Cisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticleLEM use cases
Hi all,I'm new with LEM and consider it as a central console for future SOC in my current companyI just want to leave here my list of use cases and share in a future "how to" realize themDon't hesitate...
View ArticleNode name resolution in LEM
Running 5.4I have a handful of nodes that are not resolving the node name, just shows IP.I pinged the hostname from the SSH CLI in appliance mode and it worked properly.Pinging address...
View ArticleSeverity Levels: How are they determined?
Hey all, Does anyone know how the severity levels are determined? We are trying to correlate the severity of Windows Events with the severity levels in LEM, so we can build a filter for just critical...
View ArticleLEM agent question
Does the spop.conf query its info directly from a file on the LEM box? For some reason when installing the agent on a brand new machine the spop.conf is populating with the old appliance IP address....
View ArticleIIS 6 & 7 logs into LEM
We've tried to configure 3 servers to get IIS to log into the LEM without success. 1 server is running Server 2008 with IIS 7. 2 servers are running Server 2003 with IIS 6. I believe that we have the...
View ArticleEventInfo Unmatched FortiGate 5.0 Data ($Revision: #147 $)
I'm seeing this event every few seconds. I'd like to make it stop. EventInfo Unmatched FortiGate 5.0 Data ($Revision: #147 $) ExtraneousInfo 1476468181000 10.0.0.8 date=2016-10-14 time=13:03:01...
View ArticlePros & Cons of encrypted (bitlocker) removable media and LEM
Our team has been working on some rules to mitigate threats from removable media. We have had good success with file monitoring, read/writes, and actively responding to executable attempts from flash...
View ArticleConnector request
How long does it take after submiting a request to create a new Connector to actual delivery?
View ArticleBest report export format from LEM report?
What reprot format do you export scheduled reports? I initially had it as PDF format, but that does not allow sorting/filtering. The .XLS format is the closest i can get however columns are not aligned.
View ArticleCan LEM correlate events based on time not in use?
Example: Service A on the monitored server "Stops" at 9:00 AM. I should start at 10:00 AM, but doesn't start at all. My administrator want to be notified via email that Service A did not start. Any...
View ArticleIs there a list of LEM Best Practices, or Most Common Rules?
I tried searching for Best Practices, but only found a few documents. Is there a site for LEM Best Practices, common rules, or implementation suggestions? What do you feel is your best rule? Thanks...
View ArticleQuestion on "Correlation Time" in LEM Rules
I am trying to understand this section better. I need to send an email for when I have "host flapping" on an interface. Problem is, I need to alert on the first log (unique to device and port) but...
View ArticleHas anyone configured the LEM Directory Services Connector to use RedHat IPA...
In the environment I'm working in, we don't have AD servers, but we do use Red Hat IPA/IdM for *nix SSO. I'm wondering if anyone's gotten IPA working for Directory Services users/groups in LEM.
View ArticleClik here to view.
Configuring SSO for LEM
I am attempting to configure AD integration for LEM (6.3.1) and for the life of me, I cannot get it to function correctly. I contacted tech support and they sent me this article. When I get to the...
View ArticleHow Does the Windows Agents Determine Agent Id etc.
We are trying to use InstantClones through VMware to deploy our VDI desktops. The issue I'm having is when I search the lem by hostname (ourVM-) I see a single entry, that changes every few seconds.I...
View ArticleLEM V6.3.1 HOTFIX 6 IS NOW AVAILABLE
DownloadAvailable:LEM v6.3.1 Hotfix 6 Hotfix 6 addressesthefollowingissues:Expired certificate for connector updates causing Automatic Connector Updates to fail. Hotfix 6 needs to be applied to restore...
View ArticleWhich Profiler version in MSSQL Auditor for SQL 2016 ?
Hi, I'm currently deploying LEM and we have a new SQL Server 2016 on which we will want to do some DB log collecting. When selecting the Profiler version in the MSSQL Auditor tool (latest version),...
View ArticleBest report export format from LEM report?
What reprot format do you export scheduled reports? I initially had it as PDF format, but that does not allow sorting/filtering. The .XLS format is the closest i can get however columns are not aligned.
View ArticleLEM as a netconsole host?
We had an issue with our KEMP LoadMasters last week where some virtual services were removed from the configuration and we/KEMP cannot explain why. One of their suggestions is to setup a netconsole...
View Article