Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5385 articles
Browse latest View live

Re: Can we rebrand the reports?

Task Scheduler: Try running Reports with the right-click "Run as Administrator" option. Rebranding: Yes, change the logo file here: C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\Reports

View Article


Re: LEM Agent on CentOS

1) You need to configure the Agent (Manage --> Nodes) with the connectors for the data that server is receiving, and point the connectors at the right file locations on Linux file system.2) No.3)...

View Article


Re: How to customized reports solarwinds LEM

There is a logo file here: C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\CustomReportsThat could be changed and might affect the logo on custom reports only.  That is all the...

View Article

Restarting a process

We have the ability to start/stop a Windows Service but we only have the ability to Stop a process - is this correct or has anyone been able to work out a way to restart a process also? Is there a way...

View Article

Is there a way to see how much storage an individual node is responsible for...

Is there a way to see how much storage an individual node is responsible for in LEM?  If not, how do you estimate storage requirements when looking to add devices? 

View Article


suspicious DNS traffic rule

We have recently added checkpoint and the "suspicious DNS traffic" rule is triggering incidents. We have identified the DC as per the templates but are trying to decrease incidents.

View Article

Re: Restarting a process

LEM can't start a process or run a script directly, but you can have LEM send alerts to other tools (like SAM) that will execute scripts and other actions.

View Article

Re: suspicious DNS traffic rule

It sounds like you've already started modifying the Approved DNS Servers User Defined Group, so is there traffic in/out on port 53 to any other devices?

View Article


Image may be NSFW.
Clik here to view.

Re: suspicious DNS traffic rule

yes i have setup all my DCs but i still see traffic in/out on port 53 ... thoughts?

View Article


Re: suspicious DNS traffic rule

Go to nDepth, and do a search for TCPTrafficAudit.DestinationPort = 53 AND TCPTrafficAudit.DestinationMachine =/= Approved DNS Server UDG What comes up?

View Article

Re: suspicious DNS traffic rule

Can I use a connector group vs a UDG for approved DNS server?

View Article

Re: suspicious DNS traffic rule

Assuming it has all the relevant machines in it, sure. :-)

View Article

Re: suspicious DNS traffic rule

( ( ( "Event Name" = TCPTrafficAudit ) AND ( DestinationPort = 53 ) ) AND ( ( "Event Name" = TCPTrafficAudit ) AND ( DestinationMachine outside::{ "Windows Server 2003 - DC" } ) ) ) AND ( ( "Event...

View Article


Re: suspicious DNS traffic rule

Sounds like you need to exempt your firewall from that rule, then.  Maybe it's doing some DNS caching at the border?

View Article

Re: Is there a way to see how much storage an individual node is responsible...

I think the closest you can get would be to check out some of the "Database Maintenance" reports in LEM Reports. You might find some interesting statistics there.

View Article


Re: Is there a way to see how much storage an individual node is responsible...

Also, there was a white paper put up on solarwinds.com a while back about estimating log generation, where some loose guidelines were given - registration required: Estimating Log Generation for...

View Article

Image may be NSFW.
Clik here to view.

Re: Is there a way to see how much storage an individual node is responsible...

Thanks!  I have been using the Database Maintenance reports but they only show the log size as a whole, I can't drill down to a single device.  Thanks for the link to the whitepaper, that will be helpful!

View Article


Agent Log Forwarding?

In our environment, we are about to have three different networks. For simplicity, I will call them A, B, and C. The situation:Network A can talk to Network B.Network B can talk to Network C.Network A...

View Article

Image may be NSFW.
Clik here to view.

Re: suspicious DNS traffic rule

How would that look like?

View Article

Image may be NSFW.
Clik here to view.

How to update LEM agent when changing host IP?

Hi All, How can I update the LEM agent config on a Windows Server if I change the server's IP? The new IP is not updated in the Node Manager. Is reinstalling LEM agent the only way to update IP?

View Article
Browsing all 5385 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>