Logon failed while running LEM reports
Hi, After installing Log and Event Manager Reports, while running a report, its showing this error: Logon failed. Error code: -2147189176, What is this error and how can it be resolved so I can run...
View Articlesaved ndepth searches disappeared but email sent
After I rebooted the appliance through putty, i lost the saved searches however the email is still being sent. I am unable to see the saved searches. Anyone experience this?
View ArticleClik here to view.
Scan for new node running for hours
Hi there, Thanks for reading. I'm seeing a node discovery is running for a few hours now. It appears to be active but my network just isnt' that big! I'm checking the CLI to see if messages from...
View ArticleClik here to view.
Login failed LEM reports
i am trying to get all log messages from the LEM reports. I installed the Reports and Crystal runtime file on my computer which was not a big issue. But everytime i try to add a manager i can"t ping...
View ArticleConfigure data compression?
Is there a way to configure LEM data compression in such a way to maintain more and/or less uncompressed data? Lets say I have a case where I want to have one month of uncompressed data available to...
View ArticleFiltering ASA messages by source interface or mapped address
I have a scenario where we are migrating connections between providers, and during the process both old and new public IP's are valid. In this situation traffic can enter from either outside2 (old...
View ArticleHow LEM manages logs with different time zone or no time zone
There would be a case where appliances being managed are in different countries and in different time zones and LEM is in different time zone. Product like fortigate doesnt give time zone information...
View ArticleLEM getting alerts from some DCs but not others?
I've been setting up alerts for changes made in the Domain Admin group and everything is going well - I have rules to send emails immediately, filters to view in the Monitor section real-time, and...
View Articlemonitor AD group membership changes
All-I have a large number of active directory groups that need to be monitored. the groups in question all have a naming convention of "SG-servername_Support". I want to be able to have an notification...
View ArticleBest endpoint protection and hardening for LEM VM?
We want to stay extremely hardened, so I'm wondering what might be the best endpoint real-time anti-malware software I can run on our Log & Event Manager VM? Any other hardening suggestions for LEM?
View ArticleAD authentication in LEM
I have been asked to configure LEM to use Active Directory credentials for users to log on with. I have the Directory Service Query tool configured per the documentation, and have added both a...
View ArticleLogon failed while running LEM reports
Hi, After installing Log and Event Manager Reports, while running a report, its showing this error: Logon failed. Error code: -2147189176, What is this error and how can it be resolved so I can run...
View ArticleIntegrating Cisco Nexus switch with LEM
I am trying to integrate Cisco Nexus 5K switches with LEM as a syslog node, but having no luck. Does LEM support NX-OS? I found the attached, which was very helpful while integrating an ASA, but...
View Articlesaved ndepth searches disappeared but email sent
After I rebooted the appliance through putty, i lost the saved searches however the email is still being sent. I am unable to see the saved searches. Anyone experience this?
View ArticleUSB Defender - RW & Modify detection/action
Within LEM, is it possible to create a rule that will notify an email list when someone copies or modifies a PST or EXE file to or from a USB drive?
View ArticleClik here to view.
LEM nDepth Results vs Result Details
I'm searching raw log messages using text input mode in the ndepth window. I put in my search terms, define a time range and send off the search. When the search completes, the histogram shows some...
View ArticleCan we write such rule?
Alert if there are Five failed logon attempts are tried from different usernames from the same IP within 15 minutes and after that if there is a successful login occurs from the same IP in next one hour?
View ArticleEvent Collection Failure Alert
Over the past several weeks we have had two instances in which our appliance stopped collecting logs from all systems. However, as the appliance was still up and running, we had no idea that this was...
View ArticleLEM - Mount error 13
I am able to mount a Windows share folder when I do a syslog export from LEM to my share folder.But when I try to do an archive job to the same share folder path using the same credentials, it gives me...
View ArticleExternal Threat database
Can I integrate LEM with external threat database?Does internal threat database of LEM check BAD IP and DOMAIN both?
View Article