Re: LEM - MS SQL Auditor
Sorry I should have been more specific. I was referring to the profiler logs on the actual box the agent is installed on. These can grow fast.
View ArticleManageEngine.xml (Password Manager Pro) Syslog Connector not working
For some reason all events are unmatched. Any insight would be appreciated. Thanks in advance... Steve Here’s a simple, single event example that maybe someone can identify why the PMPro Connector...
View ArticleRule for failed logon
I see a failed logon in LEM, but I can't get this Rule to work. I want it to send me an email when a logon fails. Do you see any problems with this rule:
View ArticleHow to capture failed 'Run as Administrator' events on a Windows domain?
Does anyone have insight into how MS Audit Policy can be used to capture failed 'Run as Administrator' attempts without having to install LEM agents on all workstations? I've been attempting to...
View ArticleLEM Rule for Multiple Failed Logins using multiple account
Hi All, I'm quite new on LEM and I want to make a rule that will give an email alert whenever multiple failed logins were detected from a single source IP that uses multiple account. I've tried...
View ArticleRe: Log Event Manager issue
Sir, I didn't add this through appliance.could you sir clear to me this and how do i this process. Now i did following configuration on my cisco switch.logging onlogging host 10.144.1.1logging facility...
View ArticleRe: Log Event Manager issue
saroop I created this document to help with agentless nodes, since there seems to be some struggle with it: SNMP and Syslog Connector Creation In this case, you'd want to create a Cisco IOS/PIX...
View ArticleRe: LEM Rule for Multiple Failed Logins using multiple account
You will probably want to use Advanced Correlations. Assuming that your rule is something like this, click the highlighted gear button: Then you can create a correlation like this:That means that all...
View ArticleRe: Interested in File Integrity Monitoring with LEM? Seeking volunteers...
I think everyone who replied here received a direct invitation to participate in the beta, but for anyone else be sure to check out this post in the beta forum in case you're a customer under active...
View ArticleRe: LEM Rule for Multiple Failed Logins using multiple account
To clarify - using DetectionIP will match for the machine where the logs are being generated. Caveats:If you're monitoring domain controllers, you will see logons constantly from many different users...
View ArticleRe: LEM Thoughts of the Week: Do you see yourself as a target for attacks?...
Figuring out who the victim is makes it sound like one of those complicated cop drama shows where they try to demonstrate things are much more complicated than they seem Users (themselves or the...
View ArticleRe: How to capture failed 'Run as Administrator' events on a Windows domain?
Thanks for the response, curtisi. That would be a great way to capture the events if we had agents on our workstations, which unfortunately, we don't. At some point, the process of elevating...
View ArticleRe: How to capture failed 'Run as Administrator' events on a Windows domain?
IIRC, it won't auth against the domain controllers, because the privilege escalation is attempted locally. When a 'run as administrator' request is generated, windows checks to see if the user is in...
View ArticleRe: How to capture failed 'Run as Administrator' events on a Windows domain?
I guess I should have specified that in our case, the Run As Administrator attempts are being initiated with different credentials (same domain) than the currently logged on user. So this answer makes...
View ArticleRe: LEM Rule for Multiple Failed Logins using multiple account
curtisi Thank you for this great guide (with screenshots included) . This is what I want to do. nicole pauls Thanks for the clarification. I'm currently monitoring DC and other system as well. You...
View ArticleRe: How to capture failed 'Run as Administrator' events on a Windows domain?
I'm afraid my environment isn't setup to let me make that work. Maybe you can do some "Run As..." tasks and then go into the console and run an nDepth search for AnyAlert from DetectionIP from your...
View ArticleRe: Log Event Manager issue
Dear Curtisi, Thanks for your help. I have seen this and i did lot of efforts but can't do this. Sir i dont want to add any cisco firwall device just want to add cisco switch using add node from LEM...
View ArticleRe: Log Event Manager issue
Connect to the LEM CMC shell:http://knowledgebase.solarwinds.com/kb/questions/3303/Use+an+SSH+client+to+connect+to+your+LEM+appliance Go to the APPLIANCE menu and enter CHECKLOGS. If you view Local2,...
View ArticleRe: ManageEngine.xml (Password Manager Pro) Syslog Connector not working
steven.goldberg@citizensfla.co We have a new connector revision for ManageEngine, thanks to your provided samples. This is now part of the generally available connector upgrade pack.
View ArticleRe: Log Event Manager issue
Dear Curtisi, i successfully connected with LEM in cms shell.What my next step ?
View Article