Re: LEM Custom Reports
The best place to start is by downloading the Crystal Reports Enterprise to customize reports, but you'll have to use the LEM Report Client to run the report. Unfortunately, the JDCC drivers used to...
View ArticleRe: HostIncident event
Do you see HostIncident events if you search for those specifically in nDepth? Or in an Incidents (or maybe Security Events) filter? If you have a place where you see the rule firing in your console,...
View ArticleRe: NewB question re: Account Lockout
Two ways - search or reports. (You might also update the email template to send more details about that event, or choose a different email template that shows more detail, that way when the email gets...
View ArticleRe: Critical Account Logon Failure
Your filter will look for any username in any of those AD groups or the "Admin Accounts" user-defined group to appear as the Source or DestinationAccount of a UserLogonFailure event. It might not be...
View ArticleRe: Critical Account Logon Failure
On your DC(s), open an Admin command prompt and try this command: auditpol /get /category:"Logon/Logoff" What are the results? Are there LEM agents on your DC(s)?
View ArticleMonitor taking ownership of a mailbox
Does anyone know if there's a way to monitor and alert on taking ownership of a mailbox in Exchange? I know it generates an log event if auditing is turned on, but I don't see a corresponding Event in...
View ArticleRe: NewB question re: Account Lockout
Thanks Nicole. I guess I need to learn how to use/modify the rules more and the templates. You have pointed me in the right direction.-steve
View ArticleRe: IIS W3C Log Collection
I have the IIS logging and connectors configured almost exactly as the images above. How sensitive is the file path string? I had tried using C:\inetpub\logs\LogFiles\W3SVC1 with no success. Thanks for...
View ArticleRe: OpenVPN syslog support
Thanks Adam, I did as you suggested and submitted a ticket to get a connector created.
View Articlecan LEM be accessed on Orion web console
Is there a way to have a LEM Tab on the Orion web console? I know you can add external urls in the menu by my boss does want that he wants it like a Tab.( ie home, network, applications...)
View ArticleRe: Best way to exclude folders in FIM 6.1
I have a feature request open for FIM to address the differing amounts of windows read events created when a file is opened (one per thread). What I want is a FIM event that triggers when >1 windows...
View ArticleRe: Filter NT Authority\System
I have a feature request open for FIM to address the differing amounts of windows read events created when a file is opened (one per thread). What I want is a FIM event that triggers when >1 windows...
View ArticleHP Printer Status (port 5226) PortScan triggered events in LEM?
Hi all. Anyone has any experience or opinion about having bunch of portscan events triggered in LEM relating to the HP Universal Printer Driver contacting workstations on port 5226 for printer status?...
View ArticleRe: HP Printer Status (port 5226) PortScan triggered events in LEM?
Assuming you're using one of our template PortScan rules, the criteria is just looking for 10 packets where: So if the printer or client send data to the same IP but on different ports trying to...
View ArticleRe: LEM Rules Fired Based on WMI Events
We ended up going a different route as Solarwinds technical support was saying they don't currently have a way to fire rules based on WMI events. I was going off of a white paper I had found somewhere...
View ArticleRe: Critical Account Logon Failure
Thanks for the feedback Nicole, this has given me a few options to look into. I did manage to capture some logs with the filter last week. After thinking about it, they have a pleasant consequence....
View ArticleRe: Critical Account Logon Failure
Appreciate the reply Curtis, I'm working with the network engineer to check the audit policies. In answer to your 2nd question, Yes, there are LEM agents on the DCs
View Article