Re: I see the alerts, but my rule doesn't fire
This KB might help you troubleshoot: SolarWinds Knowledge Base :: Troubleshooting LEM Rules and Email Responses
View ArticleRe: I see the alerts, but my rule doesn't fire
Also make sure the 'Activate Rules' (Build > Rules) button has been clicked after you created your new Rules
View ArticleClik here to view.
Re: I see the alerts, but my rule doesn't fire
Hi, Thanks for your help, i do all configuration, and check the link also but after that i can see the LEM Internal Events.But the rules are still not firing.Please advises me Event Name EventInfo...
View ArticleRe: We have a requirement to audit all Applocker EXE and DLL events on all of...
No, I'm not looking for when the AppLocker process starts; I'm looking for any .EXE or .DLL event AppLocker identifies and logs to Event Viewer > Applications and Services Logs > Microsoft >...
View ArticleRe: LEM questions on windows event filtering
Hi,I have been discussing this with the IT Security Team, please see their responses as below 1 - I’ve looked and see no events on the lem when we clear the event log2 - We are not sure what you...
View ArticleRe: We have a requirement to audit all Applocker EXE and DLL events on all of...
Ohhh - the AppLocker Event Log itself (duh). There is a separate connector to monitor that event log directly. You will also need to do some magic to make the connector hook up to the log - it's...
View ArticleRe: LEM questions on windows event filtering
1 - I’ve looked and see no events on the lem when we clear the event log That's odd - but if they are in the event log and for some reason not being captured, that's fixable on the connectors side. 2...
View ArticleRe: We have a requirement to audit all Applocker EXE and DLL events on all of...
I've got the connector but I need the filter and/or rule options to actually see these logs in LEM.
View ArticleClik here to view.
LEM multiple appliances?
I'm trying to utilize LEM in two different departments, Engineering and IT/IS. What I'm trying to do is create two accounts (IT/IS and Eng) and when we log into said account we only see our...
View ArticleRe: I see the alerts, but my rule doesn't fire
is the Activate Rules button grayed out? The only other common reason why rules don't fire is because the LEM Manager time is not synchronized. So, the event timestamps would fall outside the 'Response...
View ArticleClik here to view.
Re: We have a requirement to audit all Applocker EXE and DLL events on all of...
Hi Guys, As Nicole mentioned, there's a few steps required in order to get the logs into LEM. 1. Go to the Event log and right click on “EXE and DLL” and change the log location to be no spaces:...
View ArticleClik here to view.
Re: I see the alerts, but my rule doesn't fire
When you connect a USB Device to one of the LEM agent nodes - can you see that event within the LEM Console? The event should appear in the Monitor section under IT Operations > System Events: If...
View ArticleRe: can LEM be accessed on Orion web console
Hi benc175, As you mention above, the only way to view the LEM Console within Orion is via the external URL option. As you can see from the What We're Working On page, better integration with LEM...
View ArticleLEM problem with browsers
All, I thought I bring this up to the community. We just installed license version of LEM after having trialed it for about a week. The first thing that jumped out at us is the product appears to...
View ArticleRe: We have a requirement to audit all Applocker EXE and DLL events on all of...
Yep, that works! Thanks. I guess someone forgot to account for the spaces .
View ArticleClik here to view.
Re: I see the alerts, but my rule doesn't fire
HI When I connect a USB Device to one of the LEM agent nodes, i see that event within the LEM Console.But i don't see the email event or rule fired or not received any email.
View ArticleClik here to view.
Re: I see the alerts, but my rule doesn't fire
Ok cool. Can you edit the correlation rule to look like this - i.e. add the Provider *USB* condition and also adjust the response window to 5 minutes? Can you also make sure to click Activate Rules on...
View ArticleClik here to view.
Re: LEM problem with browsers
Hi Jeff, Have you tried using the https login instead of http? The format is https://<LEM-IP-ADDRESS>:8443
View Article