Can we write such rule?
Alert if there are Five failed logon attempts are tried from different usernames from the same IP within 15 minutes and after that if there is a successful login occurs from the same IP in next one hour?
View ArticleRe: Event Collection Failure Alert
There are some rules shipped with LEM that monitor things like the LEM's internal database and disk usage. In 6.3.1 you can also hook SAM to LEM to monitor things like the manager processes and disk...
View ArticleRe: Can we write such rule?
Haven't tested it, but I think this captures the logic you're looking for.
View ArticleClik here to view.
Re: Event Collection Failure Alert
If you check on how much free memory is left when this occurs... what do you see? Is the amount very low? [cmc> manager > viewsysinfo ]Are the partition percentages very high?
View ArticleExternal Threat database
Can I integrate LEM with external threat database?Does internal threat database of LEM check BAD IP and DOMAIN both?
View ArticleRe: Syslog node names?
Hello, Solarwinds has a database for Syslog. In this DB there are a HOSTNAME_UNICODE column which is used to show Syslog Hostname under Syslog web page. Is uses DNS to fill this column, and if DNS does...
View ArticleClik here to view.
Re: External Threat database
No, the LEM only supports the one integration with EmergingThreats.net that you can turn on and off in the Manage --> Appliances screenIt checks IPs only
View ArticleRe: LEM nDepth Results vs Result Details
Interesting. The histogram is drawn from index data - basically aggregate counts that are stored separately and contribute to the left and the top panels. Result details is pulled from the actual data...
View ArticleRe: Event Collection Failure Alert
Hasn't happened again since upgrading, but if it does I'll make a note and reply back.
View ArticleAgent Event Caching and Delivery to Manager
We've had some issues recently in which we've discovered that no events have been collected for a period of several days, but the manager is up and running as far as we can tell. The issue appears to...
View ArticleRe: Is there a list of LEM Best Practices, or Most Common Rules?
Thank you for all of the great responses. This is a wonderful community!!!
View ArticleRe: Is there a list of LEM Best Practices, or Most Common Rules?
Don't forget to check out the LEM Training section on the SolarWinds Support site. The site includes several short videos on how to use key features in LEM. You can also register for a LEM 101 course...
View ArticleUnable to create a Directory Service User
Spinning up a new LEM 6.3.1 instance. When I go to Build > Users and click the "+" I do not get the option for "Directory Service User". I only get "LEM User" and "Import LEM user". I have the...
View ArticleClik here to view.
Re: Unable to create a Directory Service User
6.3.1 does things a little differently. The Directory Service Query connector is only for Directory Service Groups. To enable LDAP authentication, you'll need to look at this document: Configure...
View ArticleRe: LEM Reports; only some reports working?
I am having the same issue with a number "out of the box" reports. Namely "Inferred Alerts", and "Inferred Alerts by Inference Rule" which I have verified events that occurred in the time period.
View ArticleClik here to view.
Re: LEM Reports; only some reports working?
Can you check that the date/time and timezone on your LEM is correct?
View ArticleRe: LEM Reports; only some reports working?
It is correct, matches up with the timestamps on the DC's. Just to be clear, I used the following commands: appliance > dateconfig > [enter] > [enter] and it states the correct date and time.
View Article