Do you use logs for security and compliance (and maybe IT ops), especially...
Hey everyone, We're doing some research into how you use log data for security and compliance, and how that overlaps with how you use log data for IT operations. If you use LEM, Kiwi, or NPM/SAM, or...
View ArticleUser roles privilege rights
Under the view role, I can see a list of "Area" that a role could "Access", "Modify" and "Audit". For example, an administrator could audit but not access the filter output. Actually, what is the...
View ArticleRule Request - Admins Browsing the Web
I need a rule that checks for admins logging on servers and browsing the web. Is this possible?
View Articlesnort output server setup
I have a physical snort box, and I am trying to get it to send logs to my SolarWinds LEM, I set it to the output to the IP of the SolarWinds LEM but it doesn't pick up anything. I am using OpenSuse...
View ArticleWhitelist specific USB Device model - LEM
We have a specific model of USB device that we are trying to whitelist for one of our networks. We have used the pre-defined rule and added the ExtraneousInfo which is USB\VID.....etc and confirms it...
View ArticleLEM: Is there a way to delete old data from the alerts database and/or set...
I have close to two years worth of data in my LEM now. I'm also experiencing slow response-times and/or timeouts when executing nDepth searches. I'm guessing this is directly relating to the size of...
View ArticleIIS 7.5 log time discrepancy
I recently started using the Microsoft IIS W3C v7.0 connector to monitor IIS logs on a server. Initially, there was a 5 hour discrepancy between the Insertion Time and the Detection Time. (Detection...
View ArticleDoes LEM generate a SMTP request on TCP 25 to the SMTP server each time a...
I created simple rule. I would like the rule to send an email to me when it triggers. I have configured the email Connector (Email Active Response) to communicate with our SMTP server via TCP Port...
View ArticleHow do I get MAC addresses in an alert when an AP goes down?
I am having trouble getting the MAC address for an AP in an alert when the AP goes down. I am using ${AP_MAC} but it's coming out blank. Does anyone know how to get the mac address? Thanks, Nuruddin
View ArticleLog and Event Manager space
Hello, We have the log and event manager and it is consuming a lot of space (244gb out of 250 allocated to it) How do we slim that down? Regards David
View ArticleNew Log & Event Manager (LEM) Library & Support Page!
We've updated the Log & Event Manager (LEM) - Updated September 16, 2014 support page. This serves as a one-stop shop for all your LEM documentation, how-to's, troubleshooting, and more. You can...
View ArticleImplementing Login or Warning Banner
When logging into the application, is it possible to implement a login or warning banner? It's a must for DoD folks. When you SSH in, the option is there, and I've been able to implement. Looking for...
View ArticleIs there a way to monitor disk space in LEM?
We are already doing this through Orion but i'm wondering if it can be done through LEM as well?
View ArticleAdding a Syslog node
I am running a practice VM of Solarwinds LEM at home. I have a dlink router which used to send logs(web access) via syslog to kiwi syslog server. At about 1500 logs per hour. I changed the dlink router...
View ArticleMaximum LEM volume size?
What is the maximum size I can increase my LEM volume to for maximizing my log data retention?
View ArticleLog and Event Manager space
Hello, We have the log and event manager and it is consuming a lot of space (244gb out of 250 allocated to it) How do we slim that down? Regards David
View ArticleClik here to view.
CIDR Notation for LEM rule
Hi, I would like create a rule in LEM that will give me an alert whenever it detects any logins failed or successful from external IP (Public IP). I plan to use the filter below (sample only for...
View ArticleLEM - Mount error 13
I am able to mount a Windows share folder when I do a syslog export from LEM to my share folder.But when I try to do an archive job to the same share folder path using the same credentials, it gives me...
View ArticleRule Request - Admins Browsing the Web
I need a rule that checks for admins logging on servers and browsing the web. Is this possible?
View ArticleI can not get my SWLEMReports.exe to run.
When I try to run my Reports 6.0 I get error msg: "The Crystal Reports run-time engine is missing" and sometimes, "cslibu-2-0-0.dll missing". Uninstalled, Re-ran ReportsAndCrystal.exe, deleted dir,...
View Article