Configure LEM as a SYSLOG Server
Hi, I am currently configuring LEM to monitor a small industrial network, (containing 12 devices). Firstly can someone please confirm that LEM is capable of receiving SYSLOG data.If so, is this a...
View ArticleAuditing Windows scheduled tasks run using LEM Agent
Hi all, I am curious if anyone has been able to audit windows scheduled tasks running on a windows server where they have deployed the agent and if so, how they can determine the user account used to...
View ArticleLEM - action - forward syslog event to NCM syslog for RTCD
We cannot use Orion/NCM for syslog as our load is too heavy.We actually run syslog-ng on linux server and have agent send to LEM as it couldn't handle natively.Thus, I need to forward syslog events to...
View ArticleCollect Raw Logs
Hi, I have Synology NAS device, where there is no connector for it in LEM. But this device is capable of sending logs to any Syslog server, configured. I want to know if I can receive the raw logs in...
View ArticleDoes LEM offer a generic txt/log file connector that we can use to collect...
Almost like the McAfee Connector. I basically just point it to the scan.log and can receive the data that populates in the log file.
View ArticleClik here to view.
Having trouble getting rules to fire
Should this not send an alert email whenever a user fails to log on to one of the monitored endpoints? The filter appears to be capturing the event, but the rule is not firing. I am not sure what I am...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleConsole not responsive and keeps crashing
I am experiencing horrible performance in the console. The console session will crash my browser session. This is interesting because the appliance has been running for 8 weeks during a demo with no...
View ArticleLEM versus ArcSight
I have been doing some research on SIEM and and SOC, specifically managed SOC's or MSSP's. I see that many of them use ArcSight as their SIEM/Log Management solution. I personally don't have any...
View ArticleRule if System event Level Critical, then it sends me an email
Working on Createing a "Rule" so that if there is a "System" event of "Level Critical" that it sends me an email about it. Any tips appreciated. So far I've clicked on Build > Rules, but now...
View ArticleLEM Thoughts of the Week: Tell Your Favorite "Found in the Logs" Story
Some of our favorite moments with LEM have been the stuff that people had no idea was happening or to look for that they uncovered for the first time now that all their data was consolidated. Did you...
View ArticleMaximum LEM volume size?
What is the maximum size I can increase my LEM volume to for maximizing my log data retention?
View ArticleLEM - MS SQL Auditor
Hi All, I am due to install MS SQL auditor for LEM and use it to monitor changes to tables and schemas and wondered if anyone else has had any experiences with this agent? I am also wondering if there...
View ArticleManageEngine.xml (Password Manager Pro) Syslog Connector not working
For some reason all events are unmatched. Any insight would be appreciated. Thanks in advance... Steve Here’s a simple, single event example that maybe someone can identify why the PMPro Connector...
View ArticleClik here to view.
Rule for failed logon
I see a failed logon in LEM, but I can't get this Rule to work. I want it to send me an email when a logon fails. Do you see any problems with this rule:
View ArticleHow to capture failed 'Run as Administrator' events on a Windows domain?
Does anyone have insight into how MS Audit Policy can be used to capture failed 'Run as Administrator' attempts without having to install LEM agents on all workstations? I've been attempting to...
View ArticleLEM Thoughts of the Week: Do you see yourself as a target for attacks? Who's...
Hey guys, Bringing it back to security a bit, we've done some surveys recently in the federal government space and connected this up with other material and it's interesting to read what people think...
View ArticleLEM - What RAID configuration is supported by SolarWinds?
Hi Does anyone know definitive answer for what RAID configuration is support by SW for LEM? Most clients will tend to have their SAN configured in RAID 5 or sometimes RAID 50, which we know is not...
View ArticleLEM Rule for Multiple Failed Logins using multiple account
Hi All, I'm quite new on LEM and I want to make a rule that will give an email alert whenever multiple failed logins were detected from a single source IP that uses multiple account. I've tried...
View ArticleManageEngine.xml (Password Manager Pro) Syslog Connector not working
For some reason all events are unmatched. Any insight would be appreciated. Thanks in advance... Steve Here’s a simple, single event example that maybe someone can identify why the PMPro Connector...
View Article