Correlation Time confusion
Could someone give me a more detailed explanation of correlation time? I'd like to create a rule for a particular email notification. The problem is that I only want to be notified on the first...
View ArticleNew syslog node
Could anyone shed any light on how to add new syslog nodes properly. I'm trying to add an HP Procurve. I've configured it to log events to my LEM server. I know I've got the configuration correct and...
View ArticleInformation level events from Application log are not being collected
I see the events in the Application log but they do not show up in nDepth. As near as I can tell it is just the Information level events. Is there a reason that the Agent (6.3.1.hotfix4) would not...
View ArticleUSB Defender & Specific Device Types
We have had the USB Defender rule on our LEM for the duration of time I have been with my organization. It's connected to the UDLP policy and they opted to use a notepad document to catalog the Windows...
View ArticleClik here to view.
Actions within Rules
This will be the first time I create a bespoke rule of my own on the LEM that implements an action for the correlating events. My goal is to get an alert for any new users being added to *admin*...
View ArticleSuccess Stories of gaining operational value from LEM
I would really love to hear specific success stores of where people have gained operational value from LEM. I am hoping that by sharing some stories or examples we might all be able to gain new...
View ArticleRules are not fired in LEM and nothing is shown in ndepth part.
Hi ,I Deployed Solarwinds LEM , assigned an IP address to it and set date and time and deploy some agents. in "Monitor" I see all real time logs but nothing is shown in "Ndepth" Part and no rules with...
View ArticleSolarwinds LEM - Email alerting for AD Security Group changes
Hi, I am having a funny issue, I have setup the rule and it works fine. but when the email is sent, it does not display who made the change, it only shows the username that was added to the group as...
View ArticleLEM Rule Creation
Hello, I am new to LEM and may need more hand-holdingI am taking one existing rule, cloning it "Continuous Excessive Logon Failures"; seems straightforward, right?the Correlation "UserLogonFailure" is...
View ArticleLEM V6.3.1 HOTFIX 6 IS NOW AVAILABLE
DownloadAvailable:LEM v6.3.1 Hotfix 6 Hotfix 6 addressesthefollowingissues:Expired certificate for connector updates causing Automatic Connector Updates to fail. Hotfix 6 needs to be applied to restore...
View ArticleStore and Retrieve Windows Event Logs
Our security posture requires that we store Windows Event Logs (Application, System and Security) for one year. I am still relatively new to LEM, so am not sure archiveconfig will meet this requirement...
View ArticleConnecting SolarWinds to Cisco FirePOWER using eStreamer
We have a Cisco FirePOWER unit that we want to poll information from and place in a dashboard so that it is easy to see what is going on with FirePOWER. I have been looking and haven't found too much...
View ArticleMonitoring of BuiltIn\Administrators returns user's SID
We're doing a demo...just installed the environment and are learning how to setup the monitoring. We have the integration with AD setup and I can login with my domain id with no issues. We setup a...
View ArticleError with Reports Manager
Ok, I've been bashing my head on this problem for a few days now and I'm calling in for reinforcements! Just joined a new organization using LEM, and I'm happily learning all it can do. However I...
View ArticleNetapp Clustered Data ONTAP CIFS auditing to LEM
NetApp Clustered Data ONTAP creates audit log files on a file share (as far as I can tell it is not able to send the log information via syslog or snmp etc). Does anyone know whether and if so how it...
View ArticleIdentifying malware DNS lookups from LEM
I've been seeing malware CNC alerts in my IPS for traffic that's coming from a domain controller. I did a packet capture on the DC and found the actual origin of the DNS lookups is the LEM server....
View ArticleBroadcast Poisoning Monitoring
Has anyone setup LEM rules to monitor for broadcast poisoning? I am unable to find canned rules in LEM, and would like to see how others are addressing this. Perhaps I'm just missing something that...
View ArticleVarying Extraneous Info
Hey all - I bumped into a scenario where Fujitsu Scanners extraneous info was logging differently on the LEM depending on what USB port it was plugged into. I wondered if maybe this was applicable to...
View ArticleNEED: Exportable List of LEM Reports
I need to present upper management with a list of LEM reports that can be sorted in an excel sheet.
View ArticleIdentifying malware DNS lookups from LEM
I've been seeing malware CNC alerts in my IPS for traffic that's coming from a domain controller. I did a packet capture on the DC and found the actual origin of the DNS lookups is the LEM server....
View Article