Collecting Logs for DHCP Server Configuration Changes
Hey all,I'm setting up Log & Event Manager for the first time and I can't seem to figure out how to properly collect the logs I want from a windows DHCP server. I want to be able to collect the...
View ArticleGPO modified?
What is the best way to find out if a GPO was modified and what change was made? I've tried PolicyModify and DomainPolicyModify with no luck.
View ArticleSystem Center Configuration Manager 2012
Has anybody been able to integrate SCCM with LEM? I get a ton of email notifications about viruses, and I was hoping to integrate them into the SEIM.
View ArticleImplications of configuring LEM to store original logs
I would like to understand the implications to my LEM environment if I were to configure it to store the original logs as per the KB article HERE. Thanks in advance for any feedback!
View ArticleLEM vulnerability, how to solve it?
Becauseinformation securitypolicy,Vulnerability scanningmust bedoneusingIPS,There is avulnerabilityscan results follows,How do Irepairit ?HTTP Server Prone To Slow Denial Of Service AttackCVE-2007-6750...
View ArticleClik here to view.
Issues of agent upgrade from Trigeo 5.0 to "log & event management"
The background, we have installed a new vm server - "log & event management", I use the fixed manager - swi-lem login "log & event management" console, our old Trigeo 5.0 server uses...
View ArticleDoes LEM offer a generic txt/log file connector that we can use to collect...
Almost like the McAfee Connector. I basically just point it to the scan.log and can receive the data that populates in the log file.
View ArticleSending logs from Threat Management Gateway 2010 to LEM
I would like to send logs from TMG to LEM. I have searched Thwack for posts on the subject and did not find any. Has anyone been able to configure this and see the logs in LEM? TMG plays an integral...
View ArticleUser Modification Email Alert
We have alerts setup when Groups in AD change (add/remove users) or when a user is deleted from AD. Is there a variable that can be added to the email template that will tell us the specific account...
View ArticleHow to detect SQL Injection Attacks?
I am curious how you would configure a LEM correlation rule to capture a SQL injection attack? I see that there is a User Defined Group called "XSS and SQL Injection Vectors" but I am not sure exactly...
View ArticleClik here to view.
Syslogs from Cisco ACE 4710 Application Control Engine
Hi, I've was told that the latest Cisco Firewall connector would be able to read the syslogs from the Cisco ACE 4710 Application Control Engine device. I set the facility to 18, which logs into local2...
View ArticleLEM's restrictconsole and restrictreports command has no effect
LEM's restrictconsole and restrictreports command has no effect.For example, I settings restrictconsole only allow 192.168.1.1,But the 192.168.1.2 is still can login to LEM console, What steps do I...
View ArticleIssue with custom LEM report
With the new 5.6 Upgrade, it appears to have broken some custom reports we created. Whether that's just my error or not, I don't know. I got login errors when I tried to view them, which led me to...
View ArticleLEM Report/Alert for Cisco ASA VPN Usage
We would like to create a report for VPN logins/logouts and also have a real time alert for when someone is logged in or out. The device is a Cisco ASA. Any help on whether this is possible or not...
View ArticlePCI DSS & LEM
I just finished reviewing the PCI DSS control objectives and as best I can tell LEM will address the following objectives: 10.2, 10.3, 10.5, 10.6, and 10.7. The document locate HERE indicates that it...
View Articlecomplex ndpeth query design
I am experiencing difficulty in creating a query for ndepth that will show me the following information. I have traffic that I am trying to locate that could be sourced from a group of 4 IP addresses....
View ArticleSIEM: More like Monitoring or Anti-Virus?
As I continue to work more and more with LEM and SIEM technology I found myself thinking that SIEM is generally treated (by users and vendors) more like a monitoring system and less like an anti-virus...
View ArticleI need to monitor Orion Uptime...
I have multiple datacenters servicing customers across the time-zones in the U.S. and also in the U.K. each datacenter houses about 10 to 25 pieces of mission critical schizzle that we use...
View ArticleDoes Updating LEM also Update Connector Profiles?
When I update LEM to a new major version does that also update the connector profiles or does that still need to be done separately? Thanks in advance for any replies!
View ArticleClik here to view.
After an undetermined period of time LEM 5.6.0 stops providing real data and...
Hi we've been using LEM v5.6.0 now for the last 3/4 months and we have noticed that after an undetermined period of time (it can be from as little as 24hrs to 15 days) the LEM console stops receiving...
View Article