Console: add ability to query the node list
add ability to query the node list: 1) Duplicate IP addresses and/or node names. 2) in the search add the ability to query one item while excluding another. 3) ability to select...
View ArticleLEM Thoughts of the Week: Detecting the Target Breach?
Hey All, Trying a new LEM idea courtesy byrona - a LEM/SIEM topic of the week. I'll try to post a topic related to security and log data once a week, you toss in your two cents based on your experience...
View ArticleTrouble with snmp trap variable bindings truncating in Orion trap viewer and...
Trouble with snmp trap variable bindings truncating in Orion trap viewer and trap rule alert action output. We have several trap rules which are working successful and not truncating.For some reason...
View ArticleNew Log & Event Manager (LEM) Library & Support Page!
We've updated the Log & Event Manager (LEM) - Updated January 10, 2014 support page. This serves as a one-stop shop for all your LEM documentation, how-to's, troubleshooting, and more. You can...
View Article"Unable to authenticate on manager: TriGeo"
G'Day, I get this now, followed by "Invalid login" every time I try to connect. It was working fine yesterday. I have tried 3 different browsers, and the SIM. I have restarted the manager, rebooted the...
View ArticleClik here to view.
Rule help
I'm trying to set up a rule that will send an email any time an event comes in from a specific tool alias. Do rules specifically have to use Events or can they use Event Groups like [Any Alert]?I'm...
View ArticleHow do I configure the SNMP community string for LEM?
I haven't been able to find the setting whereby I can configure the SNMP read-only community string for the LEM appliance, so that I can monitor its health/set up alerting etc through Solarwinds NPM. I...
View ArticleDelegated administration of LEM
I am currently evaluating LEM for my enterprise. Is there a way I can grant specific users access to view events from only specific nodes that LEM monitors? I want a group of people to be able to see...
View ArticleSearch pattern for file audits on specific server not carried out by one of...
Hi, As per the subject, I'm trying to create a ndepth search (which I will later turn into an alert). Which searches a specific server server for file audits which do not involve one of four accounts....
View Article!LEM Thoughts of the Week: What's your Top LEM/SIEM Tip or "Wish I Knew THAT...
If you missed last week's discussion on the fun mishaps of the Target breach, it's here: Re: !LEM Thoughts of the Week: Detecting the Target Breach? This week, thought I'd go a different direction....
View ArticleHow to build a query that finds WebTrafficAudit.EventInfo events with a...
I am trying to build a query for any "WebTrafficAudit.EventInfo" events that were "Denied". I can build a filter for WebTrafficAudit.EventInfo with an "=" of *Denied* and I get results. If I send...
View ArticleClik here to view.
Does LEM offer a generic txt/log file connector that we can use to collect...
Almost like the McAfee Connector. I basically just point it to the scan.log and can receive the data that populates in the log file.
View ArticleTop 6 SANS Essential Categories of Log Reports 2013 in LEM
SANS released an updated list of their critical log categories recently. Some good recommendations especially if you're new to log management. The 6 Categories of Critical Log Information How easily...
View ArticleStrange Alert - SIP Message Flooding
Hello,We just got LEM and are getting it up and running and have run into something strange. We've been seeing a lot of this error:COMMUNITY SIP TCP/IP message flooding directed to SIP proxyThe source...
View ArticleLEM scheduled reports
My scheduled reports are only recording for one minute. Example, I scheduled a resource config report to run a report for the time period from 5:00am-4:49a the following day. It automatically resets...
View ArticleLem server
my solarwinds server got shut automatically?? is something related to the number alerts on desktop console ??? i'm confused..
View ArticleLog retention and disk space
I have LEM and need to meet the following requirements6 month retention for log filesMy current system just monitoring 34 servers and 8 firewalls has already chewed up this much space.Disk...
View ArticleLEM Thoughts of the Week: What IT Security Buzzword Drives You Nuts?
In honor of the RSA Conference (et al) this week, where buzzwords and BS are sure to be running high...What IT Security buzzword or nonsense trend drives you nuts? What's your pet peeve topic,...
View ArticleLEM: Create notification of AD account lockout
How can I setup a notification alert when a user is locked out of Active Directory? I am using SolarWinds Log & Event Manager 5.4 Thanks
View ArticleMaking a rule for a 100 logon failures.
I am trying to make a rule for 100 similar logon failures and trigger an email and SNMP trap. I have several rules setup and they all work well. This is one thing I cannot figure out, probably because...
View Article