Clik here to view.
Re: Forward aggregated events via Syslog
I would like to "Bump" this request. I too have a need to take the logs sent to the LEM and push a copy to a remote syslog box. Anyway to do this?
View ArticleEmail alerts run amok...help
LEM members, I haven't been able to get in touch with support to get answers so I thought I'd try here. We had a specific rule in place for years and yesterday something triggered the rule to spew...
View ArticleClik here to view.
Re: Email alerts run amok...help
Rebooting should have killed the mail queue. In nDepth, can you do a search for "InternalRuleFired.ExtraneousEmail = *email*"? That should show you everything that fired that triggered an e-mail....
View ArticleRe: LEM - NetFlow & sFlow
ditto.... My security team wants splunk.... loss of features like this are making me lose the battle.
View ArticleRe: LEM - NetFlow & sFlow
I didn't even evaluate Splunk. I am familiar with it and have played with it in the past. Way more manual work to setup and maintain than I am looking for. If LEM doesn't suite your needs the next...
View Articlefailed logon every 15 minutes
I receive a failed logon every 15 minutes from the same user account. This user is out of site and it does not seem like an interactive logon. Any ideas?
View ArticleExplorer Command Agent - Default Agent selection not sticking
I can select another agent and click save and after a few minutes, it will switch back to what it was and save is grayed out. Has anyone seen this behavior? and know of a fix?
View ArticleRe: Explorer Command Agent - Default Agent selection not sticking
Sounds like the console is having issues. If you close your browser and reconnect, does the setting stick?
View ArticleRe: failed logon every 15 minutes
What other information do you get? The logon type should be in the event details. Maybe a scripted task with bad credentials?
View ArticleRe: failed logon every 15 minutes
authentication package MICROSOFT_AUTHENTICATION_PACKAGE_V1_0.ProviderSID: 4776failure reason: ErrorCode:0xc000006a (user name is correct but password is wrong). No logon type present
View ArticleRe: Explorer Command Agent - Default Agent selection not sticking
I changed it from the unwanted agent "Server A" to one I prefer, "Server B" Clicked Save then closed the console and re-launched it.After it came up, it was showing "Server B" but switched back to...
View ArticleRe: failed logon every 15 minutes
Looking at this:Windows Security Log Event ID 4776 - The domain controller attempted to validate the credentials for an account C000006Auser name is correct but the password is wrong Maybe check the...
View ArticleClik here to view.
Re: Explorer Command Agent - Default Agent selection not sticking
Have you tried making this change via the web console instead of the AIR console?We're up to LEM 6.2.1 HF2, can you upgrade in case this is a bug we already fixed?
View ArticleLEM Agent for Linux sends logs to manager from wrong IP address
I have a Red Hat 6 Linux node running LEM Agent 6.2.1 and Console 6.2.1. The agent connects with the manager and shows the connection as good. I can see data in the nDepth query coming from the host....
View ArticleClik here to view.
Re: LEM / RHEL7 - No Log Data
Hey,Regarding licenses, see the below screenshot. Looks all good. Time and timezone match. Thanks,Brett
View Articleuse LEM to identify wifi login
Is there a filter to identify wifi login? Or maybe a rule to disable login from wifi?
View ArticleRe: LEM - NetFlow & sFlow
We use splunk... it's not a much roll your own as it used to be if you buy all the extra stuff with it. I do then forward the data to Orion from splunk so important stuff can be alerted on though.
View Articleset ACLS of members in admnistrators group event 4780 triggers hourly
Not sure why event 478- is being triggered hourly?
View ArticleDoes LEM Support SMB 2.1?
We are currently on a 2008 Domain with Win2k12 DCs nd Mainly Windows 7 clients. I noticed today that the LEM mounts the the filer as SMB1 client while doing the backup job(s) (archiveconfig,...
View ArticleRe: LEM / RHEL7 - No Log Data
I got nothing at this point. Open a Support ticket (looks like you have maintenance) and work with them. Sorry.
View Article