Clik here to view.
Re: TriGeo Alert - Disk nearly full
Thanks for the link to the video, that is awesome! I have created an email template essentially matching what you (I believe it was you) set up in the video, assigned it to some uninformative alerts...
View ArticleRe: Threat intelligence feed logs
If you have to have any open ports or static NAT's, etc. inbound to a server or app, a rule to alert you when known threats are detected coming to that particular IP and perhaps actions to auto-block...
View ArticleClik here to view.
Re: threat intelligence events
Perhaps the Meraki is parsing packets destined for its own MAC address at layer 2, but at layer 3 the IP's are intentionally wrong/changed? Not sure how else the packet would make it to the Meraki...
View ArticleClik here to view.
Re: TriGeo Alert - Disk nearly full
I just want to add that after updating the mail template with the settings in your video and then applying it to many of my alerts, I can now see where each alert is coming from along with a lot of...
View ArticleRe: LEM v6.3.1 HOT FIX 4 IS NOW AVAILABLE
Hey Jamie, some of the formatting of those cumulative hotfix notes is a little wacky, might be some copy/paste gremlins in there.
View ArticleClik here to view.
Clik here to view.
Re: SolarWinds LEM - no email alerts for changes to Domain Admins
Did you by chance modify the built-in user defined group of "Admin Groups"? Go to Build, Groups, and on the left side, change the drop-down for type to user defined groups. Find the one for Admin...
View ArticleRe: SolarWinds LEM - no email alerts for changes to Domain Admins
SSH into your appliance, go to the APPLIANCE menu and run DATECONFIG. Hit Enter a few times without entering anything. The LEM will return what it thinks the current date and time is. Is this...
View ArticleClik here to view.
Prevent rule from triggering for X amount of time after first trigger
I have a rule that is set to alert if a file is created in a directory using FIM, but I'd prefer to not get an email for every single file that gets created if multiple are created in a short span of...
View ArticleClik here to view.
Re: Prevent rule from triggering for X amount of time after first trigger
All the tricks I can think of are in this video:
View ArticleRe: Create a Alerting/Action Report
I think I know what you're asking... I do this from an nDepth search within LEM.On the Monitor tab, you should see a filter for "Rule Activity" in the Overview section. Highlight it and then click the...
View ArticleHotfix 4 closing programs immediately
This hotfix does not allow Adobe Acrobat or Salesforce Data Loader to stay open. It opens for less than second and then immediately closes. Once I stop the LEM service or uninstall the LEM agent, the...
View ArticleRe: Hotfix 4 closing programs immediately
Hi barzillo, That is a very odd situation. I would contact support since there is nothing in hotfix 4 that would have done this situation. It sounds like you have a rule that may be firing on a start...
View ArticleRe: Hotfix 4 closing programs immediately
Disable the "Kill Suspicious Process" rule. That did it for us.
View ArticleRe: Hotfix 4 closing programs immediately
You are correct. I found a rule that would fire. It was closing any suspicious programs that would use two file extensions to run. I just deleted it for now so everyone can use Adobe again. Thanks...
View ArticleMonitor custom log files out of the box or should I just use Splunk?
I have an off-the-shelf application that writes to a non-Windows Application log location. The location is similar to C:\ProgramData\AppName\ModuleName\ModuleNameLogs. How can I parse these logs and...
View ArticleLEM Database Maintenance Report not reporting correct "Database Time Span...
I recently worked with SW Support tkt#1153393 to reduce the size of myLEM DB. The tech removed data partitions and successfully reduce the size ofthe DB but now the DMR is not accurately reflecting the...
View ArticleRe: Monitor custom log files out of the box or should I just use Splunk?
SAM can do it, but it'll require some level of scripting to tell SAM how to read the file. LEM can do it, but you'll have to open a Support ticket to get connectors made for the product.
View ArticleClik here to view.
Re: Monitor custom log files out of the box or should I just use Splunk?
Yeah, this shouldn't be that difficult. I should be able to point it to a log and just look for a keyword. Even Foglight was able to do that. Unfortunate.
View Article