LEM Agent in DMZ Showing as Non-Agent Node
We have a public web server located in a DMZ. We recently installed the LEM agent on the server and opened the necessary ports in our firewall to allow it to communicate with our LEM appliance on the...
View ArticleRe: How do I configure the SNMP community string for LEM?
Looks like this been implemented in LEM version 6.3 currently available as an RC: "LEM monitoring through NPM and the Orion Web ConsoleYou can configure SNMP version 3 on your LEM appliance to...
View ArticleClik here to view.
Re: How do I configure the SNMP community string for LEM?
Pradeep, The procedure will be in the LEM 6.3 User Guide under "Advanced Configurations." Steve
View ArticleRules from a single host, from a single user ID
I need to create two rules that will alert on brute force attacks within specific time frame, one from the same source, and another one from the same user ID.I see the rule "Continuous Excessive Logon...
View ArticleClik here to view.
Reports on node down but traffic from that machine continues?
Hi all, I would like to make a rule to email or preform another action for the event that a node is in a disconnected status, but lem is getting logs with the machine name of that node in the log....
View ArticleSolarWinds Event Log Consolidator
Just installed SolarWinds Event Log Consolidator on my Windows 2012 R2 Standard Server Had to install netframe 3,51 first strange that solarwinds cant work with netframe 4.5 which 2012 installs but...
View ArticleClik here to view.
Re: Rules from a single host, from a single user ID
Hey! You can do this via the 'Advanced Correlation' tool within the Rule Builder, if you click the 'Advanced Correlation' button with the 'Correlation Time' widget: You can then set the condition,...
View ArticleRe: Rules from a single host, from a single user ID
Thank You. That is exactly what I was looking for.
View ArticleClik here to view.
LEM nDepth Timeline Time Off By 3 Hours
Currently evaluating LEM. I noticed in nDepth the times shown in the "timeline" are off by three hours from the results details. I'm not seeing where to configure that. What am I missing? Thanks.
View ArticleRe: LEM nDepth Timeline Time Off By 3 Hours
Hey! This KB outlines the steps to run on the LEM virtual machine. Once you have updated the date/time you may have to reboot the appliance for the change to reflect in the web console/nDepth. Hope...
View ArticleRe: LEM nDepth Timeline Time Off By 3 Hours
jhynds, Thank you for the reply. I should have mentioned that I had already set the time and time zone via cmc previously. I just verified them and they're correct. But, I had not rebooted the...
View ArticleLEM Storage Capacity Alert
Currently evaluating LEM to replace our existing SIEM. We have a requirement that says we have to be alerted when our log storage disk capacity reaches 80%. While we could do this within VMWare, we...
View ArticleClik here to view.
Re: LEM Version 6.2.1 hotfix 2 restore - https down
The LEM keeps daily config backups by default, but the case is still open and hierarchyTree.xml file had issues in all of the backups. Had to rebuild entire LEM. Call support if you need to restore.
View ArticleClik here to view.
Re: LEM Storage Capacity Alert
Hey, LEM performs health checks on the database at regular intervals (on an hourly basis I think) - these events appear as InternalInfo events. You could build a custom rule based on these events. A...
View ArticleRe: LEM Storage Capacity Alert
Cool. Thanks! I have LEM on a test network so I can test this by setting the disk threshold real low and see what happens.
View ArticleFIM: disabled on startup
I have noticed that even after enabling FIM on startup on Windows 7 workstations, they are disabled the next day. anyone else seeing this?
View ArticleRe: LEM Storage Capacity Alert
One thing with that rule: It'll alert if the EventInfo includes "80." If your disk makes it from 79.4% full to 80.5% full in one cycle (about an hour) that rule won't fire because "81" =/= "80" There...
View ArticleRe: FIM: disabled on startup
How to gather some information that might help below. All steps should be on the system running FIM/the LEM Agent. Open a command prompt as an administratorRun FLTMC, get the results (screenshot)Run...
View ArticleRe: LEM Storage Capacity Alert
Hmmm....interesting. Might could create the rule with "OR" statements using 80*, 81*, etc.
View Article