Re: Sourcefire Defense Center?
Thank you for your reply. Yes, they can send syslog. Having a custom connector made by SW would be fantastic. Any idea how quickly they could do this?
View ArticleRe: Sourcefire Defense Center?
Once we have the sample logs from the device, the next steps are: You may also post your request to the Thwack forum for the SolarWinds product you wish to see improved. Thwack Feature Request forums...
View ArticleClik here to view.
LEM Database
Can you get access to the LEM database to do direct SQL queries? Ever since upgrading to 5.7 from 5.4 (via 5.6), the reporting has been unusably slow (if it works at all, yes there is a call open but...
View ArticleRe: LEM Database
Edward, this article from the KB details what it takes to make a JDBC connection to the LEM database: SolarWinds Knowledge Base :: Creating a Custom Report Perhaps that can help you run queries directly?
View ArticleRe: LEM Database
This is what we've followed and whilst this allows you to connect to the database the tables all appear empty when you do. There is either something serious wrong with our install or there is some...
View ArticleRe: LEM Database
We've never supported trying to access the database directly, but: 1. Open the Properties of the Reports shortcut2. At the end of the Target: line, outside the quotes, add /L. The line should end...
View ArticleRe: LEM Database
I've done all that....using a jdbc connection and running the sql directly doesn't return results, neither does the report application. The log created with /L does show the application doing something...
View ArticleRe: LEM Database
Interestingly if I try a connecting to the LEM DB remotely; 1. Using the hsqldb-2.3.1.jar lem_lucius.jar and lem_util.jar as the driver libraries. 2. Connecting to...
View ArticleSlow reports
We need to generate some reports for an audit coming up and the report builder has been PAINFULLY slow. We have about 600,000 entries going into each report and they take anywhere from 30 min to 1.5...
View ArticleClik here to view.
How does one suppress LEM alerts?
I have a user account lockout rule that is working well, sending emails when an account is locked.Every once in a while, I'll get 2 alerts within a minute or so referencing the same user, but reported...
View ArticleClik here to view.
Re: Slow reports
We are on LEM 5.7YesYes Reports always launches as admin (changed in properties)No it only seems to be slow when run over 3+days (We need 1 week at a time)When I went to install reports I get this...
View ArticleRe: Slow reports
RE: 5 - That sounds like you need to reinstall Crystal Reports Runtime as an Administrator! There may be no better way to make things faster than to shrink the time-frames on those reports and run them...
View ArticleLEM Security Rules for Firewall Logs
I currently have my firewall(s) set to send all of their logs to LEM which includes log data for pretty much all network traffic. I am curious if anybody has any good suggestions or pointers on rules...
View ArticleRe: Slow reports
Uninstalled and re-installed as admin with no luck. And It just seems crazy that you can't generate a report with a time-frame longer than 3 days...
View ArticleRe: Slow reports
Ready to dive into the LEM techronomicon? Here we go... The LEM generates new partitions as event data comes in, and drops old partitions as the disk fills up. The frequency of this creation is based...
View ArticleRe: Slow reports
Thank you for the explination! Is it possible that the sheer number of alerts we are receiving every min could cause this "warm" period to shrink? And if so how would we go about removing alerts we...
View ArticleRe: LEM Security Rules for Firewall Logs
We struggle with this as well. As far as LEM is concerned I don't have any rules to give out that would help. We have gone the route of setting up traps to alert us. So for example I want to be...
View ArticleRe: LEM Security Rules for Firewall Logs
Yeah, I hear ya. For those unmatched events, if it's a supported device you can export a report and send it to SolarWinds and they will upgrade the connector for it; I have done that several times...
View ArticleRe: Slow reports
Yes, because memory is a factor, and the LEM will prioritize processing new events and keeping rules firing over the database partitions being warm. Our assumption is you want your real-time alerts...
View ArticleClik here to view.
Re: LEM Security Rules for Firewall Logs
Oh nice. I will have to take advantage of that. Yes I agree. It's a great tool and has made my life considerably easier. I am interested to see how it continues to evolve in the IDS/IPS realm. We...
View Article