LEM Upgrade - Disk Space Requirements
I'll be upgrading my LEM appliance from 5.5 to 5.6, and then to 6.0 following the upgrade path. How much available disk space is required for the upgrade? I've read the upgrade documentation and...
View ArticleRe: LEM 5.7 - Not purging old events
Joseph, you probably should call and open a ticket with Support to clean up the LEM disks, since that isn't normal operation. That said, if you log into the LEM via SSH, and other APPLIANCE run a...
View ArticleRe: LEM Upgrade - Disk Space Requirements
Mark, The 5.6 upgrade will evaluate your free disk space, and won't allow the system to proceed with the upgrade if there isn't enough disk space. It also prompt multiple times if you're sure you want...
View ArticleClik here to view.
Re: LEM 5.7 - Not purging old events
Thanks for your reply. The checklogs reveals only one large log (syslog local5 log - 824MB), but all the rest are below 10MB, most are empty. We don't have ndepth logging turned on. With the...
View ArticleDemo LEM virtual appliance is not working properly
Hi All, i have installed DEMO LEM in my LAB .i have a fortinet 40c and juniper ex3200 switch with 2-3 windows servers. but it is not showing any logs in console.however i checked through cli of lem...
View ArticleQuestion on Rules Creation & Notification Timing
One of my clients requested a rule to alert if anyone starts scanning on a particular TCP port from the outside. They collect logs from a number of perimeter devices and asked for a threshhold of 10...
View Articlecreate filters based on windows events
Hi all, I'm brand new to log management and LEM and was hoping someone could point me to where I can find some information. I have a list of Windows events that I need to monitor and I'm having trouble...
View ArticleRe: create filters based on windows events
I tend to build in nDepth to see what works and then write the Rules/Filters I need. EventIDs are listed as the ProviderSID when you are setting up the Conditions. I would use a wildcard at first i.e....
View ArticleRe: How to track new/changed Admin account
I've tried the above. I have gone to my Active Directory server and added Domain Admin to my account and then removed it and I don't get the alert (email). I have another rule that emails me when a...
View ArticleRe: create filters based on windows events
hi Cassandra, My suggestion would be to create a User Defined Group and use it in a filter. Look at the Provider SID field for the LEM Events you are interested in. You can then build a User Define...
View ArticleRe: Question on Rules Creation & Notification Timing
First of all, if you think 10 unique events in 60 seconds will fire too many rules, you should consider increasing that event count to be greater than 10 for a true representation of abnormal activity...
View ArticleRe: Connect refuse with any nDepth search in Log & Event Manager
Hi garrethcoleman,I have been facing the same problem as above.. Tried restarting the Manager(Appliance) but still the same.. Please can you one assist?Thanks a lot,
View ArticleClik here to view.
Re: Demo LEM virtual appliance is not working properly
Finally LEM is working ..with all IPS,firewall,switch logs..now trying to understand the rules ...
View ArticleRe: Connect refuse with any nDepth search in Log & Event Manager
What version of LEM are you running? If you run a WATCHLOG under the MANAGER menu, are there any error messages, especially if you run an nDepth search with the log open? SolarWinds Knowledge Base ::...
View ArticleTroubleshooting SMTP connectivity?
Hiya.I'm setting up my first LEM server which is on a customer site behind various firewalls and have got as far as configuring email.I've specified the mail host and port number and so on, but when I...
View ArticleRe: Question on Rules Creation & Notification Timing
Adjusting the threshold is part of the discovery process. Each client has a different level of exposed threat space. After letting it run for 12 hours I did up the threshold for one common application...
View ArticleEmail when Cisco device is accessed
Is there a way to have a Cisco device email when enable or config is accessed on device?
View ArticleRe: Email when Cisco device is accessed
I've achieved this in the past by monitoring for syslog messages (using the Solarwinds Syslog Viewer) which contain the relevant message text. An action is then set to fire an email alert containing...
View ArticleRe: Email when Cisco device is accessed
I then noticed that you're using LEM of which I have no experience - so my original comment may be unhelpful here.
View ArticleClik here to view.
Re: Email when Cisco device is accessed
*** Disclaimer ***This was only tested on a Cisco ASA, accessed via ASDM and SSH but here's what I found...*** End Disclaimer *** Here's what I came up with as far as an nDepth search for finding when...
View Article