Alert on login attempts of disabled accounts
I am pretty new to LEM (6.3.1) and am having some problems setting up a new rule. I am trying to create a rule that will email me an alert when there is a login attempt of a disabled domain account....
View ArticleAuditing Group Policy Changes
Hi, Can anyone tell me how to set up a rule to track group policy changes? This is for tracking admin users who modify the Group Policy Object(I am not talking about creating a new one or renaming an...
View ArticlePalo Alto Firewall + LEM = Random Nodes?
We put in a Palo Alto firewall and set up syslog to report to the firewall. Since doing so, I am getting random 13 digit "nodes" reporting in too. I cannot find any actual information being reported...
View ArticleTripWire Connector: How to use?
We have setup a TripWire Enterprise server on a Windows system and I would like to see how the TripWire connector in LEM works. It's not immediately clear to me which logs I should be pointing this at...
View ArticleInstall Linux LEM agent on RHEL 6
Can anyone help with this error. I have tried all I know. [root@centrify solarwinds]# ./setup.binPreparing to install...Extracting the JRE from the installer archive...Unpacking the JRE... gzip:...
View ArticleWindows Firewall Logs
Hello,I checked the policy on the active directory and it enables windows firewalls logs. I accessed the path to which the firewall logs are logged, and it was found succesfully with all logs.But,...
View ArticlePros & Cons of encrypted (bitlocker) removable media and LEM
Our team has been working on some rules to mitigate threats from removable media. We have had good success with file monitoring, read/writes, and actively responding to executable attempts from flash...
View ArticleDeploy LEM in Azure
Is it possible to deploy Solarwinds LEM into Azure as a virtual machine? The guide provides steps to deploy virtual machine in Hyper-V and VMware environment, I figure deploy it in Azure should be...
View ArticleMonitoring Web Traffic with LEM
Hello Thwack Community, This is my first post/ question though I have been lurking on the board to get my questions answered for about 60 days since getting my new position. I am new to Solarwinds and...
View ArticleHow does the Block IP active response work for multiple connected firewalls?
I'm somewhat new to LEM and was looking at using the Block IP active response in a rule. I don't see any option in the rule builder to select which of the LEM connected firewalls I want to block the IP...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleCannot login LEM web portal
I am doing a LEM POC and creating some rules and configurations.however, the web console becomes slower and slower,finally, i cannot control the appliance. we have tried to refresh the web portal, use...
View ArticlePossible to monitor disk space remaining?
I'm currently using EventSentry to alert me if drives on Windows 2008/2012 virtual machines are running below 5% available space. Can I use LEM to replace EventSentry?
View ArticleDifferent Oracle Connectors
Hi all,What is the difference between the three Oracle Auditor connectors in LEM? Oracle Auditor - DatabaseOracle Auditor - SyslogOracle Auditor - Windows Also, what is the difference with the extended...
View ArticleWindows Agent Spiking CPU Utilization to 100% on Windows 10
We recently upgraded all of our call center PC's from Windows 7 to Windows 10. We immediately ran into issues where the LEM agent was maxing out CPU utilization causing the PC's to freeze up to the...
View ArticleSeverity Levels: How are they determined?
Hey all, Does anyone know how the severity levels are determined? We are trying to correlate the severity of Windows Events with the severity levels in LEM, so we can build a filter for just critical...
View ArticleLog Forwarder Syslog Message Text missing
Guys, I'm running the log forwarder on my Windows 2008 SP2 (not R2) domain controllers and subscribing to many events that I forward to my Kiwi Syslogger running on Windows 2012 R2. From there I have...
View ArticleLEM AD Connector support for binding
The biggest issue I have had with the LEM connector besides the one I have already seen mentioned having to use the FQDN to sign in, is the fact that it wants to discover and display the entire forest...
View ArticleEmail Notifications How-To
Hey All,Since we haven't had any LEM discussions yet, I thought I'd post a quick how-to on setting up custom notifications. There's a couple of really common use cases for going beyond the out of the...
View ArticleIssues upgrading lem
Hi, I'm new to using Solarwinds, I've searched the web but haven't managed to find an answer, basically I'm trying to upgrade the LEM but the bit in the instructions that say 'follow the onscreen...
View Article
