Re: LEM ver 6.2.1 - nDepth search by Name and by IP return different results...
Let me backup as well and explain the goal/objective. I am an IT Auditor testing our system of internal controls against policy and reporting on what I find.The topic is Logging. Our policy states...
View ArticleHow to get LEM to start on boot with CentOS 7
When installing the agent on CentOS 7 and trying to enable the LEM service to start on boot, I get this message: “sudo systemctl enable swlem-agent swlem-agent.service is not a native service,...
View ArticleClik here to view.
Reporting on disabled users attempting to logon
Hi all,i have ana audit requirement to be able to report on the above. Every time try to define a filter for it, i get either all failed logons or events when users accounts are disabled..help! fairly...
View ArticleClik here to view.
Re: Reporting on disabled users attempting to logon
It looks like LEM gets data from these attempts, like this: On the Authentication - User Log On Failure report, it looks like this: You could create a custom report that only shows results with that...
View ArticleClik here to view.
Re: LEM ver 6.2.1 - nDepth search by Name and by IP return different results...
If you're looking to verify that a given device is generating logs, what you most likely want is DetectionIP = <device IP or hostname, depending on what gets logged>. That will only show you...
View ArticleRe: Reporting on disabled users attempting to logon
Hi, thanks for taking time to reply! for some reason that doesnt appear on my lem report for user authentication failed logon, although i do have all logon and logoff events on the Domain controller...
View ArticleRe: Reporting on disabled users attempting to logon
Check this link. Audit Policies and Best Practices for LEM - SolarWinds Worldwide, LLC. Help and Support
View ArticleClik here to view.
Re: Reporting on disabled users attempting to logon
thats already all setup. i get this reported on the DC event log: but nothing shows up on the lem reports or custom filters to show logon failure. there are other logon failures in the list however for...
View ArticleRe: Reporting on disabled users attempting to logon
I have figured this out, the alerting is only availabe to filter on event 4769 which corresponds with 4768. the issue is that 4768 is logged on DC and 4769 on the workstation. Agent was required to be...
View ArticleLEM only backs up to the Administrative share
All,After upgrading to LEM v6.3.1 I had to do a work around to schedule weekly backs. I interested in know if anyone else had the following issue. When attempting backups to a shared folder name longer...
View ArticleRe: LEM only backs up to the Administrative share
Can you make the \LEM folder a top-level share? I have my backups going to a C:\File Shares\LEM and because there's a share at the LEM location, it works fine.
View ArticleClik here to view.
Configuring SSO for LEM
I am attempting to configure AD integration for LEM (6.3.1) and for the life of me, I cannot get it to function correctly. I contacted tech support and they sent me this article. When I get to the...
View ArticleRe: LEM only backs up to the Administrative share
Curtis, Thanks for the reply. Trying to backup to \\A.B.C.D\c$\LEM still generates the error “An error occurred attempting to copy a file to \\A.B.C.D\c$. Please reenter the network share credentials.”...
View ArticleRe: LEM only backs up to the Administrative share
Right, but if you share LEM directly so that LEM is a share at the top level of the server? So the share path is \\server\LEM\ that should work.
View ArticleClik here to view.
Re: LEM only backs up to the Administrative share
Curtis, Thank you! Sharing the LEM folder (\\W.X.Y.Z\LEM) allows me to schedule backups. Thanks, T.J.
View ArticleRe: Configuring SSO for LEM
It sounds to me like it's complaining about this part of the instructions:Open your Microsoft Management Console (MMC) and create at least one security group called ROLE_LEM_ADMINISTRATORS in Active...
View Articleinternal tool online but no events (ASA)
The internal tool offline/online occurred for cisco ASA, however events did not get captured. We had to manually stop/restart the connector in order to begin seeing events. Do users out there create a...
View ArticleClik here to view.
Stupid-friendly guide.
Good morning/afternoon everyone. I am wondering if there is a stupid-friendly guide that show you (rather than very briefly, or in a very detailed view) on how to install, setup and config LEM? My...
View ArticleRe: Stupid-friendly guide.
So, in response to your questions, they are as follows:Can I access the LEM console from a web browser: No. It is configured correctly (incase I have gone stupid, I had networks briefly check it). I...
View ArticleRe: Stupid-friendly guide.
Maybe as a feature, it might be worth adding ALL of the applications that are required to get it running...
View Article