Clik here to view.
Re: Zero-day exposed in LEM
wolram we had to re-run the 6.2.1 upgrade before installing the LEM 6.2.1-hotfix1. LEM is now rated a "B" and it will go to an "A" when Development gets the Slowloris issue...
View ArticleClik here to view.
Re: LEM Retention Alerting?
Hi Curtisi, Can you share with us the rules you have created? if we want to be alerted when the disk hit 70%, in our rule condition should we put *70%* or %70%?
View ArticleRe: LEM / RHEL7 - No Log Data
Hi,So I searched through nDepth and was able to find some events for that IP address (which is weird, because I had last week as well). They still don't show through the Ops Center (per the above...
View ArticleRe: LEM / RHEL7 - No Log Data
OpsCenter and Monitor are transient and real-time, so every time the console is reloaded, they all go back to zero and start counting again. nDepth is how we search the permanent record the LEM...
View ArticleRe: How often do you restart your LEM appliance?
Thanks to al who took time to post and answer.... much appreciated... In the process of review of environement.....
View ArticleCISCO ISE AND LEM
Hello experts, I have a customer wanting to configure his ISE 2.0 server to send syslog messages to his LEM. We tried different ways but we can't make it work.We configured ISE with the IP of LEM and...
View ArticleRe: CISCO ISE AND LEM
Hi paul1gilbert Two things here:1. You need to increase the size of the buffer that sends Cisco ISE to the LEM. I unfortunately do not have a handy screenshot from Cisco's console to show you (If you...
View ArticleClik here to view.
Re: LEM / RHEL7 - No Log Data
Aye, I realize that. I'm starting to agree with your comment on flaky widgets though. The majority of log entries I see from that host are audit events like login and logoff - I don't actually see the...
View ArticleClik here to view.
Re: CISCO ISE AND LEM
Hi, Thanks for the response. I just configured ISE with a maximum length of 8192.How do I configure LEM to manually join ISE? Do you have a guide?
View Articlelooking for advice on whether SolarWinds Log & Event Manager is better than...
Looking for any advice on why Solar Winds is better investment than Varonis for SIEM
View ArticleOrganizing emails triggered by rules
Hey guys, I've been having a great deal of luck by having email notifications sent to a shared email folder whenever an important event happens. A problem I'm having now is that this folder is swamped...
View ArticleRe: looking for advice on whether SolarWinds Log & Event Manager is better...
I used Varonis in a previous life (roughly 16 months ago). Here is my opinion. 1. Expensive2. Great tool, has the ability to dig deep and provide great insights.3. User interface is not too user...
View ArticleClik here to view.
Re: Organizing emails triggered by rules
I would create a report for those events and email out hourly. Theoretically, alerts would be acted on and reports are informational.
View ArticleClik here to view.
Re: looking for advice on whether SolarWinds Log & Event Manager is better...
I have not used Varonis, but I do use solarwinds. It does come with a lot of templates and is really easy to setup. It is also user friendly. It is not complicated to use and understand.
View ArticleRe: LEM / RHEL7 - No Log Data
Silly question: have you run an install or update with YUM on those systems? There are current logs since the LEM Agent started reading for YUM activity?
View ArticleRe: LEM / RHEL7 - No Log Data
Hey,Regarding the RHEL 7 box. Yes, I executed an install/remove sequence on a package to cause logging to the Yum log. [A01 log]# cat yum.logMar 23 10:25:34 Erased: lsof-4.87-4.el7.x86_64Mar 23...
View ArticleRe: LEM / RHEL7 - No Log Data
Okay, check two things. In the web console:Go to Manage --> AppliancesIn the "Properties" pane, there is a License tabWhat is the current state of the license? In the virtual console or via SSH:Go...
View ArticleRe: Organizing emails triggered by rules
The LEM does not have a native "digest" function to aggregate messages into hourly/daily packages. I agree with njoylif: If your rules are firing that many e-mails, you need better rules. A rule...
View ArticleRe: Organizing emails triggered by rules
D'oh; not going to lie, didn't catch this was a LEM discussion. Nice options though curtisiAre you able to supress for x minutes after firing rule? That might be option too, depending on your trends...
View ArticleRe: Organizing emails triggered by rules
I do like the idea of creating reports and sending them out. I'll give that a go. Thanks guys.
View Article