Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5385 articles
Browse latest View live

Re: LEM Custom Reports

The best place to start is by downloading the Crystal Reports Enterprise to customize reports, but you'll have to use the LEM Report Client to run the report. Unfortunately, the JDCC drivers used to...

View Article


Re: HostIncident event

Do you see HostIncident events if you search for those specifically in nDepth? Or in an Incidents (or maybe Security Events) filter? If you have a place where you see the rule firing in your console,...

View Article


Re: NewB question re: Account Lockout

Two ways - search or reports. (You might also update the email template to send more details about that event, or choose a different email template that shows more detail, that way when the email gets...

View Article

Re: Critical Account Logon Failure

Your filter will look for any username in any of those AD groups or the "Admin Accounts" user-defined group to appear as the Source or DestinationAccount of a UserLogonFailure event. It might not be...

View Article

Re: Critical Account Logon Failure

On your DC(s), open an Admin command prompt and try this command: auditpol /get /category:"Logon/Logoff" What are the results?  Are there LEM agents on your DC(s)?

View Article


Image may be NSFW.
Clik here to view.

Monitor taking ownership of a mailbox

Does anyone know if there's a way to monitor and alert on taking ownership of a mailbox in Exchange? I know it generates an log event if auditing is turned on, but I don't see a corresponding Event in...

View Article

Image may be NSFW.
Clik here to view.

Re: NewB question re: Account Lockout

Thanks Nicole. I guess I need to learn how to use/modify the rules more and the templates.  You have pointed me in the right direction.-steve

View Article

Re: IIS W3C Log Collection

I have the IIS logging and connectors configured almost exactly as the images above. How sensitive is the file path string? I had tried using C:\inetpub\logs\LogFiles\W3SVC1 with no success. Thanks for...

View Article


Re: OpenVPN syslog support

Thanks Adam, I did as you suggested and submitted a ticket to get a connector created.

View Article


can LEM be accessed on Orion web console

Is there a way to have a LEM Tab on the Orion web console? I know you can add external urls in the menu by my boss does want that he wants it like a Tab.( ie home, network, applications...)

View Article

Re: Best way to exclude folders in FIM 6.1

I have a feature request open for FIM to address the differing amounts of windows read events created when a file is opened (one per thread). What I want is a FIM event that triggers when >1 windows...

View Article

Re: Multiple Active Directory Domains

I agree with mark88, I use LEM on two domains

View Article

Re: Filter NT Authority\System

I have a feature request open for FIM to address the differing amounts of windows read events created when a file is opened (one per thread). What I want is a FIM event that triggers when >1 windows...

View Article


HP Printer Status (port 5226) PortScan triggered events in LEM?

Hi all. Anyone has any experience or opinion about having bunch of portscan events triggered in LEM relating to the HP Universal Printer Driver contacting workstations on port 5226 for printer status?...

View Article

Image may be NSFW.
Clik here to view.

Re: HP Printer Status (port 5226) PortScan triggered events in LEM?

Assuming you're using one of our template PortScan rules, the criteria is just looking for 10 packets where: So if the printer or client send data to the same IP but on different ports trying to...

View Article


Re: IIS W3C Log Collection

I found that you need the \ at the end of the path name

View Article

Image may be NSFW.
Clik here to view.

Re: IIS W3C Log Collection

Thanks!

View Article


Re: LEM Rules Fired Based on WMI Events

We ended up going a different route as Solarwinds technical support was saying they don't currently have a way to fire rules based on WMI events. I was going off of a white paper I had found somewhere...

View Article

Re: Critical Account Logon Failure

Thanks for the feedback Nicole, this has given me a few options to look into.  I did manage to capture some logs with the filter last week. After thinking about it, they have a pleasant consequence....

View Article

Image may be NSFW.
Clik here to view.

Re: Critical Account Logon Failure

Appreciate the reply Curtis, I'm working with the network engineer to check the audit policies.  In answer to your 2nd question, Yes, there are LEM agents on the DCs

View Article
Browsing all 5385 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>