Re: User Defined Groups and Variables
That, my friend would be a nice feature. Someone correct me if I am wrong, but I do not believe that capability is available yet. What you can do though as an alternative is create a spreadsheet...
View ArticleLEMs Snort
I have been trying to get Snort going on our LEM box and while the process shows up in top. It doesn't appear some of the rule are working. I followed this guide SolarWinds Knowledge Base :: Snort...
View Article"Exception_Logged" error when trying to create email alert for rule
I'm trying to get LEM to send out an email alert in the event someone inserts a USB drive into a workstation. Right now, I've cloned the rule "Detach unauthorized USB Device". The correlations are set...
View ArticleRe: LEMs Snort
Here is a sample of my config file for snort.debian.conf DEBIAN_SNORT_STARTUP="boot"DEBIAN_SNORT_HOME_NET="[Use commas between multiple addresses]"DEBIAN_SNORT_OPTIONS="-A fast -I -N...
View ArticleRe: Changing the default port for LEM Cisco IPS 5+ connector
Thanks. This is working correctly now.
View ArticleRe: LEMs Snort
Yeah it's definitely up and configured.21714 snort 20 0 134m 52m 3780 S 3 0.7 0:44.63 snort 1371060294000 SLEM snort[21601]: Initializing Network Interface eth01371060294000 SLEM...
View ArticlenDepth Report for Interactive Logons
I've been trying for weeks to get an nDepth report created that shows ONLY interactive logons to servers by domain admins; it seems no matter what I do I get too little or too much data... I haven't...
View ArticleDoes MSSQL AUDITOR provide any SQL CDC information?
We are needing to monitor SQL security events. Can anyone tell me how MSSQL AUDITOR performs from this perspective? We'd like to see granular information such as Change Data Capture - inserts, updates,...
View ArticleRe: LEMs Snort
Just in case anyone else is running LEM via HyperV and is looking to do the same thing. Straight from the horses mouth:Snort included on LEM is capable of sniffing the entire network as long as you're...
View ArticleLEM File integrity monitoring
One of the reasons I chose LEM for an evaulation is it's file monitoring capability. I've searched through the user guide and I can't seem to find how this is configured. I do have the agent running on...
View ArticleRe: nDepth Report for Interactive Logons
Hi kelkin, If you just want to see everything related to a specific user, try this:Open the LEM/SIM Console, and then log in as an administrator.Click the Explore, and then select nDepth. This should...
View ArticleRe: nDepth Report for Interactive Logons
Hi Ram,Thanks, but that isn't what I'm looking for. I don't want to weed through tons of events for a specific user. I want to generate a report each month that shows ONLY logins for domain admins on...
View ArticleLEM Questions.
Hello, I just joined the community. In my organization, we have LEM 5.5.0. Scenario - I just installed the agent on my own computer via remote utility and It successfully added it. Issues - 1 - I can't...
View ArticleRe: LEM File integrity monitoring
If you want to audit files on a Windows machine you will have to enable "file auditing" in your Security Policy. It is well advised to do some research on the Advanced Audit settings so that you can...
View ArticleLEM Backup before upgrade to 5.6
I see options for the backupconfig and archiveconfig but which is the proper backup the 5.6 upgrade is asking about? The upgrade asks for a backup, but the documentation doesn't say how to perform...
View ArticleError: General: search ended prematurely
errorAs I was running ndepth searches I ran into this error, all searches return this error, and all my home page widgets are broken (other than events per minute, user logins by source machine, and...
View ArticleRe: LEM Backup before upgrade to 5.6
5.6 converts your existing data to the new database format. We used archiveconfig. I believe it will backup all data in logs/data under diskusage. Whether or not it outputs everything I don't know.
View ArticleRe: Error: General: search ended prematurely
I have come across this too, in my case an appliance reload seemed to clear it up, not really a solution though ....
View ArticleRe: Error: General: search ended prematurely
I had the same issue today. I closed and reopened the console and it didn't help. I restarted the database and it didn't help, then I restarted the manager service and it fixed the issue. Maybe a bit...
View ArticleRe: Error: General: search ended prematurely
Same here, it started happening after upgrading from 5.5 to 5.6 and the DB migration had completed. I had to reboot the appliance to resolve, twice now.
View Article