Forward syslogs from Fortigate 100E v6.0.1 to LEM
Hi, Basically, I need to forward logs from our Fortigate 100E v6.0.1 to LEM. I found instructions for integrating Fortigate to LEM in the Solarwinds website, see below link, but it's for 4.x and 5.x....
View ArticleLEM upgrade on Linux
Hi I am new to LEM. We have LEM installed on a linux box that has not internet access. Although I can give it access to network shares. I am looking to upgrade from version 6.4 to 6.5. How best can I...
View ArticleSpecifiy an IP range in a User Defined Group data field
In creating a user defined group which is then used as part of a rule, I need to define a subnet or range of IPs. How can that be done other than by using astirik? For example to specify the IPs...
View ArticleLEM v6.3.1 HOT FIX 4 IS NOW AVAILABLE
DownloadAvailable:http://downloads.solarwinds.com/solarwinds/Release/HotFix/SolarWinds-LEM-v6.3.1-Hotfix4.zip Hotfix 4...
View ArticleClik here to view.
Sysmon connector incorrectly parsing network connect events
I've run into an issue with the Sysmon connector on machines running Sysmon v8. The network connect events are no longer properly formatted and information is lost. Below is a screenshot of two events,...
View ArticleLEM 6.1.0 new nodes
With LEM 6.1.0 Can you easily see new nodes or workstations on your network that do not have the LEM agent installed?
View ArticleLEM Correlation Rules
Hi, I am currently facing some problem in establishing correctional rules.To make a correlation rules we must understand the behavior of attack as per my knowledge. Lem has built in correlation rules...
View Articlein LEM for the event UserLogonFailure
In nDepth, if UserLogonFailure is showing EventInfo: Logon Failure "myDomain\johnD" InsertionIP:SalesPC1 Does this definately mean that JohnD tried to logon to the SalesPC1 and failed?
View ArticleCISCO ASA Firewall
HI, Please let me know,How an we detect attacks from CISCO ASA Firewall using LEM.I have read about various ASA SIDs being logged as syslog messages by cisco firewall upon which cisco recommend some...
View ArticleLog and Event Manager licencing
Hi, We are about to purchase Solarwinds but need to work out licensing costs first. We have 10 hosts running docker, there are 50 containers running across the hosts. If we wanted to log data for all...
View ArticleLEM 6.1.0 new nodes
With LEM 6.1.0 Can you easily see new nodes or workstations on your network that do not have the LEM agent installed?
View ArticleMicrosoft Exchange Connector Error
Hi All, I have installed LEM agent on exchange server and when I enable any of the Microsoft exchange related connector,Following error will appears (Retry Count exceeded for handleAgentResponse....
View ArticleClik here to view.
Rule to kill communication with malicious IPs
Hello, What would be the best way to go about switching off communication with a malicious/compromised/blocked IP that is fed from Thread Intelligence Feed or manually inserted into UDG from Emerging...
View ArticleScheduling report in Report tool
I am running the report logon failures by user and want to look at outside business hours, previous day 6pm to current day 6am. I can manually run the report but I need it to run on a daily schedule....
View ArticleConnecting SolarWinds to Cisco FirePOWER using eStreamer
We have a Cisco FirePOWER unit that we want to poll information from and place in a dashboard so that it is easy to see what is going on with FirePOWER. I have been looking and haven't found too much...
View ArticleAD authentication in LEM
I have been asked to configure LEM to use Active Directory credentials for users to log on with. I have the Directory Service Query tool configured per the documentation, and have added both a...
View ArticleClik here to view.
Rule to kill communication with malicious IPs
Hello, What would be the best way to go about switching off communication with a malicious/compromised/blocked IP that is fed from Thread Intelligence Feed or manually inserted into UDG from Emerging...
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticleIs there any way to update the LEM appliance IP a windows agent is pointed to...
I have some windows agents that have the LEM appliance IP ending in .85 and I need the agent to point to .185 instead. I thought rerunning the remote installer on the list of hosts would fix this but...
View ArticleLEM Log Forwarding to Kiwi
Hi all, Just wondering has anyone out there managed to configure the Log Forwarding on the LEM Console?I am trying to see if the LEM can forward logs to Kiwi.Would appreciate any help on this..
View Article
