Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Browsing all 5385 articles
Browse latest View live

Re: Using nDepth explorer to create on demand tables/charts

:0
:0
July 27, 2016, 2:43 pm

This was where I had a hard time also!  A great LEM tech taught me how to go into nDepth and click Event Groups in the 2nd column of the screen, then click on the Any Alert Event Grop, then below that...

View Article
Search
Image may be NSFW.
Clik here to view.

Re: ndepth query

:0
:0
July 27, 2016, 2:40 pm

I don't think there's a max as long as you were logging that far back. A great LEM tech taught me how to go into nDepth and click Event Groups in the 2nd column of the screen, then click on the Any...

View Article

LEM Retention

:0
:0
July 28, 2016, 11:13 am

How far back or how many events does the LEM store? Is there a way to access this information?

View Article

Re: Mystery Nodes - LEM

:0
:0
July 29, 2016, 9:01 am

I try to keep as few agents on my devices as possible, when I have alternatives. If the problem resurfaces, I may try this option.

View Article

Re: Mystery Nodes - LEM

:0
:0
July 29, 2016, 9:09 am

I deleted the mystery nodes, and so far they haven't come back... so far. In the past, they've come back, but this seems to be a longer period of time. I did review all my rules and alerts, and...

View Article
Image may be NSFW.
Clik here to view.

Re: LEM Retention

:0
:0
July 29, 2016, 9:16 am

Have you checked out this KB on the Success Center? Live Data Storage Retention - SolarWinds Worldwide, LLC. Help and Support

View Article
Image may be NSFW.
Clik here to view.

System Audit Policy Changed - 22 alerts

:0
:0
July 29, 2016, 10:07 am

Combed the LEM documentation, couldn't find a clue (it might be ind documentation somewhere, I couldn't find it after an hour of digging) This morning I got 22 TriGeo alerts in this pattern: system...

View Article

Re: System Audit Policy Changed - 22 alerts

:0
:0
July 29, 2016, 10:41 am

Hard one because MSFT is logging it as a change Windows Security Log Event ID 4719 - System audit policy was changed

View Article
Search

Re: System Audit Policy Changed - 22 alerts

:0
:0
July 29, 2016, 11:23 am

I don't think this is an instance of something just being enumerated again.  A couple of fields to look at in those events.  First, the ChangeDetails field shows that failure auditing was removed,...

View Article
Image may be NSFW.
Clik here to view.

Re: System Audit Policy Changed - 22 alerts

:0
:0
July 29, 2016, 1:55 pm

Blsanner, yes, you're correct. Looking in the host machine's logs, I see an informational entry at the correct time stamp: Event 1704 "Security policy in the Group policy objects has been applied...

View Article

FIM: identifying false positives

:0
:0
August 1, 2016, 9:36 am

this question is not related to LEM, but i was wondering if there are tools out there which would help identify file (not just extension) to make the association if its false positive. There are plenty...

View Article

LEM Version 6.2.1 hotfix 2 restore - https down

:0
:0
August 1, 2016, 2:00 pm

I had removed a server node and wanted to just roll back to my configuration backup I had scheduled for Sundays to put the node and all connectors back. The restore was successful, but I did not notice...

View Article

Re: FIM: identifying false positives

:0
:0
August 1, 2016, 2:50 pm

Does the path not provide any clues?

View Article
Image may be NSFW.
Clik here to view.

Re: System Audit Policy Changed - 22 alerts

:0
:0
August 1, 2016, 5:40 pm

This happened four more times over the weekend. Same host, same batch of 22 alerts. Something automated? Not a the same time each day, however.

View Article

Re: ndepth query

:0
:0
August 3, 2016, 4:04 am

When did you start logging to LEM? as said just in the comment above, As long as you were logging that far back then you should be able to reach that date.

View Article
Search

Re: Unable to get E-Mails. How can I temporarily get the notifications from a...

:0
:0
August 3, 2016, 4:15 am

Hi, You can try perhaps, pop up messages, or SNMP trap notifications Send SNMP Trap notifications from LEM - SolarWinds Worldwide, LLC. Help and SupportPerhaps creating a weekly report might also help.

View Article
Image may be NSFW.
Clik here to view.

Ndepth scheduled search limit

:0
:0
August 3, 2016, 5:22 am

I found the link below from solarwinds stating the ndepth export for CSV at 500,000 events, however one of my scheduled reports only showed 50,000. Is this a bug? nDepth export to CSV/PDF limitation -...

View Article

Re: ndepth query

:0
:0
August 3, 2016, 6:21 am

You'll have to use the Reports app, per this article.No nDepth results older than a month - SolarWinds Worldwide, LLC. Help and Support

View Article
Image may be NSFW.
Clik here to view.

Re: Using nDepth explorer to create on demand tables/charts

:0
:0
August 3, 2016, 6:23 am

nDepth has limitations for data older than a month also, per this article: No nDepth results older than a month - SolarWinds Worldwide, LLC. Help and Support

View Article

Re: Collect events from Novell eDirectory on SuSE

:0
:0
August 4, 2016, 6:08 am

Doesn't look like anyone every resolved this one.  I am trying to set this up and am very new to LEM.  I have all the xdas audit pieces setup on the NetIQ SuSE Linux server running eDirectory.  I am...

View Article
Browsing all 5385 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>