Is there a list of LEM Best Practices, or Most Common Rules?
I tried searching for Best Practices, but only found a few documents. Is there a site for LEM Best Practices, common rules, or implementation suggestions? What do you feel is your best rule? Thanks...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleAuditing Group Policy Changes
Hi, Can anyone tell me how to set up a rule to track group policy changes? This is for tracking admin users who modify the Group Policy Object(I am not talking about creating a new one or renaming an...
View ArticleLEM - Mount error 13
I am able to mount a Windows share folder when I do a syslog export from LEM to my share folder.But when I try to do an archive job to the same share folder path using the same credentials, it gives me...
View ArticleHow to capture failed 'Run as Administrator' events on a Windows domain?
Does anyone have insight into how MS Audit Policy can be used to capture failed 'Run as Administrator' attempts without having to install LEM agents on all workstations? I've been attempting to...
View ArticlePrevent rule from triggering for X amount of time after first trigger
I have a rule that is set to alert if a file is created in a directory using FIM, but I'd prefer to not get an email for every single file that gets created if multiple are created in a short span of...
View ArticleIntegration of LEM with Orion NPM
To quote the "What are we working on now" thread for LEM from 2011: "SolarWinds Orion Platform Product Integration: Escalating Events from LEM to Orion via SNMP TrapsSince we're in the business of...
View ArticleInstall Linux LEM agent on RHEL 6
Can anyone help with this error. I have tried all I know. [root@centrify solarwinds]# ./setup.binPreparing to install...Extracting the JRE from the installer archive...Unpacking the JRE... gzip:...
View ArticleUnable to create a Directory Service User
Spinning up a new LEM 6.3.1 instance. When I go to Build > Users and click the "+" I do not get the option for "Directory Service User". I only get "LEM User" and "Import LEM user". I have the...
View ArticleConfigure LEM as a SYSLOG Server
Hi, I am currently configuring LEM to monitor a small industrial network, (containing 12 devices). Firstly can someone please confirm that LEM is capable of receiving SYSLOG data.If so, is this a...
View ArticleHow to add "ip shunned" alert in Orion
Hi! I realize that there are a few forum posts about this, but it appears that none of those answer my question. We recently enabled IP shunning on our ASA5545X's and I'm wondering if there's a way to...
View ArticleLogon failed while running LEM reports
Hi, After installing Log and Event Manager Reports, while running a report, its showing this error: Logon failed. Error code: -2147189176, What is this error and how can it be resolved so I can run...
View ArticleCreate a Alerting/Action Report
I would like to create a report that shows the last 30 days of alerts and who the alert was sent to. I see the last 30 day report, but I can't seem to figure out how to put a field in to show the...
View ArticleHotfix 4 closing programs immediately
This hotfix does not allow Adobe Acrobat or Salesforce Data Loader to stay open. It opens for less than second and then immediately closes. Once I stop the LEM service or uninstall the LEM agent, the...
View ArticleClik here to view.
Threat intelligence feed logs
We have a rule set up to use the TIF thusly: We're getting alerts from Bad Folks™ trying to hit our outside IP, but that's happening all the time -- a good portion of the reason one doesn't put an...
View ArticleMonitor custom log files out of the box or should I just use Splunk?
I have an off-the-shelf application that writes to a non-Windows Application log location. The location is similar to C:\ProgramData\AppName\ModuleName\ModuleNameLogs. How can I parse these logs and...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleAlert on login attempts of disabled accounts
I am pretty new to LEM (6.3.1) and am having some problems setting up a new rule. I am trying to create a rule that will email me an alert when there is a login attempt of a disabled domain account....
View ArticleLEM Database Maintenance Report not reporting correct "Database Time Span...
I recently worked with SW Support tkt#1153393 to reduce the size of myLEM DB. The tech removed data partitions and successfully reduce the size ofthe DB but now the DMR is not accurately reflecting the...
View ArticlePossible to monitor disk space remaining?
I'm currently using EventSentry to alert me if drives on Windows 2008/2012 virtual machines are running below 5% available space. Can I use LEM to replace EventSentry?
View Article