Recording policy changes from Sophos Enterprise Console 5.2 in LEM?
So my question is pretty simple (although I don't expect the answer to be), is there a way of pulling any policy changes or logs from Sophos Enterprise Console 5.2.0.644 and having them recorded and...
View ArticleLEM Report/Alert for Cisco ASA VPN Usage
We would like to create a report for VPN logins/logouts and also have a real time alert for when someone is logged in or out. The device is a Cisco ASA. Any help on whether this is possible or not...
View ArticleTop 6 SANS Essential Categories of Log Reports 2013 in LEM
SANS released an updated list of their critical log categories recently. Some good recommendations especially if you're new to log management. The 6 Categories of Critical Log Information How easily...
View ArticleBest Practices for SCCM Agent Deployment?
Hi all, Does anyone have some guidelines or best practices for this? We have to keep the change management folk happy and infored so it is mainly for their consumption. Thanks - Andy
View ArticleKiwi Syslog and Log Forwarder
Greetings, We're evaluating the above product but can't seem to get the forwarder to work under win 2003 sp2....is it compatible, supported,...??! Many thanks in advance.
View ArticleVolume of syslog/SNMP traps,LEM can handle per hour ??
Hello ,, Kiwi syslog can handle 2 millions syslog message an hour(without any rules) so does any limitation has been marked for LEM ?
View ArticleLEM Thoughts of the Week: Does Compliance Actually Make you More Secure?
We're posting this one a little early to make sure we catch folks reading the customer newsletter There's been a lot of chatter about this in the past, but with all the breaches recently, it makes you...
View ArticleNewbie Question
Is it possible to edit a non-agent node name? They are all showing up the same as the IP address because we cannot resolve them. Thanks in advance#! LR
View ArticleLEM versus ArcSight
I have been doing some research on SIEM and and SOC, specifically managed SOC's or MSSP's. I see that many of them use ArcSight as their SIEM/Log Management solution. I personally don't have any...
View ArticleRules no longer firing
Last week I was able to get some simple USB rules to fire when devices were attached. This week it no longer works. In the Monitor I can see the USB attach events and all the properties indicate the...
View ArticleHow to find the Daily Log usage?
Hello, I'm trying to figure out on average what is volume of logs we're bringing in on a daily basis. Am I bringing in 2Gb of data on a daily basis or am I bringing in 800mbs a day I have no idea....
View ArticleClik here to view.
Usefulness of these Internal Rules fired from LEM Appliance
I just wanted to question the usefulness of some of the internal rules which are setup to fire. These come from the LEM appliance and do not have any useful information other than the fact that these...
View ArticleClik here to view.
Correlation time questions
I seem to be having some issues with understanding the correlation time in LEM's rule creation. I have a rule set up to monitor when a certain event is logged in Windows application monitor. You can...
View ArticleTop 6 SANS Essential Categories of Log Reports 2013 in LEM
SANS released an updated list of their critical log categories recently. Some good recommendations especially if you're new to log management. The 6 Categories of Critical Log Information How easily...
View ArticleLEM Log Archiving?
I am curious if there is a way to archive your logs off LEM in such a way that it moves the logs out of the LEM database and into an archive freeing up the space in the LEM database? I am thinking...
View ArticleLEM shutdown Windows Machine at admin logon failure
Hi folks, Im very very new in LEM, I started to work with this SIEM this week and my boss tell me to conduct a demo with a customer next week. So, i did configured an Cisco ASA connector and active...
View ArticleLEM Thoughts of the Week: Tell Your Favorite "Found in the Logs" Story
Some of our favorite moments with LEM have been the stuff that people had no idea was happening or to look for that they uncovered for the first time now that all their data was consolidated. Did you...
View ArticleLEM Report/Alert for Cisco ASA VPN Usage
We would like to create a report for VPN logins/logouts and also have a real time alert for when someone is logged in or out. The device is a Cisco ASA. Any help on whether this is possible or not...
View ArticleIssue with custom LEM report
With the new 5.6 Upgrade, it appears to have broken some custom reports we created. Whether that's just my error or not, I don't know. I got login errors when I tried to view them, which led me to...
View Articleagent intsaller issues
we are currently evaluating LEM 5.7.0 I have a couple of issues that I am looking to sort out - 1. Remote Agent Installer. I built a small txt file with about 10 hosts. Using the remote installer, it...
View Article