SQL Auditor problems
We recently fired up a new virtual SQL server (2008 R2) and need to start auditing sql authentication failures. I went to set it up the same as the other SQL (2008 R2 also) server, which we are...
View ArticleDo you guys agree with this product review of LEM???
I came across this new product review of LEM on a review site for IT softwarehttp://www.itcentralstation.com/product_reviews/log-event-manager-review-by-byron-anderson--2 Really cool to see these Yelp...
View ArticleAnnouncing General Availability of LEM 6.0
It is my pleasure to announce the release of LEM 6.0. Head on over to the customer portal to download your copy and enjoy the following new features (assuming you have active maintenance):File...
View ArticleRe: SQL Auditor problems
Had to give our domain admin account access in the SQL database to alter trace permissions then it went through.
View ArticleDisplay Name Of Windows machine that was logged into
In LEM, we see logon and logoff events but the details do not show us what machine a particular user logged into. We are getting requests to create a report of what machines a user logged into in a...
View ArticleClik here to view.
Re: Display Name Of Windows machine that was logged into
Are you doing any logging with the Agents on Workstations? I just setup an alert for someone, and they were seeing destination machine on the logon and logon failure events.
View ArticleRe: Display Name Of Windows machine that was logged into
Yes, we are getting inputs from the agents but only on domain controllers. We don't install the agent on workstations.
View ArticleClik here to view.
Re: Display Name Of Windows machine that was logged into
Can you run this command and see what the result is on your Domain Controllers?
View ArticleAdmin Account Authentication
How to set up AdminAccount Authentication? I cant figure it out and I have looked to an easy solutions but can not find it. Thanks
View ArticleRe: Admin Account Authentication
What do you mean by "Admin Account"? When a user uses "Run as Admin" in Windows? Logging into the LEM as Admin? Something else?
View ArticleClik here to view.
Re: Admin Account Authentication
I want to enable the Admin Account Authentication that is highlighted above. Thanks
View ArticleClik here to view.
Re: Admin Account Authentication
This filter is dependent on the "Admin Accounts" User Defined Group, so your Admin Accounts need to be specified in that group.
View ArticleRe: Admin Account Authentication
Thanks so much for the help. It worked. Do you happen to know if there is e-mail notification for like when accounts get locked out? Thanks again
View ArticleRe: Admin Account Authentication
By default, no, but you could certainly use Rules to create one.
View Articlefile audit nt authority
Greetings, I just rolled out SLEM 6.0 (and updated the agents) and turned on the new FIM feature. In theory this is an awesome thing to have, but it's proving to be useless to me at the moment. Every...
View ArticleMultiple Failed Login attempts by different users but same IP
Does anyone know how to setup a filter and/or rule that will notice multiple failed login attempts by multiple users (before account lockout) originating from same IP within a certain time frame?...
View ArticleClik here to view.
Re: Multiple Failed Login attempts by different users but same IP
BUILD, Rules, drag the failedauthentication event, specify the event count and the sliding time frame. Use the tiny icon next to the time frame to bring up the advanced options editor and drag the...
View ArticleRe: Multiple Failed Login attempts by different users but same IP
You can find instructions with screenshots in the 'Custom Rules' section of this doc (page 30-33)http://www.solarwinds.com/documentation/LEM/Docs/LEM_Evaluation_Guide.pdf
View Article