Logon failed while running LEM reports
Hi, After installing Log and Event Manager Reports, while running a report, its showing this error: Logon failed. Error code: -2147189176, What is this error and how can it be resolved so I can run...
View ArticleCisco ASA and syslog severity levels
What severity level is recommended for Cisco ASA? Thoughts? We are seeing dropped connection and this feels informational. Cisco ASA 5500 Series Configuration Guide using the CLI, 8.2 - Configuring...
View ArticlenDepth : find source of AD account deletion
I want to get builld an nDepth filter to find the source of an active directory account deletion. I wouldn't mind getting email alerts for this either. but primarily I need to build an nDepth filter...
View ArticlePowershell event logging
PowerShell v5 has improvements for logging and a new Event Group PowerShell (in v2 the group was called Windows PowerShell)It would be really useful to have a connector for this
View ArticleMaximum LEM volume size?
What is the maximum size I can increase my LEM volume to for maximizing my log data retention?
View ArticleAgent Log Forwarding?
In our environment, we are about to have three different networks. For simplicity, I will call them A, B, and C. The situation:Network A can talk to Network B.Network B can talk to Network C.Network A...
View ArticleCheckpoint connector for r75.40 SPLAT
Hi guru, Please help me to get Checkpoint r75.40 SPLAT log into LEMI tried OPSEC/Check Point NG LEA Client but it fails to startMany thanks
View ArticleHow do I search a string in a log?
I'm using LEM on a client. But not this bringing the logs. And I need to know how to search for a string (word) within the logo. How to do this?
View ArticleLog Forwarder Syslog Message Text missing
Guys, I'm running the log forwarder on my Windows 2008 SP2 (not R2) domain controllers and subscribing to many events that I forward to my Kiwi Syslogger running on Windows 2012 R2. From there I have...
View ArticleLEM and USB defender on surface book
I've been testing LEM and USB defender on my MS Surface book with Virtual Box and have been enjoying the experience the trial is providing. The USB defender works well on my Surface book as a test...
View ArticleCorrelation condition for port scan
What is the ideal correlation condition for port scan? I mean the No of Events per Second so it doesn't result in to false positives.
View Articlei created a custom filter. now how do i generate a report from this ?
how do i generate a report from a custom filter? preferably in excel?
View ArticleData Compression
Does LEM agent performs data normalization and compression both? If yes, how much the compression is done by agent before it sends data to LEM manager? In my case, I would be pointing Firewall to send...
View ArticleStop logging AV checks
I assume this has been answered before, but I'm new to everything Solarwinds. We have 14 nodes, and those nodes consume 2TB of transaction logs every 4 weeks. I have notice a HUGE number of...
View ArticleBrute force attack
Is there any default rule in LEM to detect below attacks? If not with default, How can we create custom rules for them? BruteForce AttackDirectory Harvesting AttackInValid TCP Traffic
View ArticleThreat Intelligence with LEM
How threat intelligence with LEM works for Syslog traffic received from Firewall/UTM? Does it check IP reputation with external threat database or downloads and stores threat database locally on...
View ArticleLEM Portscan rule
Hi all, I have a question based on LEM portscan conditions. See attached snapshot for guidance.I want to create a portscan rule which will ignore posrtscan activities originating from public IP's, but...
View ArticleClik here to view.
LEM vulnerability, how to solve it?
Becauseinformation securitypolicy,Vulnerability scanningmust bedoneusingIPS,There is avulnerabilityscan results follows,How do Irepairit ?HTTP Server Prone To Slow Denial Of Service AttackCVE-2007-6750...
View Article