LEm with Cisco Firepower / Firesight syslog
Hi, I have a Cisco Firepower virtual appliance, and try to see log into LEM. I have configure Syslog as I found here : Configure a FireSIGHT System to Send Alerts to an External Syslog Server - Cisco...
View ArticleIs there a way to monitor CD rom drive usage?
Is there a way to monitor/notification of CD rom drive usage? So far I can not figure out a way. There are no services that I can think of to monitor. Any ideas would be helpful. Thank you.
View ArticleLEM Licensing
Hi,New to the LEM Licensing concepts .. thereby seeking some clarifications here .. Is my understanding coorect -1. One Network switch or a router consumes 1 node license2. One Security device like...
View ArticlePrint Services for Windows Monitoring
Hello:I was hoping someone could help me out in getting PrintService logs from our Windows 2008 R2 print server into LEM. We are currently running LEM 6.1Here is what I have done so far:I enabled the...
View ArticleWe have a requirement to audit all Applocker EXE and DLL events on all of our...
We have a requirement to audit all Applocker EXE and DLL events on all of our servers; how do I set up LEM to make this information available and prominent? We have our Group Policy configured to audit...
View ArticleAgent Cache Size
I knowI have seen this before, but cannot find it at present... Does anyone know the maximum cache size for a LEM agent when it goes offline?
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticleLEM Log Retention settings
Hi All, How can I check LEM log retention settings? I've already read some discussion about this and learned that LEM is configured to automatically purge the oldest logs, but how can I check if our...
View ArticleIs it possible to import Windows Security Event log into LEM from a node...
OK, so here's the scenario. Due to internal company policy I cannot install native LEM agent on our Domain Controller (Windows 2012). So that means I cannot just add this node to LEM console and...
View ArticleLEM Linux Agent Installer
What's the required version of Java for the LEM 6.3.1 linux64 agent installer?
View Articleconnector discovery already running (adding a node)
I am attempting to search for nodes, but the LEM says "connector discovery is already running. Cannot run at this time". I have searched for nodes before, but it has not been running for 24 hrs. Any...
View ArticleCan someone help on Network anomalies detection, bases on NETFLOW using...
Can someone help on Network anomalies detection, bases on NETFLOW using solarwinds
View ArticleClik here to view.
Scan for new node running for hours
Hi there, Thanks for reading. I'm seeing a node discovery is running for a few hours now. It appears to be active but my network just isnt' that big! I'm checking the CLI to see if messages from...
View ArticleIs there a list of LEM Best Practices, or Most Common Rules?
I tried searching for Best Practices, but only found a few documents. Is there a site for LEM Best Practices, common rules, or implementation suggestions? What do you feel is your best rule? Thanks...
View ArticleLEM Log Archiving?
I am curious if there is a way to archive your logs off LEM in such a way that it moves the logs out of the LEM database and into an archive freeing up the space in the LEM database? I am thinking...
View ArticleFile Share Audit Failures?
We are trying to find all SMB logon failures but they do not seem to be showing up in "ObjectAuditFailure" for some reason. We can see a lot of 5140 Audit Failures in our logs but cannot find them in...
View ArticleWhere does LEM store its logging data?
Does LEM store its logging data .etc on the /VAR drive? How can I best determine long term storage needs? Thanks.
View ArticleSupported IDS/IPS Sensors/Apps
I'm looking for a list of supported IDS/IPS sensors and related applications (Snort for example), that the LEM supports? A future project is to replace our EOL IDS sensors with new technology and I...
View ArticleIncidents created when manager logs in as root for cron
New to LEM... we enabled a bunch of default rules. Every 15 minutes or so, incidents are created from events automatically happening on the manager. The rules that are firing to create the incidents...
View Article