Hi All,
Can someone please help me with how to setup SEM in an AWS environment I have been trying for a while and cant get it to work
↧
SEM AWS Installation
↧
SEM Nodes
is anybody know why SEM assuming picture below as Node?
when I try to look inside the node, there is nothing information,
I also dont know, how can it appear as node?
↧
↧
Re: Checkpoint Firewall Log is not showing on LEM Console properly
do you have update for this case?
↧
Re: Checkpoint Firewall Log is not showing on LEM Console properly
Unmatched Data is pretty much going to be the same procedure every time it's encountered and regardless of vendor, etc.
Firstly, make sure you have the latest connectors applied.
If that doesn't resolve the issue, get an export of the logs and reach out to Support.
See the above article for the specifics.
↧
Re: SEM Nodes
I wonder if the licence warning is related to this issue?
↧
↧
Re: SEM Nodes
it's still appear even license not fully used.
↧
Re: SEM AWS Installation
You actually don't need to install anything, we can provide you with a Private AMI which you simply launch within your AWS Management Console. You'll just need to raise a Support Ticket and provide them with your AWS Account ID and which AWS region you would to deploy in. They can then share the AMI with you.
↧
Re: Quick 250 points: How do you use the OpsCenter dashboard?
I understand this question is from April, but I hope you are still able to take suggestions. I believe the OPS Center Dashboard could be really useful, however, as it is right now, I don’t use it because the widgets are so limited and hard to create/configure.
I'd like to use the Dashboard as an accurate and quick status location for my Director. I'd like it to become her 'one-stop-shop' that accurately displays 30-Day stats, 1-Week Stats, and 24-Hour stats using pre-configured Widgets based on Industry Best Practices or Regulatory Compliance Standards (PCI, HIPPA, etc.) Additionally, the ability to create Widgets based on Rules, both pre-configured rules and ones that are individually configured (using an action response within a rule).
Some of the metrics I'd like to see include:
1) Failed logon attempts (separate Server, SQL, Service & Application widgets)
2) Blocked emails (via Barracuda Gateway) due to SPF and/or DMARC Failure (and other email filtering options)
3) Recently added and disconnected Non-Agent Nodes
4) Recently added and disconnected Agent Nodes
5) SQL Injection attacks, recon, and other attack attempts based on SEM's Threat Feed
↧
Spop.conf file not showing values
After switching from GPO to a software deployment tool to deploy the SEM client to many machines at once, the client installation works, however the logs don't appear in the SEM Management Console. Per SolarWinds documentation, the installer.properties file was used and put in the same folder as the local installer. However, the spop.conf file doesn't appear to get the information from installer.properties, which shows only a single line (no carriage returns) as follows (port numbers not shown here, but they were correct):
ManagerAddress=ManagerInstallPort=<port>ManagerSecurePort=<port>NioManagerSecurePort=<port>
I am not sure why it didn't get the server address, which is given in the installer.properties file referenced during installation. However, even after manually correcting spop.conf, no logs from these clients appear in SEM console.
↧
↧
Re: Linux Agent Log File Location?
Just some clarification:
- This thread is related to SEM product formerly LEM - and the logs for SEM Linux agents are located at /usr/local/contego/ContegoSPOP as evanr posted already.
- /opt/SolarWinds/Agent/bin/appdata/Logs/ - contains Solarwinds Orion Agent logs which is separate.
↧
Re: UserLogon / UserLogoff spam
Signal boosting this question. I know it's a slightly older post, but I'm having the same issue. Usually it's with exchange or our DCs. We only have around 100 people in our company, but we can hit 9999+ logs in a matter of minutes with this logon/logoff spam. Any ideas on how to clean it up?
Thanks,
Jared
↧
Re: Non-Business Hours Filter Not Actually Filtering
When building the filter using [userlogon.detectiontime (does not contain) business hours time-of-day-set], the engine ignores it. When doing the filter in ndepth, the line gets flagged red as "invalid search". I don't understand why it is not working. And in lieu of that, is there another way of building the filter to view logon attempts outside of business hours?
↧
Re: Non-Business Hours Filter Not Actually Filtering
This is an issue for me too, within the HTML5 console, almost a year from the original post. Has it been fixed yet?
↧
↧
Re: Spop.conf file not showing values
You may need to contact support if you have not already done so. This link is to the troubleshooting guide for a 64 bit SEM agent, but I don't think this will help you much unless you have a port related issue. https://support.solarwinds.com/SuccessCenter/s/article/Troubleshoot-LEM-agent-connections-64-bit
↧
Re: SEM\LEM not showing all events
I haven't forgotten about this. I got pulled into another project
↧
Unmatched WindowsSecurity Data ($Revision: #104 $)
I am getting a boat load of these alerts, "Unmatched WindowsSecurity Data ($Revision: #104 $)" under LEM Internal Events. I am running version 6.6. Is there anyway to match this data to clear it from the internal events?
↧
Re: Unmatched WindowsSecurity Data ($Revision: #104 $)
Hi,
You have a couple of options.
- Update your connectors. Looks like 107 might be the latest version for that connector.
- You can setup the SEM to have it automatically keep your connectors up to date on a daily basis.
- If updating your connectors does not help out then open up a case with support for unmatched data in order for it to get normalized.
↧
↧
Re: UserLogon / UserLogoff spam
For future reference for anyone else having this problem. I contacted Solarwinds Support and they informed me that there wasn't anyway for SEM to pick and choose which user logons come in so they need to be mitigated at the source. They also included this link to a best practice article:
Hopefully this helps the next person.
↧
Non-Agent Nodes
First - I'm having issues with my Netbotz not showing up as a "node" in the SEM console.
I can see the logs in "local0", so I know they're reaching the SEM appliance. I've configured the APC InfraStruXure connector on my appliance. Still, the Netbotz device isn't showing as a Non-Agent node, and the log information is nowhere to be found.
Second - My Synology NAS Device is talking to the SEM; however, my log data shows up in the LEM Internal Events as "Unmatched Synology Data ($Revision: #4 $)". The connector update says that my connectors are all current.
What did I miss?
Any advice anyone could provide would be greatly appreciated! Thank you!
↧
Re: Non-Agent Nodes
First Netbotz. It may be logging in a different format than what was covered with APC InfraStruXure. Possibly a new connector request. I would contact support.
Second Synology. Unmatched data means it is something we have not seen before and may or may not have the same format of what was in there. Various reason for this can occur: Synology has a new version and things are logged a little differently for the regular expressions to be able to match or the data is something we have never seen before and there is no pattern to Normalize it properly. Make sure you have updated your connectors to the latest and if you continue to get unmatched data I would contact support.
Hope that helps out.
↧