Re: Scan for new node running for hours
While a bit dramatic, I do agree with everyone you said here. The scan for nodes is pretty messy, and will likely just get worse as time goes on and more connectors are added. Your best bet is to do it...
View ArticleRe: LEM getting alerts from some DCs but not others?
Thanks for the response. The Windows Audit Policy is already set up using our GPO and I verified all the secondary DCs have the correct Audit Policy applied below. Now that I think about it, it could...
View ArticleRe: LEM getting alerts from some DCs but not others?
Did you also double check the event log rotation policy? If the logs are full and it's not set to "overwrite as needed", you might not see new events - Set Log Retention Policy. What you want is most...
View ArticleClik here to view.
Re: LEM getting alerts from some DCs but not others?
Thanks! This lead me to check the Event Viewer and I was noticing Security Group Management was not showing up when changes were made, and found out the GPO was not being applied correctly. I had to...
View ArticleRe: Is there a list of LEM Best Practices, or Most Common Rules?
Here's a few best practice links that may help. They need to be consolidated in the documentation. LEM Best PracticesAudit Policies and Best Practices for LEMLEM Best Practices for Memory AllocationLEM...
View ArticleIntegrating Cisco Nexus switch with LEM
I am trying to integrate Cisco Nexus 5K switches with LEM as a syslog node, but having no luck. Does LEM support NX-OS? I found the attached, which was very helpful while integrating an ASA, but...
View ArticleClik here to view.
Re: Integrating Cisco Nexus switch with LEM
Hi Mike, There should be a connector on your appliance that supports NX-OS logs: If you follow the steps in the guide you attached, but simply apply the above connector, rather than the Cisco PIX...
View ArticleRe: Integrating Cisco Nexus switch with LEM
I did as you suggested. The syntax is a little different for NX-OS, so maybe you can double check me. I SSH into my switch and added the following commands: logging server x.x.x.x (my LEM IP) 7 use-vrf...
View ArticleRe: Integrating Cisco Nexus switch with LEM
Hi Mike, I'm not overly familiar with the NX-OS, but the 'logging level local2' looks incorrect. It should be set to a level as outlined here. Can you also use the checklogs tool within LEM to confirm...
View ArticleClik here to view.
Re: Integrating Cisco Nexus switch with LEM
According to the Cisco Nexus 5000 NX-OS Software Configuration Guide, Chapter: Configuring System Message Logging, the default outgoing facility is local7. I have changed all references from local2 to...
View ArticleClik here to view.
Re: Integrating Cisco Nexus switch with LEM
Hi Mike, If the logs aren't reaching the LEM appliance, it is generally down to an issue with the source device or something blocking the connection between the Nexus & LEM. The connectors won't...
View ArticleRe: saved ndepth searches disappeared but email sent
This may be what I'm experiencing. I have (had?) several saved nDepth searches configured. One sends an email daily, others weekly. All the emails are still being received. However, when I go back into...
View ArticleRe: Is there a list of LEM Best Practices, or Most Common Rules?
You may also want to take a look at this post from adatole . It has some good links, articles, and information in it to get started with. Free Training: Monitoring 101
View ArticleRe: Is there a list of LEM Best Practices, or Most Common Rules?
SolarWinds also has a LEM YouTube channel with some helpful videos. Steve
View ArticleRe: Is there a list of LEM Best Practices, or Most Common Rules?
SolarWinds also has a LEM YouTube channel with some helpful videos. Steve
View ArticleUSB Defender - RW & Modify detection/action
Within LEM, is it possible to create a rule that will notify an email list when someone copies or modifies a PST or EXE file to or from a USB drive?
View ArticleClik here to view.
Re: USB Defender - RW & Modify detection/action
Hey, You will need to install the LEM Agent & USB Defender on each machine you want to monitor. When a user copies a file to a USB it generally appears as a FileCreate event like below. If they...
View ArticleEvent Collection Failure Alert
Over the past several weeks we have had two instances in which our appliance stopped collecting logs from all systems. However, as the appliance was still up and running, we had no idea that this was...
View ArticleRe: Event Collection Failure Alert
I have seen this before also. You may want to contact SolarWinds support and let them have a look and at least make them aware that this is happening. I think you should be able to setup an alert if...
View ArticleClik here to view.
LEM nDepth Results vs Result Details
I'm searching raw log messages using text input mode in the ndepth window. I put in my search terms, define a time range and send off the search. When the search completes, the histogram shows some...
View Article