Non-Business Hours Filter Not Actually Filtering
I am trying to configure a filter to identify logon events that occur outside of business hours. I followed the below article on configuring Time of Day Sets, but LEM is capturing all of the login...
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticlePossible to monitor disk space remaining?
I'm currently using EventSentry to alert me if drives on Windows 2008/2012 virtual machines are running below 5% available space. Can I use LEM to replace EventSentry?
View ArticleLEM ver 6.2.1 - nDepth search by Name and by IP return different results -...
Internal audit is performing searches on a sample set of network devices and noticed that we get different results (both record count and event types) when performing an nDepth search by IP address or...
View ArticleAlert on login attempts of disabled accounts
I am pretty new to LEM (6.3.1) and am having some problems setting up a new rule. I am trying to create a rule that will email me an alert when there is a login attempt of a disabled domain account....
View ArticleMSSQL Audit from remote MSSQL server problem
Hi,before I describe my problem, this is my environment:1 VM that runs SQL Server 2008R2 (from which I need to collect log)1 VM that runs Solarwinds LEM Manager appliance1 VM that runs SQL Profiler,...
View ArticleEventDSC.log
This file located in C:\Windows\SysWOW64\ContegoSPOP\lib has grown to 42GB and is causing the C drive on one of our servers to run out of space.On other servers the file is only 7 kb and we are at a...
View ArticleLEM log question
Hi, We have started seeing in LEM UserLogonFailure account@corp.domain.local. This does not effect the user from logging in. My question is in LEM it shows the destination account as root not the...
View ArticleMS SQL Auditor for MS SQL 2017
I really could use an update on when the version of MS SQL Auditor will be released and if it will support MS SQL 2017
View ArticleSeverity Levels: How are they determined?
Hey all, Does anyone know how the severity levels are determined? We are trying to correlate the severity of Windows Events with the severity levels in LEM, so we can build a filter for just critical...
View ArticleAuditing Group Policy Changes
Hi, Can anyone tell me how to set up a rule to track group policy changes? This is for tracking admin users who modify the Group Policy Object(I am not talking about creating a new one or renaming an...
View ArticleUsing nDepth to monitor GPO changes
Hi, Im learning how to use LEM and monitor our Infrastructure, im trying to monitor GPO changes so I can set up alerts. I have enabled the audits for GPO (screenshot attached). However in LEM, it shows...
View ArticleTime out
Hello, When I explore nDepth for 1 week or for 1 month, it does not finish as a process and notifies "Time Out"What's happening?Does anyone help me to solve this problem? Thanks
View ArticleClik here to view.
Critical Account Logon Failure
Greetings, I came across a thread (https://thwack.solarwinds.com/thread/66209) that described a modified filter that would be good at catching someone trying to guess user passwords without locking...
View Article4656 event log with FIM on windows 7 machine filter
I get the event below from a windows 7 workstaion frequently. Thoughts? Event FieldInformationOperationTypeObjectOpenFailureAccessPropertiesMask:...
View ArticleLEM: How to access printer log events (syslog)?
I want to monitor a few key printers via syslog. All are HP devices, and I've logged into them and set the syslog properties to point at my LEM with the appropriate IP address and priority. I went to...
View ArticleLEM Reports - What Special Characters Not Allowed in Password
All; I just lost a day trying to figure why I could not run a report. It was locking my account on the domain.Finally I realized there was a %, \ and a ; in the password. There was nothing telling me...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleLEM and Fortigate v5.2.3,build670 (GA)
Hi all, i have problem with my LEM. I need monitoring our Fortigate 60D with FortiOSv5.2.3,build670 (GA). I set fortigate to send syslog message to LEM, but in LEM i see only ,,Unmatched Fortigate 5.0...
View ArticleRegistering locking and unlocking of workstations
Hello Fellow Thwackers, I am trying to see if I can register locking and unlocking of workstations. This is more of an automated way to do a little grassroots testing, but wanted to see if it could be...
View Article