This might be more of a support question.
I only see a reference to JRE version 8 or later for MacOS so I can only assume similar requirements.
This was another article I found in case the error you see is related:
↧
Re: Supported Java Versions with Linux and SEM v6.7.2
↧
Re: Supported Java Versions with Linux and SEM v6.7.2
Thanks jrouviere. I will check it out and post what I find.
↧
↧
SEM/LEM - won't add a syslog node
I've added the configuration. and I can see logs in the cmc but, can't add a node.
↧
Re: SEM/LEM - won't add a syslog node
Make sure you have a connector reading the logs. If you're seeing them in CMC then the logs are making it to SEM, but you need to have a connector normalizing the logs for SEM to be reading them and adding the node.
↧
Re: Check Membership of a Custom Security Group on File Server
Yeah. that sort of where i was leaning also. I just wanted to be sure that i exhausted my options and i wasn't missing something.
Thanks for your reply.
↧
↧
Inablility to add custom Tags
I noticed when I upgraded from 6.6.0 to 6.7.1 and 6.7.2 that my custom Tags went missing under Rules. Under the Manager Console I was able to create a Tag but cannot add any rules to the Tag. I also see no way to delete the Tag. So I thought OK they have moved it to the LEM Events Console. When you go there it leaves me with no way to even create a custom Tag. Is there plans to fix this. It makes it more difficult to find the rules I have created and are currently using. I know you can check Enabled but not all my rules are enabled all the time.
↧
Re: Inablility to add custom Tags
When migration to rules to the new console, we focused primarily on out the box tags but the ability to manage tags and create custom tags is certainly an area for future improvement as we continue to focus on the new console. When you say your custom tags went missing under Rules - did they disappear from the Flash console as well as the new console?
↧
USB Whitelisting
Hi guys,
We are looking to use LEM to implement USB blocking.
I understand how to create a whitelist, uploading the PID's of the stick etc.
My question is this:
Lets just say we have a whitelist with a tonne of PID's in it. A user needs to have a new device whitelisted and I upload a text file containing only the PID of the new stick.
Does that overwrite the original whitelist? Should we be maintaining a single file?
Secondly, we want to allow phones to charge only, I assume that this will happen by default once we specify a whitelist? The phones will get power but wont be available as drives in explorer?
Sorry if these are silly questions, I have looked through the documentation but couldn tfind a clear anwer.
↧
Re: USB Whitelisting
Moved this to the LEM forum for better visibility from those who can possibly answer.
↧
↧
DNS Server Audit - Email alert
Hi there, I am trying to setup email alert for DNS record update alerts. In the action tab, I am targeting to Host incidents as we trying to get alert from internal DNS server if there are any DNS records update. After I tested, I dont see any email alerts to my email. Please let me know if I have to make any changes in the rule, hope to hear from you. Rule screenshot is mentioned below-
↧
Re: DNS Server Audit - Email alert
Do you have a sample of the log entry that you want to base your rule on? Once I see the associated fields with that particular entry I can advise on the rule & alert.
↧
Re: USB Whitelisting
No such thing as a silly question, only a silly answer
Uploading a text file will overwrite the original whitelist, so you should be maintaining a single file. We're currently working on migrating the groups to our new UI, which includes importing and exporting to a CSV rather than the current proprietary format.
Phones should continue to charge, but won't appear as a mounted drive in Windows if USB Defender has detached the device.
↧
Re: DNS Server Audit - Email alert
The correlation appears to be looking for a "HostIncident," which can only be generated by the LEM itself. Unless you have another rule that looks for those DNS events under the appropriate taxonomy, like an ObjectAudit or other event calls, and makes a host incident, your rule will probably never fire. Seeing how the SEM is normalizing the event so the appropriate correlations can be chosen will help.
↧
↧
Re: SEM/LEM - won't add a syslog node
For reference as well, the connector to read the logs for syslog nodes needs to be added at the appliance level and not the node level. If you set it up with the default configurations and are still not seeing your data pulled in to the SEM console, you likely need to change the log store the connector is reading. You can have multiple of the same connector configured to have one to each log store that receives logs from those types of devices.
Loop1 Systems: SolarWinds Training and Professional Services
- LinkedIN: Loop1 Systems
- Facebook: Loop1 Systems
- Twitter: @Loop1Systems
↧
Re: USB Whitelisting
thank you very much for the reply. very helpful
↧
Re: Configuring SSO for LEM
I ran into a couple issues while setting this up in 2019, maybe this helps someone in the future:
"Directory Service Server User Name" couldn't be domainname.com\service-account it had to be domainname\service-account. No .com allowed.
"Admin Group (Optional)" Can be nested in any OU/CN but is case sensitive.
↧
Re: Integration of LEM with Orion NPM
Can we do it the other way around? Send alert from Orion to LEM / SEM?
↧
↧
User longo activity
Hello
I'm new to SEM and I start seeing some users activity in my user logons dashboard
usere 1: "-"
user 2: "NT AUTHORITY\ANONYMOUS LOGON"
anyone knows where is that comes from.
thanks
↧
Re: User longo activity
This may be helpful: NT AUTHORITY\ANONYMOUS LOGON entrry in Event viewer -- > Security log
↧
SEM\LEM not showing all events
Why does LEM nDepth only show 20 events, console show 80k and Cisco show 31k
For the past day I've been struggling with why the events leaving my Cisco switches haven't all shown on LEM. At first I thought it was the Cisco devices not sending the data correctly, here is that config
Logging trap debug
logging fac local2
logging host myserverip trans tcp port 514
debug spanning all (Just to generate events)
Show logging
Trap logging: level debugging, 31009 message lines logged
Logging to myserverip (tcp port 514, audit disabled,
link up),
25601 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
But then I discovered the SEM console and the "Checklogs" command. Here is that output
[1]: Syslog Log (260K)
[2]: SNMP Trap Log (Empty)
[3]: Snort Alert Log (Empty)
[4]: Auth Log (Empty)
[5]: Daemon Log (Empty)
[6]: User Log (Empty)
[7]: Rawsearch Log (Empty)
[8]: Database Log (Empty)
[9]: Manager Configuration Log (176K)
[10]: Kernel Log (Empty)
[11]: Migration log (Empty)
[12]: Syslog local0 Log (Empty)
[13]: Syslog local1 Log (Empty)
[14]: Syslog local2 Log (80K)
[15]: Syslog local3 Log (Empty)
[16]: Syslog local4 Log (Empty)
[17]: Syslog local5 Log (Empty)
[18]: Syslog local6 Log (Empty)
[19]: Syslog local7 Log (Empty)
[20]: Cron Log (Empty)
[21]: FTP Log (Empty)
[22]: Printer Log (Empty)
[23]: Mail Log (Empty)
[24]: News Log (Empty)
[25]: Unix-to-Unix Copy Log (Empty)
I can imagine the difference between Cisco and LEM because I have recreated this trap several times trying to get it to work, so 31k to 80k, yeah I can see that but 80,000 to 20? something isn't right
Going to ops center then opening my Cisco node, changing to the last week I only see where users log in or out but none of the STP messages I had generated with the "debug spanning all". What am I missing?
↧