Creating a Email Event
Is there a why to create a email event when a users has lock them self out and used a bad password so many times in a certain time period?
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticleIs there a list of LEM Best Practices, or Most Common Rules?
I tried searching for Best Practices, but only found a few documents. Is there a site for LEM Best Practices, common rules, or implementation suggestions? What do you feel is your best rule? Thanks...
View ArticleExporting a report as an XLSX not an XLS format in Excel
Is there a way to export reports as an XLSX not XLS as this is an old format and has size limitation which makes it impossible to produce weekly and monthly reports if there are over 65000 lines. As...
View ArticleWindows Agent Spiking CPU Utilization to 100% on Windows 10
We recently upgraded all of our call center PC's from Windows 7 to Windows 10. We immediately ran into issues where the LEM agent was maxing out CPU utilization causing the PC's to freeze up to the...
View ArticleAlert on login attempts of disabled accounts
I am pretty new to LEM (6.3.1) and am having some problems setting up a new rule. I am trying to create a rule that will email me an alert when there is a login attempt of a disabled domain account....
View ArticleSyslog node names?
I have a number of syslog devices pointed at LEM, but they all show up as IP addresses for node name. Is there a way to change the name of these nodes? Thanks!
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleMSSQL reporting with LEM Reports ?
Hello, There are no MSSQL-related report templates in LEM Reports for tracking typical admin actions such as: DELETE, DROP, GRANT, schema changes etc... How can one build such custom reports ?Is it...
View ArticlePros & Cons of encrypted (bitlocker) removable media and LEM
Our team has been working on some rules to mitigate threats from removable media. We have had good success with file monitoring, read/writes, and actively responding to executable attempts from flash...
View ArticleKaspersky Endpoint 10
I am trying to get LEM to monitor our Kaspersky administration server. I have the Kaspersky Administration Kit connector enabled on the node that is our Kaspersky Administration server. I am not sure...
View ArticleSolarwinds LEM
We recently just deployed LEM into our environment and I am having issues with setting up a rule/filter. I am unsure if this should be a rule initially before filtering or vise versa. Nevertheless, I...
View ArticleCheckpoint Firewall monitoring using LEM
Hello There, Is it possible to monitor Checkpoint Firewall using Syslog by LEM? If yes, please guide me what versions of Checkpoint Gaia are supported and relevant configuration for the same. Thank you.
View ArticleLEM 6.3.1 Hotfix 7 Now Available
DownloadAvailable:LEM v6.3.1 Hotfix 7 Hotfix 7 addressesthefollowingissues:Windows Workstations appearing as Universal NodesCheckpoint R80.10 unable to transmit logs to LEM due to upgraded cryptography...
View ArticleNetapp Clustered Data ONTAP CIFS auditing to LEM
NetApp Clustered Data ONTAP creates audit log files on a file share (as far as I can tell it is not able to send the log information via syslog or snmp etc). Does anyone know whether and if so how it...
View ArticleSonic Wall Email security device into LEM
Hello, I'm after our LEM server to have the logs of any Anti-Virus or Malware events from our Sonic Wall Email Filters Has any one done anything like this before? I did fine some OID entries for what...
View ArticlePossible to monitor disk space remaining?
I'm currently using EventSentry to alert me if drives on Windows 2008/2012 virtual machines are running below 5% available space. Can I use LEM to replace EventSentry?
View ArticleLEM: log retention and backup
Hi ALL, I would like to ask if this retention KB is still valid for LEM 6.1 (latest)see below ? LEM's retention is sized based. So, you are right - the oldest events are purged to make way for the new...
View Article