaming an...
View ArticleAccounts in admin groups without "admin" or "administrator" in the account name
I may be overthinking this, it seems like it should be easier. We have several accounts that are in Admin groups on several servers, however, their names do not contain admin or administrator or root....
View ArticleLEM Demo Working ?
Does the LEM Demo site load for anyone else? I want to take a look at it. I realise it needs flash, I've tried Edge, Chrome, IE and FF. I see a box with loading and progress bar so Flash loads. Though...
View Article!LEM Thoughts of the Week: Detecting the Target Breach?
Hey All, Trying a new LEM idea courtesy byrona - a LEM/SIEM topic of the week. I'll try to post a topic related to security and log data once a week, you toss in your two cents based on your experience...
View Articletraffic but no agent
How do you identify workstations/servers with traffic but no LEM agent? Using some of the rules as a basis does not seem to work?
View ArticleStore and Retrieve Windows Event Logs
Our security posture requires that we store Windows Event Logs (Application, System and Security) for one year. I am still relatively new to LEM, so am not sure archiveconfig will meet this requirement...
View ArticleClik here to view.
LEM / RHEL7 - No Log Data
Hello, BackgroundWe are just rolling out LEM (6.2) and have hit a speed bump while configuring our Linux infrastructure for LEM. After installing the linux agent on a RHEL 7 box (first one we've...
View ArticleSLOOOW login to LEM
Does anyone else have an extremely slow login time for LEM? Mine takes around 2-3 minutes to past the username/password screen and into the application. Thanks!
View ArticlePainfully slow LEM console. Each click take 2-5 seconds to respond.
I am working with a VERYoverpowered LEM VM and PC. Yet every action in the console is horribly slow. nDepth is pretty much unusable. I assume Flash is a small part of the problem, but the product has...
View Article