Clik here to view.
LEM unable to see Security alert on Active Directory
Hi All, I was doing testing on LEM where i trying to obtain event from AD server such as simple login/logoff of domain user. After deploy the agent into AD server and perform some login/logoff and look...
View ArticleRe: LEM unable to see Security alert on Active Directory
If you go to MANAGE > Nodes view of the web console, what is the status of the AD node? If you status is 'green', double click on the node and it should show you the list of enabled connectors....
View ArticleRe: what happens to event logs if LEM Agents (windows) cannot connect to LEM...
Okay, there's this article: SolarWinds Knowledge Base :: What can the LEM Agent do when it's disconnected from the LEM Manager? What it doesn't tell you is "How long?" and the reason for that is that...
View ArticleClik here to view.
Re: LEM unable to see Security alert on Active Directory
Based on our Template Connector Profile for Windows Server 2008/2012 with the DC role, I'd suggest you set up these connectors at a minimum for your DCs: The other part of this is going to be, what...
View ArticleMastering the filter/rule Creation Engine...
Hi guys... I've only been working with LEM for about a week now and I must say that I am quite impressed by the possibilities I can foresee with this program. I have been tasked by my company to master...
View ArticleRe: Mastering the filter/rule Creation Engine...
If you haven't already checked out the LEM videos then I would strongly recommend doing so. I used those to learn much of what I know about it today. Those can be found HERE.
View ArticleWhat reports can be used to meet PCI compliance requirements?
Being new to SolarWinds Reports (5.7), I'm trying to determine which reports can be run to meet PCI reporting requirements? I've found that I can't create the same types of reports that I've been...
View ArticleClik here to view.
Re: What reports can be used to meet PCI compliance requirements?
With the disclaimer that "Compliance cannot be achieved by reports alone," and the corollary that garbage-in is garbage-out and nothing-in is nothing-out, here's where I would start in the Reports...
View ArticleRe: Mastering the filter/rule Creation Engine...
A good real world example rule is based off the rule template Critical Account Logon Failure. This rule is great at catching someone trying to guess user passwords without locking accounts. For...
View ArticleClik here to view.
Re: LEM Security Rules for Firewall Logs
There is alot of different things in these replies to address. If I miss any, my apologies. LEM can primarily be used in conjunction with your firewalls to look for failed logon attempts(Template...
View ArticleRe: Mastering the filter/rule Creation Engine...
@byrona ... The videos in that section provide a decent overview of LEM functionality and have a few advanced examples, however, they are generally too basic for what I am looking for. Thanks though...
View ArticleClik here to view.
UserLogonFailure.SourceMachine Keeps Being Blank!
What would be causing this? When I run this query... I get zero hits, but when I run this query, for the same time frame... I get 102 hits. Obviously, I want the source machine to help research the...
View ArticleRe: What reports can be used to meet PCI compliance requirements?
Thanks for the quick reply. I am aware of all the available reports. I guess I was looking for information on which of the available reports are actually being scheduled by customers.
View ArticleRe: Mastering the filter/rule Creation Engine...
Another good rule template is called the Kill Suspicious Process Requirement for this rule: Group policy enabling process tracking. (Caution: process tracking can be very chatty, not all environments...
View ArticleUpdating to LEM 6 Data Concerns?
Hi guys... We have LEM 5.7 and want to update to LEM 6.0 ... Naturally there is invaluable log data which needs to be preserved in the process. Are there any issues regarding data...
View ArticleRe: UserLogonFailure.SourceMachine Keeps Being Blank!
Can you post any event example out of the 102 hits you do get? My initial thought is that it might have something to do with the LogonType.
View ArticleRe: Login Failure Doesn't Detect IP
curtisi thanks for the update! Unfortunately this makes it very difficult to track the activity back to specific systems unless you know the naming convention. It sounds like this is expected...
View ArticleClik here to view.
Re: Updating to LEM 6 Data Concerns?
You will not lose historical data when you upgrade from LEM v5.7 to LEM v6.0. As a best practice, always take a snapshot 'of the VM as a backup before proceeding with the upgrade
View ArticleRe: I have LEM 5.4, We own a 6.0 licence. Can someone show me where to...
Rick, You may need to upgrade to LEM 5.6.0 first then to 6.0.0 but curtisi can confirm if there is an upgrade path. Note that upgrading from 5.4 to 6.0 will involve a database migration, which takes a...
View ArticleChange Management
Change Management is something that applies to just about every compliance standard out there. How do you handle it? Is detecting the change with LEM all you need to do to be compliant? Is there...
View Article