Re: Cisco Connector is Not Showing Up
Go into the Connectors on the Appliance. Stop and remove the Tipping Point connectors. In the search box, enter "Cisco" and pick the IOS connector. Create a new connector reading local2 (which...
View ArticleRe: Brief duration event correlation
It would probably look like: NewDomainMember EXISTSAND DeleteDomainMember EXISTSAND NewDomainMember.DestinationAccount = DeleteDomainMember.DestinationAccountwithin time/response window 24 hours (The...
View ArticleRe: F5 ASM and LEM - is there a connector?
SolarWinds Knowledge Base :: Applying a LEM Connector Update Package is where you can download the latest. Data Sources - Log Management & Log Analyzer Software | SolarWinds is where you can see...
View ArticleClik here to view.
Re: General Guides I wrote up for performing some basic LEM tasks
A further update... I happened upon some further Cryptolocker (4) info { Cisco Talos Blog: Threat Spotlight: CryptoWall 4 - The Evolution Continues } and decided to add a bit more to my monitoring....
View ArticleRoadblock Creating Multi-Event Correlation
I'm having an issue creating a multi-event correlation due to the way that LEM parses certain logs, in this case - logs from a NGFW. All of my IPS logs get parsed and placed into a variety of...
View ArticleClik here to view.
Re: Roadblock Creating Multi-Event Correlation
Yes, you can create Event Groups from the Build > Groups section and use the event group in the correlation rule
View ArticleRe: Solarwinds LEM redundancy
Agents have a one-to-one relationship with Managers, there's no feature to have a single Agent send to multiple LEM appliances.
View ArticleRe: Solarwinds LEM redundancy
That's what I thought, unfortunately...thanks for confirming though! We'll have to look into some form of VM redundancy.
View ArticleRe: LEM online demo not responding
Hi All, I'm experiencing this issue as well. I have tried in both Chrome and Firefox. the letters/numbers next to the download are [a:06]. I have been waiting for about 20 minutes in either browser...
View ArticleRe: Swapping LEM appliance NIC for 10Gb / VMXNET3
Awesome, thanks. So I'm assuming to do so you have to remove the old NIC(s), add the new one, reboot and then run the network config from the console?
View ArticleRe: Swapping LEM appliance NIC for 10Gb / VMXNET3
I'd recommend that you:1) shutdown the VM2) go to VM settings, remove old NIC(s) and add the VMXNET 3 adapter3) start the VMIf you have DHCP then the VM should get the IP addr automatically. In case of...
View ArticleRe: Swapping LEM appliance NIC for 10Gb / VMXNET3
Sounds good. That's what I'm thinking. I use a static IP, so I'll need to run the netconfig. Thanks again!
View ArticleClik here to view.
Re: Solarwinds LEM redundancy
Hey, I just so happened to be looking for something else on my LEM appliance and noticed something you might be interested in. I was connected via SSH and in the "appliance" menu I see the following...
View ArticleRe: RECOMMEND LEM ON SPREAD THE WORD FOR A $25 AMAZON GIFT CARD!
Thank you so much!!!! I almost have enough Amazon money to get the new CISSP book to study.
View ArticleClik here to view.
Re: Roadblock Creating Multi-Event Correlation
Just tried this. Custom events can be used in correlations... however, when going into the advanced thresholds settings, you cannot select Source IP from within your custom group to restrict events...
View ArticleClik here to view.
Re: File Integrity Monitoring - So many events generated for a single file...
I have had the same issue with various clients. It's different for every single client as they all have different audit policies. Playing with the correlation time is the only way. This is something...
View ArticleClik here to view.
Re: Cisco Connector is Not Showing Up
I have been with dozens of client who have improperly configured syslog connectors using the auto feature. When ever LEM notifies us that it found a new node, I typically cancel it and talk with the...
View ArticleClik here to view.
LEM feedback
Hello community, I am looking to implementing a Log & Monitoring Event Manager in our network for PCI compliance. If anyone could share their pros/cons on this product I would very much appreciate...
View Article