LEM Port Scan Alerts
I'm new to SolarWinds LEM and need to figure out how to quite the noise down of all the port scan email alerts. I have a few questions regarding this topic. after looking over the rules. I do see there...
View ArticleRe: LEM v6.3.1 HOT FIX 4 IS NOW AVAILABLE
applied hotfix, was sent this link from a colleague. Not 100% accurate took longer to take a snapshot of the box. Fistful of flaws blow away SolarWinds network appliances • The Register
View ArticleMac address in LEM
Hi all, is there any way to log also the Source MAC Address in EventLogon Event??
View ArticleClik here to view.
Modify existing LEM filter to exclude keywords
Using LEM 6.3.1 I am trying to learn this product and have stumbled upon what I thought would be an easy task - I want to take a an existing filter, clone it and then edit it to do what it is doing but...
View ArticleRe: Mac address in LEM
I don't believe that's a field, and most systems don't send that with their logon events.
View ArticleRe: Modify existing LEM filter to exclude keywords
First, the reason it's not working is because you have an "OR" in the logic. The orange line on the right with the round bump in your screen shot means "OR." Second, you may be solving the wrong...
View ArticleRe: Modify existing LEM filter to exclude keywords
Thank you Curtisi. That was it. Good stuff.
View ArticleClik here to view.
LEM in a Hybrid Environment
As SolarWinds positions itself to support hybrid environments I am curious about the future of LEM? I love and am a huge advocate for LEM; however, as we move more and more into managing hybrid...
View ArticleRecognizing A Sequence of Events
I have website log that I need to act upon for a specific sequence of requests. The sequence is something like: IFURL-A appears in a log recordAndWithin 5 seconds URL-B appears in a log recordAndThe...
View ArticleClik here to view.
Re: Recognizing A Sequence of Events
It's hard to answer this precisely because I don't know what devices are sending logs and what the LEM will classify those logs as when normalizing them. Therefore, this is a general example, and may...
View ArticleRe: Recognizing A Sequence of Events
Thanks Curtisi, Wouldn't that rule require that the URL of a single record equal both URL-A and URL-B at the same time?
View ArticleRe: Recognizing A Sequence of Events
Yeah, perhaps? LEM really wants to different event categories for this sort of thing.
View ArticleRegex to match all user logins with exception.
In Syslog viewer I'm trying to setup a Syslog message pattern to match when a user logs into a cisco device and exclude 1 user. I know that doing *Login Success* matches on any user login but I want to...
View ArticleClik here to view.
Re: Regex to match all user logins with exception.
In LEM, you'd accomplish it with a Rule or Filter like this:
View ArticleClik here to view.
Re: Recognizing A Sequence of Events
I'm unable to find the "Threshold" addition when adding a rule. How do I add it to Correlations as you've shown above.
View ArticleClik here to view.
Re: Regex to match all user logins with exception.
Ok, so looks like I'm not using LEM. I'm using the Syslog Viewer that comes with Orion.
View ArticleRe: Regex to match all user logins with exception.
You posted your question in the LEM forum, so I thought LEM might be involved. You may want to try asking this in the NPM area so their experts can see it.
View ArticleRe: Regex to match all user logins with exception.
No problem, I appreciate your help. I was able to resolve. Somehow I missed the fact that the last part of the line *Login Failure* was part of the entire expression (I switched from wildcard to...
View ArticleRe: Set ACLS to members in adminsitration group
This is due to the fact that every 60 minutes the Domain Controller is doing a background thread search on all members of the administrators group. The alert is being generated from the default (or a...
View ArticleRe: Recognizing A Sequence of Events
You have to add a sub-group (the green box) and then it's in the top-right corner.
View Article