Re: LEM upgrade - not enough space in /var
Can you run a DISKUSAGE in the APPLIANCE menu of the CMC shell and paste the output?
View ArticleRe: LEM upgrade - not enough space in /var
Thanks, I ended up opening a ticket and we trimmed the DB some.Turns out it was an issue where I didn't have enough "reserved memory" for VM. had max allocated set but uses java where it can't...
View ArticleRe: LEM upgrade - not enough space in /var
Yep, reservations are a big deal for the LEM! https://thwack.solarwinds.com/docs/DOC-173770
View ArticleTrouble with NATO "user enabled" alert
I cloned the NATO5 "User Account Disabled" alert rule and got the alert to fire and an email notification working very quickly and easily. Now I am trying to do the same with "User Account Enabled",...
View ArticleRe: Trouble with NATO "user enabled" alert
Hmm, do you have a sample account enabled/4722 in your LEM console? The rule is looking for a UserEnable event where the EventInfo field contains the phrase "Account Enabled", so I'm thinking maybe the...
View ArticleRe: Trouble with NATO "user enabled" alert
Wow - bingo - the text was different. In my correlation within my rule it read: *Account Enabled.* instead of: *Account Enabled*...
View ArticleIssues While Upgrading LEM to 6.0.0
Hi, I am trying to upgrade LEM from 5.7.0 to 6.0.0 and getting the below error:Mounting share //<Share Name> with user domain\\<Username>ERROR: Problem mounting Windows share. Details:...
View ArticleRe: Issues While Upgrading LEM to 6.0.0
I would suggest keeping your share path as simple as possible. Preferably no spaces..etc.
View ArticleClik here to view.
Re: Trouble with NATO "user enabled" alert
I'll look into whether we need to change the default rule - thanks for the troubleshooting!
View ArticleRe: Issues While Upgrading LEM to 6.0.0
Its like: \\abc-xyz-01.DomainName.com\ABC\Solarwinds\LEMStuff\SolarWindsLEMv6Upgrade\ I think it should work without any issues.
View ArticleClik here to view.
Re: Issues While Upgrading LEM to 6.0.0
The extra slash is from Linux putting an escape character in the path, and is normal. Personally, I've noted that mount.cifs has issues with long paths. The command wants to mount an actual share, and...
View ArticleClik here to view.
snort output server setup
I have a physical snort box, and I am trying to get it to send logs to my SolarWinds LEM, I set it to the output to the IP of the SolarWinds LEM but it doesn't pick up anything. I am using OpenSuse...
View ArticleRe: Firewall Log Management
nicole, what is the best practice for sourcefire? I have pointed sourcefire to local4 and created a new snort connector looking at local4.log. Im not seeing anything and dont see any detailed...
View ArticleRe: file audit nt authority
followed the readme twice but it never came back with the correct log in the log file....
View ArticleUsing a Thread Intelligence Feed with LEM?
I am curious if anybody out there is using LEM in conjunction with a Threat Intelligence feed? I realize that LEM doesn't currently accept any of the feed protocols; however, I have seen that some...
View ArticleClik here to view.
Re: snort output server setup
Whats in your # syslog entry in your snort.conf? It should look something similar to the following. output alert_syslog: 1.1.1.1:514, LOG_AUTH LOG_ALERT. We have ours going to user.log You also want...
View ArticleRe: Issues While Upgrading LEM to 6.0.0
I tried everything but its not working!!! Anyone who can help me in this regard or can share their experienced if they have faced the same issue? Your help would be greatly appreciated! ThanksDevesh
View ArticleRe: Issues While Upgrading LEM to 6.0.0
I was having this issue for about 45 minutes, after trying everything I realised the language settings for the keyboard were wrong therefore making my password incorrect when entering... School boy...
View ArticleRe: Issues While Upgrading LEM to 6.0.0
The error you're providing is coming from Windows, so I'm still pretty sure it's either the path or permissions or a bad password. You probably ought to open a ticket with support so we can have a...
View ArticleEmailing nDepth Report Through PDF File Format
Inside LEM verison 6.0, when generating nDepth queries, I can export the results in PDF format. However, when emailing, there is only one option of sending it via a .csv file. I was told by LEM support...
View Article