Clik here to view.
Mystery Nodes - LEM
I am having mystery nodes added and I have no idea how to get rid of them. See screenshots below.I moused over the line to get the pop-up showing the full string. Also note that another entry,...
View ArticleRe: Mystery Nodes - LEM
I have noticed the same thing and have identified that this occurs when someone VPNs. The agent node should reflect a node you recognize either by name or IP.
View ArticleRe: LEM Portscan rule
I think it might be time to open a support ticket so someone can look at this with you in real time.
View ArticleClik here to view.
Re: Mystery Nodes - LEM
Marcus,Which kind of entry did you see related to VPN connections? Was it the mail function related ones, the partial ip address ("172") ones, or long string ones?
View ArticleNot able to add Cisco IPS node on LEM
hi i have configured Cisco IPS and LEM as per manual but i try to add Cisco IPS it didnt get add on LEM and get following message on LEM monitor window javax.net.ssl.SSLHandshakeException: Remote host...
View ArticleRe: Mystery Nodes - LEM
I have seen this before when a rule creates an Incident or Infers an alert and the wrong field is being used as "DetectionIP" in the Rule Action. In one case, someone had "DetectionTime" in the...
View ArticleRe: Node/agent with no connector
If you reload the Web console and go back into that node, is the connector really gone? Does your filter have any wild cards that another node might be matching the criteria? If that doesn't explain...
View ArticleRe: Not able to add Cisco IPS node on LEM
What version is the Cisco IPS running, and what version is the LEM?
View ArticleRe: Mystery Nodes - LEM
Curtisi,Thanks for the direction, I'll look more at my rules fields.As for the connectors and log sources, I assume they are correct. I simply installed the LEM agent on the Windows machines and set...
View ArticleRe: Mystery Nodes - LEM
I wonder if it's the Linux syslog is part of it. Have you tried the Linux Agent?
View ArticleUSB Local Policy configuration
Hello. LEM is still pretty new to us. We took a different approach to USB blocking. Instead of a white list, we created a black list and a list of allowed users based on AD group. So the rule looks...
View ArticleUsing nDepth explorer to create on demand tables/charts
Hi, I'm new to LEM, coming from a Splunk background. I'm trying to search through some ASA logs that are being sent to LEM, but I'm having trouble getting what I want out of the nDepth explore...
View ArticleClik here to view.
Re: Not able to add Cisco IPS node on LEM
Cisco IPS 7.0 & LEM Trail version 6.2.1 , running trail version because if i get successful in getting CISCO IPS logs to LEM than will proceed to Purchase this LEM.
View ArticleLEM Connector Updates
It appears when using the console for auto-updates of LEM connectors, it's trying to go out port 80 to Akamai CDN. Is it Solarwinds recommendation to allow the server outbound port 80 to any...
View ArticleRe: Using nDepth explorer to create on demand tables/charts
I'm also new to LEM but I'm starting to find may around nDepth pretty good now for ad hoc reports. I can't give you specifics because we don't have an ASA, but I can give you a start in finding what...
View ArticleRe: LEM Supported Log Sources
I have confirmed with your pre-sales folks that Oracle-Weblogic is supported as a Data Source. Please confirm with your LEM team.
View ArticleRe: LEM Connector Updates
The manual process includes the URL: Manually applying connector updates using the CMC interface - which is downloads.solarwinds.com. That said, SolarWinds uses akamai for downloads (which is why...
View ArticleRe: Not able to add Cisco IPS node on LEM
Can you send over a screenshot of the connector you're using for the LEM to connect to Cisco and the config of that connector?
View ArticleClik here to view.
Re: Mystery Nodes - LEM
Good questions here. Most times a mystery node comes in if a object has multiple communication IPs and the logs come out of different interfaces. My suggestion would be to audit why the email...
View Article