Application Log Event
We monitor logon events and produce a report of which admins logged on where for auditing purposes. I wrote a quick powershell prompt that asks them to input the reason why they are logging into the...
View ArticleModify filtered reports in windows 8.1
Hi Guys, Is it possible to modify a report in windows 8.1? i have been trying to do this, but no luck until now. i have followed the steps in this knowledge base, but i think this is for windows xp...
View ArticleNeed help with correlating two events
We have a client that would like to get emailed alerts when an account with administrative privileges logs in. I've found two events that occur together that indicate the use of an administrative...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleLEM vs PaperTrail
Do you have a document that explains the feature differences between PaperTrail and Log & Event Manager? Thank you,Jason Henson
View ArticleLEM Report/Alert for Cisco ASA VPN Usage
We would like to create a report for VPN logins/logouts and also have a real time alert for when someone is logged in or out. The device is a Cisco ASA. Any help on whether this is possible or not...
View ArticleClik here to view.
LEM Result Details - Can this be formatted in the web console?
So LEM has some REAL good details when you ask it for things. But this guy with all the text all over the place makes things sometimes hard to read - is there anyway anyone knows to format it so like...
View ArticleClik here to view.
VPN Report
I have created a filter for my VPN using the UserAuthAudit. I am trying to run the reports in LEM reports, but i don't see any report tittle named UserAuthAudit. I can do it with the Network Traffic...
View ArticleNCUA - examiner reports
Hi All,we are new to LEM & Reports and my understanding that there is a report available for NCUA (credit union industry IT audit/examiners) ? where i can find this and if not available as a...
View ArticleBackup LEM to DFS Share?
All, Can I back up LEM to a DFS share? Over the weekend the group which admin the servers at my company made a change from CIFS share to DFS share. Now I get an error when I attempt to back LEM...
View ArticleClik here to view.
Sourcefire LEM agent
I installed the LEM 6.1.0 64bit Linux agent on a clients Sourcefire Defense Center servers and I am unsure if the installation was truly successful. Both servers I performed the installation on...
View ArticleLEM Log Retention settings
Hi All, How can I check LEM log retention settings? I've already read some discussion about this and learned that LEM is configured to automatically purge the oldest logs, but how can I check if our...
View ArticleUsing a Threat Intelligence Feed with LEM?
I am curious if anybody out there is using LEM in conjunction with a Threat Intelligence feed? I realize that LEM doesn't currently accept any of the feed protocols; however, I have seen that some...
View ArticleSuccess Stories of gaining operational value from LEM
I would really love to hear specific success stores of where people have gained operational value from LEM. I am hoping that by sharing some stories or examples we might all be able to gain new...
View ArticleLast 25 Events on show down nodes
Hi All. I have been looking to find a way to sort out devices in the last 25 events. I only wish to see devices that goes down, i dont want to see when devices comes up again. Does anyone know how to...
View ArticleNCUA - examiner reports
Hi All,we are new to LEM & Reports and my understanding that there is a report available for NCUA (credit union industry IT audit/examiners) ? where i can find this and if not available as a...
View ArticleError with Reports Manager
Ok, I've been bashing my head on this problem for a few days now and I'm calling in for reinforcements! Just joined a new organization using LEM, and I'm happily learning all it can do. However I...
View ArticleLEM agent question
Does the spop.conf query its info directly from a file on the LEM box? For some reason when installing the agent on a brand new machine the spop.conf is populating with the old appliance IP address....
View ArticleGetting LEM to understand logs
Hi,New to the LEM platform and possibly why we are facing a tough time pointing logs/events from different devices to LEM for successful identification. Most logs turn up as NewToolData.We have found...
View ArticleManaging multiple LEM appliances
As we expand our number of LEM appliances I am finding I need a method for centralized management and I am curious what the best way to do this would be? We are a solution provider that implements...
View Article