How to detect SQL Injection Attacks?
I am curious how you would configure a LEM correlation rule to capture a SQL injection attack? I see that there is a User Defined Group called "XSS and SQL Injection Vectors" but I am not sure exactly...
View ArticleLEM SMS Alerting
All, I am wondering if anyone has been able to configure an LEM rule to alert them via SMS? I recall pre 5.7 that you could call a script, but cannot see that option any more in 5.7.0. I suspect it is...
View ArticleTriGeo Alert Email
I have been getting alerts from LEM that I have no idea where they are coming from. The only thing in the body of the email is "at"..... Does anyone have any ideas where I can start to look for this...
View ArticleHeartbleed and the LEM
Hey all! We've had only one person four people call into support to ask this so far that I know of, but I figure I'll post this: The LEM is safe from Heartbleed. If you don't know what Heartbleed is,...
View ArticleNeed help with correlating two events
We have a client that would like to get emailed alerts when an account with administrative privileges logs in. I've found two events that occur together that indicate the use of an administrative...
View ArticleLEM agent question
Does the spop.conf query its info directly from a file on the LEM box? For some reason when installing the agent on a brand new machine the spop.conf is populating with the old appliance IP address....
View ArticleAD authentication in LEM
I have been asked to configure LEM to use Active Directory credentials for users to log on with. I have the Directory Service Query tool configured per the documentation, and have added both a...
View ArticleShould SolarWinds support be allowed to close calls without customer agreement
Quite often if I send a support request that proves difficult for support to answer they seem to just wait a few days and then close the call, I think they should have customer approval to close the...
View ArticleLEM Web Console
HI I'm unable to login with web browser ... it says invalid login .... i've tried admin and password... its not working anyyy help ... bit of urgent ???
View ArticleEmails Stopped
Hi, I have a client who has been using LEM for about 4-5 months now, and within the last few weeks (without any changes to the system), Email alerts have stopped being sent out. They have tested the...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleChangeDomainMember; what is going on?
For some reason I get an awful lot of ChangeDomainMember events stating: Computer account "DOMAIN\PCNAME$" changed "-". The insertion IP is from one or the other of our DCs. Any ideas what causes...
View ArticleClik here to view.
How do I change the Data Source Manager in LEM Reports?
When I was installing the Log Event Manager Reports it gave me an option to add a data source manager. I put the wrong server in and now I cant change it! Any ideas? Already tried uninstalling and...
View ArticleClik here to view.
LEM Fortigate IP Blocking bug
Hi, i try automatic action Blocking IP on my Fortigate with OS v5.2.3,build670 (GA). but i have this error message: any ideas? ThanksJiri
View ArticleReceive Email
Is it possible to receive an email when a node is down or being attacked?
View ArticleHow Does Linux CommandLine Auditing Work?
We have the Linux agent installed on some Ubuntu servers and this connector enabled, what mechanism for auditing the command line was this connector designed for or does the agent itself handle the...
View ArticleConfigure LEM as a SYSLOG Server
Hi, I am currently configuring LEM to monitor a small industrial network, (containing 12 devices). Firstly can someone please confirm that LEM is capable of receiving SYSLOG data.If so, is this a...
View ArticleHow to create a Rule and Email template
Hello, I found a premade rule 'Critical User Events'. I activated it. I receive emails, but the items: Action, Date, Info and User are blank. And rightly so, they are not populated in the Actions...
View ArticleLEM Database
Can you get access to the LEM database to do direct SQL queries? Ever since upgrading to 5.7 from 5.4 (via 5.6), the reporting has been unusably slow (if it works at all, yes there is a call open but...
View ArticleLEM Agent - Uninstall
Hi Team, Just need your advise, what if we want to un-install the agent on domain server, do we need/required to restart the server (domain server)? Thank you.
View Article