monitor password changes
I have enabled the right policies in AD now, and I'm starting to see these events hit the LEM: Event Name: UserModifyAttributeEventInfo: Password Change "domain\username" Success Event Name:...
View ArticleTop 6 SANS Essential Categories of Log Reports 2013 in LEM
SANS released an updated list of their critical log categories recently. Some good recommendations especially if you're new to log management. The 6 Categories of Critical Log Information How easily...
View ArticleMonitoring filters
Hi, I am trying to configure 2 monitoring filters:1 for changes just to GPO1 for users being added to to Domain Admin security groups. I figured out how to monitor GPO however eventID 5136 also logs...
View ArticleUSB Defender
Needing help configuring USB Defender. I have followed all the steps to configuring it, but neither see an alert in the console nor are unauthorized USB devices shut down on the client machine. Here is...
View ArticleIntegrating Cisco Nexus switch with LEM
I am trying to integrate Cisco Nexus 5K switches with LEM as a syslog node, but having no luck. Does LEM support NX-OS? I found the attached, which was very helpful while integrating an ASA, but...
View ArticleSending syslogs from IBM Bladecenter H to LEM
I would like to send syslogs out of two IBM Bladecenter Hs to LEM for centralized logging, but currently LEM does not have a Tool for these devices. The AMM and Director are able to send standard...
View ArticleReport all user activity in LEM by username
G'Day, I know once I run "TriGeo Reports", and the report is generated, I can use "Selection Expert" to pull out data on a specific username, but which report do I run in the first place in order to...
View ArticleMonitoring filters
Hi, I am trying to configure 2 monitoring filters:1 for changes just to GPO1 for users being added to to Domain Admin security groups. I figured out how to monitor GPO however eventID 5136 also logs...
View ArticleForwarding raw logs to QRadar
We are attempting to forward logs from LEM to QRadar because of bandwidth concerns. Previously, we used IBM's WinCollect agent to send them directly to the QRadar collectors. However, the subsidiary...
View ArticleClik here to view.
Setting up FIM, Directory/Registry to monitor is blank
I am attempting to a a new rule for monitor creation of specific registry and file entries. I go through and add a new FIM connector, add a new Condition but when I click the browse button to select...
View ArticleSolarwinds LEM Duplicate EMAIL ALERTS
HI All, I am receiving email alerts from two different email addresses of solarwinds LEM. (LEM@solarwinds.com& lem@solarwinds.com).Please let me know how I can disable one of them and receive only...
View ArticleWe have a requirement to audit all Applocker EXE and DLL events on all of our...
We have a requirement to audit all Applocker EXE and DLL events on all of our servers; how do I set up LEM to make this information available and prominent? We have our Group Policy configured to audit...
View ArticleHelp troubleshooting duplicate email alerts
I am having difficulty troubleshooting my email alerts. I have gotten the email templates setup correctly and all of the information looks good (using account modification email template and I added...
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticleLEM Agents Remote Deployment
Hi there, I am trying to install LEM agents remotely on Windows machines using Windows remote agent installer. The machines I am trying to install agents on were not found automatically by the agent...
View ArticleSOLAR WINDS LEM NESSUS CONNECTOR
All, I have exported nessus scan file and configured connector for the directory where exported nessus scan file is placed.But I am getting below errors. Description: Recoverable IOException while...
View ArticleReduce the number of SolarWinds TriGeo alerts from LEM
We seem to get a lot of alerts for computer account changes and other things that seem to be part of regular operations. Is there a way to fine tune and turn down the number of notifications.
View ArticleMcAfee
Hello, How to show logs from McAfee, when McAfee can't work for specific user. Thanks
View ArticleRSL Error (LOG & Event Manager)
Dear All, I am getting RSL error Flex Error #1001: Digest mismatch with RSL Redeploy the matching RSL or relink your application with the matching library.I have tried following steps but unable to...
View Articleconnector discovery already running (adding a node)
I am attempting to search for nodes, but the LEM says "connector discovery is already running. Cannot run at this time". I have searched for nodes before, but it has not been running for 24 hrs. Any...
View Article