Re: Determining remaining LEM capacity
Yes, check out the Database Maintenance Report. Also, this KB: SolarWinds Knowledge Base :: How many days of live data will the LEM database store?
View ArticleRe: LEM - Log Retention
That is true. We have a couple of feature requests on tuning retention per-source and we're looking into when we could get that implemented. Nothing imminent but it is on our radar. Here's one feature...
View ArticleRe: Unknown Hosts Attached
I think having an IP address appear in a log that doesn't match a known list is the best suggestion we have - the DHCP but no Agent rule is an example if you have full agent coverage, but if you don't,...
View ArticleRe: Recording policy changes from Sophos Enterprise Console 5.2 in LEM?
For the additional events, we should be able to add these to the connector hooked up to the Sophos DB. You might have to submit a request once you've got it hooked up (or submit a ticket if you can't...
View ArticleRe: Recording policy changes from Sophos Enterprise Console 5.2 in LEM?
here's what we've been able to figure out so far. sql port 1433 is NOT open by default on a standard sophos (window server/sql express) install. we have since opened it. i'm not getting different...
View ArticleClik here to view.
Re: LEM: It's time to step out of SPLUNK's shadow, spread your wings and be...
I think the biggest issue to tackle is the connector bit. When a customer asks "can you support logs for <insert item here>", you need to be able to say YES in nearly all cases. Every time I...
View ArticleRe: LEM: It's time to step out of SPLUNK's shadow, spread your wings and be...
Yeah - I really appreciate the feedback, and anyone else reading should definitely feel free to add their two cents. I'm looking for a way to do something sooner rather than later, but the more caveats...
View ArticleRe: LEM: It's time to step out of SPLUNK's shadow, spread your wings and be...
By all means, start small; you can't boil the ocean. When asked if I can support any given log type I need to be able to say "YES", it's okay if it starts out as a "YES But...".
View ArticleRe: Getting mail syslogs from a Barracuda Spam & Virus Firewall
Hi Nicole, Thanks for your response. The Barracuda Admin connector successfully pulls in syslogs from our load balancers, but not our spam & virus firewalls... Edit: The Admin side works after...
View ArticleRe: SolarWinds LEM features
Thanks Phil, Your answer is very helpful to first-timers like me..:)
View ArticleRe: Log and Event Manager Failed Logon Tracking
Try this: Exchange 2010 – Find the client device IP Address! « MSExchangeGuru.com
View ArticleClik here to view.
Clik here to view.
How to determine what groups are actually available with the DS Query Tool
I have seen in several environments that I can add any and all user groups using the DS Query Tool, but then in the same environment only see 1 or 2 machine groups. Typically, the ones I can see and...
View ArticleLEM Database not running
Hi All, I cannot get to start/restart the database. What could possibly be the cause? Regards,
View ArticleRe: LEM Database not running
If you open the CMC shell, go to Manager and then do a WATCHLOG, what does the manager log say? Is the disk full? (Go to APPLIANCE --> DISKUSAGE) Is the store for the VM disk full? You should...
View ArticleRe: LEM Database not running
Disk full would be my guess as well. It doesn't like that at all.
View ArticleRe: How do I configure the SNMP community string for LEM?
We all have our favorite way of processing data and collecting it. Though snmp v1 is a bad idea. v2 and definitely v3 would be ok. At the switching level Access control lists can be implemented to...
View ArticleRe: LEM Database not running
Thanks Curtisi & Tmiller. For Disk usage, I have the following result: Disk Usage:TriGeo: 22% (611M/3.0G)OS: 45% (1.3G/3.0G)Logs/Data: 44% (96G/234G)Temp: 22% (1.2G/5.9G)Database Queue(s): 1.1G...
View ArticleRe: LEM Database not running
Okay, so not a disk full. It appears that the database isn't running on the LEM, so events aren't getting archived. Your temp space is being used to store events while the manager collects events...
View Article