It does!
I'll have to discuss this with support and see what they can do!
Thank you!
↧
Re: Non-Agent Nodes
↧
Re: New file to pull into SEM, set up rules.
Sorry for the delay. Taken over by events.
The case number is: 00364686.
I should be available.
Thanks!!!!!
↧
↧
"EncryptQueue is full" and Java out of memory errors
Just wondering if anyone is experiencing the same issues I am currently facing. Currently running SEM 2019.4 and am facing issues with 100% cpu utilization and an unresponsive SEM console. If I open the watchlog, I see issues with java out of memory, and Encryptqueue is full. I need to restart the manager to get back into it, but shortly after that happens the manager crashes again. I have tried adding resources (even though our environment hasn't really changed) to no avail. On older stable versions of LEM we were able to get away with 2 CPU + 8GB RAM. We have since upped the resources to 4 CPU + 32GB RAM and it made no difference.
Long story short, we have been paying for a product that we haven't been able to use. Recently I needed to run some reports, and wasn't able to because the manager is unresponsive. I've had a support case open since September 12, 2019 (Case # 00386757), and they haven't been able to find a resolution. Anyone have any ideas? Currently have all rules disabled per Solarwinds, and the problems are still occuring.
↧
Loss of Events - Java Interface
About one time per week, the LEM Java interface stops collecting or showing recent events. I am normally working in nDepth and find I am unable to pull any events from the last 10 minutes. After a bit of research I realize I don't have any events from the past hour or more. The fix has been to reboot and this seems to work. I don't have the time to contact support while the issue occurs, but I will open a ticket as this is the third instance of this issue. Has anybody else experienced a similar issue?
We upgraded to LEM/SEM version 6.7.2 recently and did not experience this issue previously.
Thank you,
Tom
↧
SEM Syslog Forwarding Over TLS
Log forwarding is something we haven't currently enabled in SEM. We have an ask as to whether we can forward syslog events over TLS to another system. The forwarding part is pretty straightforward, but can SEM forward them securely? The documentation I saw doesn't allude to that, unless I'm missing something.
↧
↧
Re: SEM Syslog Forwarding Over TLS
Secure Forwarding isn't currently possible using SEM, TCP and UDP are the only options available for forwarding. Log Analyzer may be of interest as it supports secure forwarding:
↧
Re: Loss of Events - Java Interface
Sorry to hear you are having issues. Raising a support ticket is certainly the best path here, if you can send me the case number I'll ensure it's investigated as a matter of urgency. Do you experience the same issue within the HTML5 console or is it only nDepth that's affected? Worth noting that we just shipped SEM 2019.4, I'd recommend upgrading to the latest version prior to raising the support case.
↧
Re: Loss of Events - Java Interface
Thank you, this is not urgent. The HTML5 console has current events, but I only use nDepth. We are hesitant to run the latest version as we have had issues with the upgrades in the past.
↧
Re: SEM Syslog Forwarding Over TLS
OK thanks.
↧
↧
Re: "EncryptQueue is full" and Java out of memory errors
Sorry to hear you are running into issues with SEM. A member of our Support team will be in touch to schedule a WebEx session with both Support and Engineering to determine the root cause. Thanks for bearing with us!
↧
Re: Loss of Events - Java Interface
We are currently working on moving the nDepth functionality from Flash to HTML5. Would love to get your thoughts on some design options we're working through and also understand how you use nDepth today. Will drop you a DM to setup some time to chat if you're willing.
↧
Re: SEM\LEM not showing all events
Here is where I am right now. According to support "SEM is a security and compliance tool" and that I should consider other device monitoring tools however they were willing to send it up to see if they can enable ALL events. Hopefully they can because I purchased several tools to cover our needs
We purchased Orion\SAM to monitor our hardware and major software applications, SEM (was LEM when we purchased) to gather all our events and create actions and finally ARM to take care of our security concerns
I'll post back here once I get more information
↧
Cisco ISR 4331 router Node showing MPLS routing IP
I added a new ISR 4331 router it connects through an MPLS. So, it is showing the MPLS IP instead of the internal IP address. I was able to configure other routers when I first installed the SEM to use the internal IP. I am unable to find the article I used to make the change. I am hoping someone might know the commands or could help point me in the right direction.
Thanks
Joe
↧
↧
Re: Cisco ISR 4331 router Node showing MPLS routing IP
Generally speaking, packets originate from the interface closest to the destination (SEM), which could explain why the MPLS IP address is the source IP of the syslog messages. Cisco have a command called logging source-interface which allows you to specify which interface the syslog is transmitting from. You could try enabling that command and specifying an interface with an internal IP.
↧
Re: Cisco ISR 4331 router Node showing MPLS routing IP
Jhynds that was exactly what I was looking for. It's been a few years since I setup the other routers and couldn't remember this command. Thanks. This makes it easier on the Sys Admins that don't remember all of the network IP's.
Thanks again.
↧
LEM/SEM Exchange Message Transfer Logs
I am pretty new to SEM/LEM. I Created the message tracking log connector and it is green indicating a active connector.
I see nothing in SEM as far as exchange message tracking logs. ? When I search for information on setting up filters on
how to view the message transfer logs in SEM I find nothing ? Can some one help me ?
↧
Re: LEM/SEM Exchange Message Transfer Logs
Have you applied the message tracking connector to the SEM agent installed on your Exchange server? Can you also confirm that the path to the log file you need to ingest is C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking and the file is named MSGTRK.LOG?
↧
↧
Re: LEM/SEM Exchange Message Transfer Logs
here are my settings 
↧
Re: LEM/SEM Exchange Message Transfer Logs
That looks correct, but when you browse to those folders can you confirm that MSGTRK.LOG is the correct prefix? If so, raising a support ticket is the best route. They'll be able to review debug logs and determine why does logs aren't appearing in SEM.
↧
Connector Discovery Failed
I'm trying to add a syslog node (Synology NAS) and receiving this error.
I rebooted the SEM host and tried to add the node again, and got the same message.
Any ideas? Has anyone else had issues with adding connectors? I'm on v2019.4.
I'm fairly new to this system, so I'm not even sure where to look to obtain more info about the error. Nothing seems to have been logged under "LEM Internal Events". I'm combing through log files via ssh using Appliance->Checklogs, but so far, nothing has any information that is seemingly pertinent to this error.
Any advice would be greatly appreciated! In the meantime, I'm going to keep diggin'.
↧