One approach is to use LEM's automatic recycling mechanism to cycle out those old nodes that haven't connected in a long time. We built this to help people in VDI environments automatically delete dynamically provisioned systems.

Manage > Appliances > Properties

An agent node will only "reconnect" to a previous agent's connection if the certificates match, otherwise it's considered a new node and there's not really a way to work around it. You could offload the certs as a part of de-provisioning and copy them back as a part of re-provisioning with some scripts, but that's about all I can come up with.

This is what i see when i double click on a node.

I am trying to add some windows desktops to the LEM console, but i can;t see the the computers when i run the Remote Agent Installer. All the computers are on the same domain. The only difference is the IP range. Could that be a issue why i am not seeing the computers? Is it also necessary to integrate my DNS server with LEM for this issue?

In the sourcefire admin console for configuring syslog "alert" is a facility option, there is an option for priority as well 2 separate items and "alert" is an option for both.  That being said I can choose from a list of other facilities like Local0

are the log directories that are listed via the checklogs command the only ones I can use?  It seems odd that the connector would by default reference a log path that does not exist.

It's possible the default path was written for a different scenario, like running the connector on a linux agent. Or, maybe we just carried over the wrong default from the snort connector. Hard to say.

There is no alert.log on the LEM appliance, though, for sure (I checked). Using something like local0 will make it super easy to configure (/var/log/local0.log).

I started off by completed removing the agent and re-installing and the same computer checked in as a universal node again. I'll check these logs and report back.

Spop log shows a communication issue, but the ports are open, they have been open for almost a year now since our initial deployment. And it's checking in with the manager as it does show up as a node, but just the wrong type and as disconnected. This is also agent 6.1 (6.0 was installed initially)

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [AgentVersionHeaderProvider] {main:1} SolarWinds Log and Event Agent (Release: 6.1.0[release] build: 6.1.0.448.474828)

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [Contego] {main:1} Java version: 1.7.0_65 Java home: C:\Windows\system32\ContegoSPOP\jre1.7.0_65

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [LogbackUtils] {main:1} Setting logging com.solarwinds.lem.communication.xml to level INFO

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [LogbackUtils] {main:1} Setting logging ROOT to level INFO

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [LogbackUtils] {main:1} Setting logging org.glassfish.grizzly to level WARN

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [LogbackUtils] {main:1} Setting logging org.springframework to level WARN

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [Contego] {main:1} Event memory was set to: 1000

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [Contego] {main:1} Events per queue was set to: 100000

(Wed Jul 08 17:11:43 EDT 2015) WW:WARNING [Contego] {SPOP:8} Starting TriGeo Agent (Release 6.1.0) build 6.1.0.448.474828

(Wed Jul 08 17:11:43 EDT 2015) WW:WARNING [SpopModule] {SPOP:8} build server version string: 6.1.0.448.474828

(Wed Jul 08 17:11:43 EDT 2015) WW:WARNING [InDepthConfigProps] {SPOP:8} nDepth enabled via default because InDepthEnable not present

(Wed Jul 08 17:11:43 EDT 2015) WW:WARNING [InDepthConfigProps] {SPOP:8} indepth.conf not found at C:\Windows\system32\ContegoSPOP\indepth.conf

(Wed Jul 08 17:11:43 EDT 2015) WW:WARNING [RawDataClient] {SPOP:8} Status Inactive

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [UpdateClient] {SPOP:8} OS signature: Windows XP;5.1;x86

(Wed Jul 08 17:11:43 EDT 2015) II:INFO [UpdateClient] {SPOP:8} Update Bootstrap initialized

(Wed Jul 08 17:11:43 EDT 2015) WW:WARNING [Contego] {SPOP:8} Initializing database

(Wed Jul 08 17:11:43 EDT 2015) WW:WARNING [Contego] {SPOP:8} Database Initialized

(Wed Jul 08 17:11:44 EDT 2015) WW:WARNING [Contego] {Initialize Communications:10} Initializing Agent communications

(Wed Jul 08 17:11:44 EDT 2015) WW:WARNING [Contego] {Initialize Connectors:13} Initializing ConnectorAPI

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [BuffBytesOneReaderOneWriter] {Initialize Communications:10} CommDataQueue BBS configured to queue directory: spop\q\CommDataQueue

(Wed Jul 08 17:11:44 EDT 2015) WW:WARNING [Communications] {Initialize Communications:10} Operating System == Windows XP;5.1;x86

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} adding filename: Windows Active Response.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} windowstoolfile: Windows Active Response

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} adding filename: Windows Active Response.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} windowstoolfile: Windows Active Response

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConnectorControllerModuleImpl] {Initialize Connectors:13} SESSIONS_LOCATION: C:\Windows\system32\ContegoSPOP\6.1.0\ext\

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConnectorControllerModuleImpl] {Initialize Connectors:13} TOOLS_LOCATION: C:\Windows\system32\ContegoSPOP\6.1.0\ext\

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} adding filename: Windows Active Response.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} windowstoolfile: Windows Active Response

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} adding filename: Windows Active Response.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ConvertToolSettings] {Initialize Connectors:13} windowstoolfile: Windows Active Response

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [WindowsCommandsSession] {Initialize Connectors:13} Windows Actions Loaded

(Wed Jul 08 17:11:44 EDT 2015) WW:WARNING [Contego] {Initialize Connectors:13} Initializing FAST

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [FastCenter] {Initialize Connectors:13} Initializing

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [FastCenter] {Initialize Connectors:13} Loaded connector pack : C:\Windows\system32\ContegoSPOP\tools\ntapplication.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [FastCenter] {Initialize Connectors:13} Loaded connector pack : C:\Windows\system32\ContegoSPOP\tools\ntsecurity.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [FastCenter] {Initialize Connectors:13} Loaded connector pack : C:\Windows\system32\ContegoSPOP\tools\ntsystem.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [FastCenter] {Initialize Connectors:13} Loaded connector pack : C:\Windows\system32\ContegoSPOP\tools\vistasecurity.xml

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [FastCenter] {Initialize Connectors:13} Online

(Wed Jul 08 17:11:44 EDT 2015) II:INFO [ComStoreInfo] {Initialize Communications:10} store values: alias:  trustedStore: spop\hierarchy.trigeo privateStorespop\private.trigeo

(Wed Jul 08 17:11:45 EDT 2015) II:INFO [ComStoreInfo] {Initialize Communications:10} store values: alias:  trustedStore: spop\hierarchy.trigeo privateStore: spop\private.trigeo

(Wed Jul 08 17:11:45 EDT 2015) II:INFO [Communications] {ComModuleSpop:21} We are not installed yet, certificates missing

(Wed Jul 08 17:11:45 EDT 2015) WW:WARNING [NioComNetworkParent] {ComModuleSpop:21} Making install request to: qcswlem.qchek.com

(Wed Jul 08 17:11:46 EDT 2015) WW:WARNING [NioComNetworkParent] {ComModuleSpop:21} Install request completed (favorably)

(Wed Jul 08 17:11:46 EDT 2015) WW:WARNING [Communications] {ComModuleSpop:21} This entity has got its certificate signed by the parent.

(Wed Jul 08 17:11:46 EDT 2015) WW:WARNING [ComModule] {ComModuleSpop:21} Opening installed connection to parent.

(Wed Jul 08 17:11:46 EDT 2015) II:INFO [NioComNetworkParent] {ComModuleSpop:21} Creating Nio Center for Client.

(Wed Jul 08 17:11:46 EDT 2015) WW:WARNING [NioCenterOnClient] {ComModuleSpop:21} Initializing Nio Center.

(Wed Jul 08 17:11:46 EDT 2015) II:INFO [NioComNetworkParent] {ComModuleSpop:21} Starting Nio Center for Client thread.

(Wed Jul 08 17:11:46 EDT 2015) II:INFO [NioSelectorOnClient] {NioComNetworkParent:22} Force flush after every nio write: false

(Wed Jul 08 17:11:46 EDT 2015) II:INFO [NioSelectorOnClient] {NioComNetworkParent:22} Send socket buffer size: 65536

(Wed Jul 08 17:11:46 EDT 2015) II:INFO [NioSelectorOnClient] {NioComNetworkParent:22} Receive socket buffer size: 8192

(Wed Jul 08 17:11:46 EDT 2015) WW:WARNING [NioCenterOnClient] {NioComNetworkParent:22} Nio Center successfully initialized.

(Wed Jul 08 17:11:46 EDT 2015) WW:WARNING [NioCenterOnClient] {NioComNetworkParent:22} Nio Center Connecting.

(Wed Jul 08 17:11:46 EDT 2015) II:INFO [NioSelectorOnClient] {NioComNetworkParent:22} Successful binding to host: 0.0.0.0/0.0.0.0:37893 , on port: 37893

(Wed Jul 08 17:12:07 EDT 2015) EE:ERR [NioSelectorOnClient] {NioComNetworkParent:22} Connection status: Unable to complete nio connection to address qcswlem.qchek.com:37892

java.net.ConnectException: Connection timed out: connect

  at sun.nio.ch.Net.connect0(Native Method) ~[na:1.7.0_65]

  at sun.nio.ch.Net.connect(Unknown Source) ~[na:1.7.0_65]

  at sun.nio.ch.Net.connect(Unknown Source) ~[na:1.7.0_65]

  at sun.nio.ch.SocketChannelImpl.connect(Unknown Source) ~[na:1.7.0_65]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.tryToConnect(NioSelectorOnClient.java:256) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.connect(NioSelectorOnClient.java:226) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.initiateConnection(NioSelectorOnClient.java:154) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.connect(NioCenter.java:273) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.run(NioCenter.java:249) [lem_core.jar:6.1.0.448.474828]

  at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

  at com.trigeo.util.TriGeoThread.run(TriGeoThread.java:52) [lem_util.jar:6.1.0.448.474828]

(Wed Jul 08 17:12:10 EDT 2015) EE:ERR [NioSelectorOnClient] {NioComNetworkParent:22} Connection status: Unable to complete nio connection to address qcswlem.qchek.com:37892

java.nio.channels.ClosedChannelException: null

  at sun.nio.ch.SocketChannelImpl.ensureOpenAndUnconnected(Unknown Source) ~[na:1.7.0_65]

  at sun.nio.ch.SocketChannelImpl.connect(Unknown Source) ~[na:1.7.0_65]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.tryToConnect(NioSelectorOnClient.java:256) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.retryConnection(NioSelectorOnClient.java:240) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.connect(NioSelectorOnClient.java:229) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.initiateConnection(NioSelectorOnClient.java:154) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.connect(NioCenter.java:273) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.run(NioCenter.java:249) [lem_core.jar:6.1.0.448.474828]

  at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

  at com.trigeo.util.TriGeoThread.run(TriGeoThread.java:52) [lem_util.jar:6.1.0.448.474828]

(Wed Jul 08 17:12:13 EDT 2015) EE:ERR [NioSelectorOnClient] {NioComNetworkParent:22} Connection status: Unable to complete nio connection to address qcswlem.qchek.com:37892

java.nio.channels.ClosedChannelException: null

  at sun.nio.ch.SocketChannelImpl.ensureOpenAndUnconnected(Unknown Source) ~[na:1.7.0_65]

  at sun.nio.ch.SocketChannelImpl.connect(Unknown Source) ~[na:1.7.0_65]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.tryToConnect(NioSelectorOnClient.java:256) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.retryConnection(NioSelectorOnClient.java:240) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.connect(NioSelectorOnClient.java:229) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.initiateConnection(NioSelectorOnClient.java:154) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.connect(NioCenter.java:273) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.run(NioCenter.java:249) [lem_core.jar:6.1.0.448.474828]

  at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

  at com.trigeo.util.TriGeoThread.run(TriGeoThread.java:52) [lem_util.jar:6.1.0.448.474828]

(Wed Jul 08 17:12:16 EDT 2015) EE:ERR [NioSelectorOnClient] {NioComNetworkParent:22} Connection status: Unable to complete nio connection to address qcswlem.qchek.com:37892

java.nio.channels.ClosedChannelException: null

  at sun.nio.ch.SocketChannelImpl.ensureOpenAndUnconnected(Unknown Source) ~[na:1.7.0_65]

  at sun.nio.ch.SocketChannelImpl.connect(Unknown Source) ~[na:1.7.0_65]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.tryToConnect(NioSelectorOnClient.java:256) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.retryConnection(NioSelectorOnClient.java:240) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.connect(NioSelectorOnClient.java:229) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.client.NioSelectorOnClient.initiateConnection(NioSelectorOnClient.java:154) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.connect(NioCenter.java:273) [lem_core.jar:6.1.0.448.474828]

  at com.trigeo.core.communications.nio.NioCenter.run(NioCenter.java:249) [lem_core.jar:6.1.0.448.474828]

  at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

  at com.trigeo.util.TriGeoThread.run(TriGeoThread.java:52) [lem_util.jar:6.1.0.448.474828]

(Wed Jul 08 17:12:19 EDT 2015) EE:ERR [NioSelectorOnClient] {NioComNetworkParent:22} Connection status: Unable to complete nio connection to address qcswlem.qchek.com:37892

I'm running watchlog now and it's showing nothing at all, is that good or bad? Does it show only errors?

On the impacted machines, can you telnet to the LEM on port 37892?  That connection appears to be failing.

Does DNS on the impacted systems come up with the right IP for qcswlem.qchek.com?

Yes the telnet test on port 37892 to the LEM works successfully. And it did it with dns name so it is resolving correctly also.

I apologize I was not running watch log properly, but here is a brief output of it. Several nodes say connected, but are not visible in the console. Specifically node 172.16.169.2

BO_BACKUP.qchek.com ): Disconnect reason: Unable to accept Nio Child, severing pre-existing connection ConnectionsKey:109521

(Thu Jul 09 17:32:10 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451032 Unable to register the online agent:

(Thu Jul 09 17:32:10 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} NIODisconnect: Unable to send disconnect/InternalAgentOffline to agent because id is null

(Thu Jul 09 17:32:10 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451032 Unable to register the online agent:

(Thu Jul 09 17:32:11 EDT 2015) WW:WARNING [NioSelectorOnServer] {NioReads-1:65} Could not read from connection '172.16.169.74' during read state: nio read case: READY: ConnectionsKey:2451035

(Thu Jul 09 17:32:11 EDT 2015) WW:WARNING [NioComNetworkChild] {NioReads-1:65} Reporting canceled key: ConnectionsKey:2451035 Could not read from connection during read state

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001465 Agent name: store123vm1.qchek.com ):  Disconnect reason: Sending message: Nio does not have a valid connection for the key

(Thu Jul 09 17:32:14 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} Unable to accept nio child: Agent is already online: 172.16.223.76 / store123vm1.qchek.com/10001465

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001465 Agent name: store123vm1.qchek.com ):  Disconnect reason: Unable to accept Nio Child, stopping new connection before it completes: ConnectionsKey:2451033

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001465 Agent name: store123vm1.qchek.com ):  Disconnect reason: Unable to accept Nio Child, severing pre-existing connection ConnectionsKey:77783

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451033 Unable to register the online agent:

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001609 Agent name: WIN7BO_BACKUP.qchek.com ):  Disconnect reason: Sending message: Nio does not have a valid connection for the key

(Thu Jul 09 17:32:14 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} Unable to accept nio child: Agent is already online: 172.16.4.29 / WIN7BO_BACKUP.qchek.com/10001609

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001609 Agent name: WIN7BO_BACKUP.qchek.com ):  Disconnect reason: Unable to accept Nio Child, stopping new connection before it completes: ConnectionsKey:2451034

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001609 Agent name: WIN7BO_BACKUP.qchek.com ):  Disconnect reason: Unable to accept Nio Child, severing pre-existing connection ConnectionsKey:109521

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451034 Unable to register the online agent:

(Thu Jul 09 17:32:14 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} NIODisconnect: Unable to send disconnect/InternalAgentOffline to agent because id is null

(Thu Jul 09 17:32:14 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451033 Unable to register the online agent:

(Thu Jul 09 17:32:15 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} NIODisconnect: Unable to send disconnect/InternalAgentOffline to agent because id is null

(Thu Jul 09 17:32:15 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451034 Unable to register the online agent:

(Thu Jul 09 17:32:17 EDT 2015) EE:ERR [StatusInfoHandler] {XML Communication Worker - 5:277} Recieved status from an unknown agent 10000934

(Thu Jul 09 17:32:17 EDT 2015) EE:ERR [MessageCentral$RequestResponseHandler] {XML Communication Worker - 5:277} Runtime Error processing the request com.solarwinds.lem.protocol._1_0.modman.StatusInfo@6873f7e8[id=607, statusProperties={com.solarwinds.lem.protocol._1_0.modman.StatusProperty@1598d5eb[name=com.solarwinds.lem.connectors.NT Application, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@65044260[name=com.solarwinds.lem.connectors.VistaSecurity, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@7aa1e06f[name=com.solarwinds.lem.connectors.NtSystem, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@1995d64f[name=com.solarwinds.lem.minifilter.registered, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@3c28e9a8[name=com.solarwinds.lem.connectors.fimfiledir, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@22043373[name=com.solarwinds.lem.minifilter.loaded, value=true]}]

1. java.lang.IllegalArgumentException: The agent does not exist in the manager tree

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.processStatuses(StatusInfoHandler.java:62) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.handleRequest(StatusInfoHandler.java:49) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.handleRequestRead(MessageCentral.java:207) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.channelRead(MessageCentral.java:190) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.readWhenActive(ConnectionStateHandler.java:174) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.channelRead(ConnectionStateHandler.java:71) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.LEMProtocolHandler.channelRead(LEMProtocolHandler.java:119) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:108) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:253) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:126) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:485) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:452) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:346) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

(Thu Jul 09 17:32:17 EDT 2015) EE:ERR [StatusInfoHandler] {XML Communication Worker - 5:277} Recieved status from an unknown agent 10000557

(Thu Jul 09 17:32:18 EDT 2015) EE:ERR [MessageCentral$RequestResponseHandler] {XML Communication Worker - 5:277} Runtime Error processing the request com.solarwinds.lem.protocol._1_0.modman.StatusInfo@50f56f7a[id=1608, statusProperties={com.solarwinds.lem.protocol._1_0.modman.StatusProperty@2169dc1c[name=com.solarwinds.lem.connectors.NT Application, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@2cf1c367[name=com.solarwinds.lem.connectors.VistaSecurity, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@3453b63e[name=com.solarwinds.lem.connectors.NtSystem, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@63e1bb48[name=com.solarwinds.lem.minifilter.registered, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@78cea732[name=com.solarwinds.lem.connectors.fimfiledir, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@47430194[name=com.solarwinds.lem.minifilter.loaded, value=true]}]

1. java.lang.IllegalArgumentException: The agent does not exist in the manager tree

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.processStatuses(StatusInfoHandler.java:62) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.handleRequest(StatusInfoHandler.java:49) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.handleRequestRead(MessageCentral.java:207) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.channelRead(MessageCentral.java:190) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.readWhenActive(ConnectionStateHandler.java:174) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.channelRead(ConnectionStateHandler.java:71) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.LEMProtocolHandler.channelRead(LEMProtocolHandler.java:119) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:108) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:253) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:126) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:485) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:452) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:346) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

(Thu Jul 09 17:32:18 EDT 2015) WW:WARNING [ConnectionStateHandler] {XML Communication Worker - 12:284} Caught an exception for channel [id: 0xd2b2c731, /172.16.169.2:37895 => /172.16.8.50:37891] in state ACTIVE. Closing the channel.

1. java.io.IOException: Connection reset by peer

        at sun.nio.ch.FileDispatcherImpl.read0(Native Method) ~[na:1.7.0_65]

        at sun.nio.ch.SocketDispatcher.read(Unknown Source) ~[na:1.7.0_65]

        at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source) ~[na:1.7.0_65]

        at sun.nio.ch.IOUtil.read(Unknown Source) ~[na:1.7.0_65]

        at sun.nio.ch.SocketChannelImpl.read(Unknown Source) ~[na:1.7.0_65]

        at io.netty.buffer.UnpooledUnsafeDirectByteBuf.setBytes(UnpooledUnsafeDirectByteBuf.java:446) ~[netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:871) ~[netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:208) ~[netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:118) ~[netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:485) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:452) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:346) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

(Thu Jul 09 17:32:18 EDT 2015) II:INFO [ConnectionStateHandler] {XML Communication Worker - 12:284} Channel [id: 0xd2b2c731, /172.16.169.2:37895 => /172.16.8.50:37891] in state ACTIVE closed.

(Thu Jul 09 17:32:18 EDT 2015) II:INFO [ConnectionStateHandler] {XML Communication Worker - 12:284} Removing the agent with ID 10000030 and info com.solarwinds.lem.communication.netty.AgentInfo@661125ba[channel=[id: 0xd2b2c731, /172.16.169.2:37895 => /172.16.8.50:37891],agentId=10000030,agentProtocolVersion=1.0].

(Thu Jul 09 17:32:18 EDT 2015) EE:ERR [StatusInfoHandler] {XML Communication Worker - 7:279} Recieved status from an unknown agent 10000890

(Thu Jul 09 17:32:18 EDT 2015) EE:ERR [MessageCentral$RequestResponseHandler] {XML Communication Worker - 7:279} Runtime Error processing the request com.solarwinds.lem.protocol._1_0.modman.StatusInfo@2f99a07c[id=9292, statusProperties={com.solarwinds.lem.protocol._1_0.modman.StatusProperty@ef7454e[name=com.solarwinds.lem.connectors.NT Application, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@be70b8f[name=com.solarwinds.lem.connectors.VistaSecurity, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@6da7df63[name=com.solarwinds.lem.connectors.NtSystem, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@283b14d3[name=com.solarwinds.lem.minifilter.registered, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@3ed43d47[name=com.solarwinds.lem.connectors.fimfiledir, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@6003208a[name=com.solarwinds.lem.minifilter.loaded, value=true]}]

1. java.lang.IllegalArgumentException: The agent does not exist in the manager tree

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.processStatuses(StatusInfoHandler.java:62) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.handleRequest(StatusInfoHandler.java:49) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.handleRequestRead(MessageCentral.java:207) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.channelRead(MessageCentral.java:190) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.readWhenActive(ConnectionStateHandler.java:174) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.channelRead(ConnectionStateHandler.java:71) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.LEMProtocolHandler.channelRead(LEMProtocolHandler.java:119) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:108) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:253) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:126) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:485) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:452) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:346) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

(Thu Jul 09 17:32:20 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001609 Agent name: WIN7BO_BACKUP.qchek.com ):  Disconnect reason: Sending message: Nio does not have a valid connection for the key

(Thu Jul 09 17:32:20 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} Unable to accept nio child: Agent is already online: 172.16.4.29 / WIN7BO_BACKUP.qchek.com/10001609

(Thu Jul 09 17:32:20 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001609 Agent name: WIN7BO_BACKUP.qchek.com ):  Disconnect reason: Unable to accept Nio Child, stopping new connection before it completes: ConnectionsKey:2451036

(Thu Jul 09 17:32:20 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001609 Agent name: WIN7BO_BACKUP.qchek.com ):  Disconnect reason: Unable to accept Nio Child, severing pre-existing connection ConnectionsKey:109521

(Thu Jul 09 17:32:20 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451036 Unable to register the online agent:

(Thu Jul 09 17:32:21 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} NIODisconnect: Unable to send disconnect/InternalAgentOffline to agent because id is null

(Thu Jul 09 17:32:21 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451036 Unable to register the online agent:

(Thu Jul 09 17:32:22 EDT 2015) WW:WARNING [NioComNetworkChild] {Timer-3:40} Reporting canceled key: ConnectionsKey:2450977 DestroyTask cancelling a key

(Thu Jul 09 17:32:22 EDT 2015) EE:ERR [StatusInfoHandler] {XML Communication Worker - 16:288} Recieved status from an unknown agent 10000477

(Thu Jul 09 17:32:22 EDT 2015) EE:ERR [MessageCentral$RequestResponseHandler] {XML Communication Worker - 16:288} Runtime Error processing the request com.solarwinds.lem.protocol._1_0.modman.StatusInfo@6e8fd74e[id=4268, statusProperties={com.solarwinds.lem.protocol._1_0.modman.StatusProperty@25807a97[name=com.solarwinds.lem.connectors.NT Application, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@15f062bd[name=com.solarwinds.lem.connectors.VistaSecurity, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@58e2718b[name=com.solarwinds.lem.connectors.NtSystem, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@7a8c8a43[name=com.solarwinds.lem.minifilter.registered, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@20c97390[name=com.solarwinds.lem.connectors.fimfiledir, value=true],com.solarwinds.lem.protocol._1_0.modman.StatusProperty@9c203c1[name=com.solarwinds.lem.minifilter.loaded, value=true]}]

1. java.lang.IllegalArgumentException: The agent does not exist in the manager tree

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.processStatuses(StatusInfoHandler.java:62) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.manager.handlers._1_0.StatusInfoHandler.handleRequest(StatusInfoHandler.java:49) ~[lem_manager.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.handleRequestRead(MessageCentral.java:207) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.MessageCentral$RequestResponseHandler.channelRead(MessageCentral.java:190) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.readWhenActive(ConnectionStateHandler.java:174) [lem_communication.jar:6.0.1429505.18]

        at com.solarwinds.lem.communication.netty.ConnectionStateHandler.channelRead(ConnectionStateHandler.java:71) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at com.solarwinds.lem.communication.netty.LEMProtocolHandler.channelRead(LEMProtocolHandler.java:119) [lem_communication.jar:6.0.1429505.18]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:108) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:253) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:153) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.invokeChannelRead(DefaultChannelHandlerContext.java:338) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelHandlerContext.fireChannelRead(DefaultChannelHandlerContext.java:324) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:785) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:126) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:485) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:452) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:346) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:101) [netty-all-4.0.14.Final.jar:4.0.14.Final]

        at java.lang.Thread.run(Unknown Source) [na:1.7.0_65]

(Thu Jul 09 17:32:27 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001493 Agent name: 7616POS_Gold.qchek.com ):  Disconnect reason: Sending message: Nio does not have a valid connection for the key

(Thu Jul 09 17:32:27 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} Unable to accept nio child: Agent is already online: 172.16.4.31 / 7616POS_Gold.qchek.com/10001493

(Thu Jul 09 17:32:27 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001493 Agent name: 7616POS_Gold.qchek.com ):  Disconnect reason: Unable to accept Nio Child, stopping new connection before it completes: ConnectionsKey:2451037

(Thu Jul 09 17:32:27 EDT 2015) WW:WARNING [Communications] {NioExitQueueHandler:43} {NioExitQueueHandler:43}Child disconnection signaled: ( id:10001493 Agent name: 7616POS_Gold.qchek.com ):  Disconnect reason: Unable to accept Nio Child, severing pre-existing connection ConnectionsKey:2436691

(Thu Jul 09 17:32:27 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451037 Unable to register the online agent:

(Thu Jul 09 17:32:28 EDT 2015) EE:ERR [NioComNetworkChild] {NioExitQueueHandler:43} NIODisconnect: Unable to send disconnect/InternalAgentOffline to agent because id is null

(Thu Jul 09 17:32:28 EDT 2015) WW:WARNING [NioComNetworkChild] {NioExitQueueHandler:43} Reporting canceled key: ConnectionsKey:2451037 Unable to register the online agent:

I get the windows event codes from https://www.ultimatewindowssecurity.com/

Ones I use are

Domain Admins Group additions and deletions using Auditable Group Events.EventInfo" = Member "*" (added/deleted) from group "XXXXXXXX\Domain Admins"

This emails me when users are added or removed from domain admins

Domain passwords changed using Admin privileges using UserModifyAttribute.ProviderSID = *4724*

This emails me when an admin changes a users password

Create email templates to fill in the who and when and where from details

I must be missing something simple.

I have followed (I think) these steps but I can't seem to get it to work.

SolarWinds Knowledge Base :: Integrating NetApp with LEM 6.x

https://thwack.solarwinds.com/thread/77832

I have auditing enabled on the netapp it is creating an adtlog.evt in the /etc/log directory.

I can open one of those files with Windows and can see the audit information.

Here is what I did:

created a local admin user on the Netapp called netappaudit

created a local admin user called netappaudit on a Windows server with the Solarwinds Agent installed

Configured the service to login as that user.

Added the NetApp connector to the same Windows agent that my netappaudit user is configured on.

for the computer UNC: \\xxx.xxx.xxx   (IP address of the Netapp)

The connector turns green and there are no errors but I never see any of the audit info.

If I change to a domain admin who has rights on the Netapp I will get an RPC error.

Hello.

Seeking for assistance please.

We are monitoring logs from a Fortinet device. Connector used is WS_FTP Connector.

We tried to update the connector to the latest version but still we are having that error "Error Processing Log Messages"

Appreciate any idea please.

Thank you.

Kind Regards,

Leny

Have you tried using the Fortinet connector(s)?

Hey everyone! In case you've missed the announcements or mostly stuck just to your areas of interest on Thwack, here's a reminder about thwackCamp 2015 this week.

For LEM customers and security folks, sessions of interest are:

• Digging for Security Gold: Using Firewall Logs to Find Security Issues (Wednesday, July 15 at 1:00pm Central Time)
  • and
• Crossing the Great Divide: Conversations Between IT, Networking, and Security Ops (Wednesday, July 15 at 11:00am Central Time)

Along with the keynotes, of course. Prizes, discussions, hopefully you learn something, and many of the people who answer questions here on Thwack will be in the live chat.

If you have other SolarWinds products beyond LEM (many of you do), be sure to check out the other sessions in the agenda. There's events for server, database, networking, and lots of food for thought around IT management in general.

Hope to see you there!

Can we get more info about your setup? How did you end up with the WS_FTP connector - was it automatically selected? As byrona mentioned, I'd expect the Fortinet connectors to be a better match, but maybe the automatic process somehow selected the wrong ones? You can manually configure connectors if for some reason the default choice was incorrect.

video on scanning for new nodes: [VIDEO] How to Scan for New Nodes with SolarWinds Log & Event Manager

or, video on using the add node wizard for syslog nodes: [VIDEO] How to Configure Syslog Nodes in SolarWinds Log & Event Manager

or, video with multiple methods, including manual connector configuration: [VIDEO] Adding Nodes, Devices and Systems with Log & Event Manager

Are you able to use the Windows tools to open it remotely by UNC path using that user/password?

Do you see any other Internal events in the "LEM Internal Events" filter related to the connector after you configure and start it?

Anything of note in the agent's log (SWLEMAgent.log, or spoplog.txt, in the agent's running directory, usually c:\windows\syswow64\contegoSPOP\)?

Bonus points - on the agent, if you check out the file readerState.xml (in the tools directory of the above running directory), it's a big fat XML file but you should have a corresponding entry for this connector (search for NetApp) - for that entry, look for the logStartPoint and let me know what you see (e.g. logStartPoint="13456732").

Hi ALL,

I would like to ask if this retention KB is still valid for LEM 6.1 (latest)see below ?

LEM's retention is sized based. So, you are right  - the oldest events are purged to make way for the new events.

From the 'LEM Reports' utility, you can run the Database Maintenance report. This will show the trend of events per day, the time of the oldest and newest event, the size of the normalized data store, etc.  This should help you determine if you need to increase the size of the virtual disk. The resource below is a useful reference if you do need to increase the size

SolarWinds Knowledge Base :: Resizing a LEM Virtual Appliance v5.4 or above

Yes, it is still valid. The retention methodology hasn't changed.