Re: LEM - action - forward syslog event to NCM syslog for RTCD
I had not previously...thanks...you can find it HERE now
View ArticleAuditing Windows scheduled tasks run using LEM Agent
Hi all, I am curious if anyone has been able to audit windows scheduled tasks running on a windows server where they have deployed the agent and if so, how they can determine the user account used to...
View ArticleRe: LEM Thoughts of the Week: Does Compliance Actually Make you More Secure?
I think the general sentiment on this thread is spoton in that compliance *should* just verify what you are already doing, but for some smaller shops with not enough direction, it can be used as a...
View ArticleRe: agent intsaller issues
Remote Agent Installer - The host discovery uses a NetBIOS broadcast to look for hosts. Are you blocking this network traffic or ports?Are you running the remote installer with credentials that have...
View ArticleClik here to view.
Re: Auditing Windows scheduled tasks run using LEM Agent
Garreth, It looks like those events are logged under Event Viewer\Applications and Services Logs\Microsoft\Windows\TaskScheduler\Operational. The LEM has connectors for the big Windows logs: System,...
View ArticleConfigure LEM as a SYSLOG Server
Hi, I am currently configuring LEM to monitor a small industrial network, (containing 12 devices). Firstly can someone please confirm that LEM is capable of receiving SYSLOG data.If so, is this a...
View ArticleRe: Top 6 SANS Essential Categories of Log Reports 2013 in LEM
I am building my own document around the SANS list and also wanted to say thank you for the reply and to add that I have also been using the following to help create Rules/nDepth searches: Windows...
View ArticleClik here to view.
Re: Configure LEM as a SYSLOG Server
Did you go into the console and enable the flow? It should be under the manager --> enableflow.
View ArticleRe: Configure LEM as a SYSLOG Server
You can collect and store the raw (non-normalized) data in LEM for searching with nDepth. Please check out the KB article HERE on how this can be configured. I have done it and it works.
View ArticleRe: Collect Raw Logs
This KB will help you set the LEM up for collecting raw logs, but you'd still need a connector....
View ArticleRe: Configure LEM as a SYSLOG Server
So looking at the logs I can see the FW entries in two folders [1]: Syslog Consolidated Log&[6]: User Log I'm making an educated guess that those folder locations are as follows?/var/log/syslog...
View ArticleRe: Configure LEM as a SYSLOG Server
The connector is not only device specific, it's log specific. It needs to be designed to parse the specific logs you are trying to get as that is required for normalization of the data. If you want...
View ArticleRe: LEM Thoughts of the Week: Tell Your Favorite "Found in the Logs" Story
I just found that my fellow admin's system was broadcasting NetBios traffic like crazy... to the tune of 1200 events per minute. It turns out the cause was multiple things not the least of which all...
View ArticleRe: LEM Thoughts of the Week: Tell Your Favorite "Found in the Logs" Story
Hrm, just thought of another good one too... A few months back I just happened to be watching LEM, I guess because I am weird that way and I saw a ton of failed logins for one of our engineers Active...
View ArticleRe: Configure LEM as a SYSLOG Server
Thanks for the help, tips and information. I think I'm going to have to find/write/beg for a connector. The LEM package has already been bought, I'm currently trying to integrate two new firewalls.I...
View ArticleRe: LEM Thoughts of the Week: Tell Your Favorite "Found in the Logs" Story
Aw, man. The talk of shame.
View ArticleProcess stop monitor
There is a service.stop="service_name", but is there a process.stop="process_name" function? I'm trying to monitor a specific process running on a server and want to know when it stops. Any ideas would...
View ArticleClik here to view.
Re: Configure LEM as a SYSLOG Server
We do have an existing connector for Hirschmann switches, but I don't know that it covers the firewalls. If you submit a support request let me know the ticket # and I can take a look.
View ArticleClik here to view.
nDepth histogram x-axis timezone incorrect
Hi Geeks, The timezone in x-axis is incorrect.When mouse-over the bar, the time is correct indeedWould you tell me how to fix it?Below is my screenshotThanks
View ArticleClik here to view.
OPSEC connector session error
Hi, I created OPSEC connectorWhen I started it, internal warning appears immediately and no event is collected.Can you give me a hand?Thanks in advance
View Article