Re: iSeries & Lem/ Lem and Hardware requirements
There's a LEM Deployment Guide up on the docs site (direct link) that might provide some insight - you might have to estimate # of events that's in that 4GB to get some idea of how it translates to...
View ArticleClik here to view.
Re: Ideal system requirements and settings for LEM
Check out the deployment guide, too - http://www.solarwinds.com/documentation/LEM/Docs/LEMDeploymentGuide.pdf
View ArticleLEM server keeps locking our my domain acount. I can't log-in to my pc to do...
Dear all, i recently get my domain account locked every 5minutes, Let me give your some background about what happened yesterday,I have another WIN server which is also in the domain (it has LAM agent...
View ArticleRe: LEM server keeps locking our my domain acount. I can't log-in to my pc to...
Have you checked your Directory Service connector? It sounds like something you inputed that uses your credentials needs to have it's password updated, and my guess would be the Directory Service...
View ArticleClik here to view.
TCPTrafficAudit With SYN FIN Bits Set with possible Inference
All, In our Enterprise network, we have a Websense server. This server permits or denies access to various websites. I am trying to tune LEM not to generate an event unless this server receives...
View ArticleRe: LEM server keeps locking our my domain acount. I can't log-in to my pc to...
I agree with wolram, it's probably the Active Directory connector, though you may have other tools (Cisco IDS or the like) that you setup with RADIUS or TACACS credentials linked to the domain....
View ArticleRe: TCPTrafficAudit With SYN FIN Bits Set with possible Inference
The events will be generated regardless as they are received and read from the logs, but you can use rules to determine when events might fire an email or notification. There isn't really a way to...
View ArticleDon't Miss This Month's Thwack Mission - Security Scavenger Hunt
Hey folks, You may not have seen this so I thought I'd bring it to your attention. This month's Thwack Mission is all about LEM - sending you on a scavenger hunt through videos, pages, and even the LEM...
View ArticlePrevent mass file operations?
Is it within LEM's capability to prevent/block mass file operations on a server, either accidentally or intentional? It could be as destructive as a user who will be leaving the organization and wiping...
View ArticleRe: TCPTrafficAudit With SYN FIN Bits Set with possible Inference
Nicole, Thank you for the quick reply. Hmm. LEM rules are firing way too much.Let me investigate how I can tune the rules T.J.
View ArticleRe: Prevent mass file operations?
You could have LEM disable the offending account, and that should kill the file operation in progress.
View ArticleRe: TCPTrafficAudit With SYN FIN Bits Set with possible Inference
Ah, yes. This is in fact why we chose to disable those rules by default in future/more recent versions of LEM. A few threads that might help: Re: LEM: Trying to tone down the noise, Re: Unsusual or...
View ArticleClik here to view.
Re: LEM server keeps locking our my domain acount. I can't log-in to my pc to...
Thanks for your reply. It does help. Just wondering if Ideally, the LEM need a service account for domain queries. Could you pls specify what is the "service account" ?Is it a domain account created...
View ArticleRe: LEM server keeps locking our my domain acount. I can't log-in to my pc to...
Sean: A service account is an account created in Active Directory, usually with the option to have a password never expire, which is used for automated jobs or applications to use to take advantage of...
View ArticleRe: LEM Reporting - How to build reports on explicit data-sets?
I could really use some help on this if anybody has been able to do this!
View ArticleRe: TCPTrafficAudit With SYN FIN Bits Set with possible Inference
Nicole, Thanks for the heads up/info!I'll read the release notes of the latest LEM versions in addition to the links provided. T.J.
View ArticleDifferent Oracle Connectors
Hi all,What is the difference between the three Oracle Auditor connectors in LEM? Oracle Auditor - DatabaseOracle Auditor - SyslogOracle Auditor - Windows Also, what is the difference with the extended...
View ArticleRe: Different Oracle Connectors
I believe that on Linux (maybe all UNIX platforms?), the only(?) way to audit activity in the Oracle database is to send it to a log file. Therefore, we use the Oracle Auditor - Syslog connector to...
View ArticleRe: LEM Reporting - How to build reports on explicit data-sets?
I don't believe the standalone Reports application has this capability but then again, I've been proven wrong about my knowledge of this application before. Using nDepth, you can save a search and...
View ArticleRe: Prevent mass file operations?
But wouldn't disabling the account be too late once the file operation has started?
View Article