Clik here to view.
Restricting Nodes from obtaining a LEM license
Other than removing the command lines from a router/switch/firewall, is there any other way a LEM Administrator can restrict nodes from obtaining a license? I understand from the console, an...
View ArticleRe: Restricting Nodes from obtaining a LEM license
New nodes are detected based on what connectors you have turned on. If you have turned on a Cisco connector that is reading the facility4 logs, any new Cisco device that you add to the network and...
View ArticleRe: Restricting Nodes from obtaining a LEM license
HolyGuacamole, Thanks for the reply. That is exactly what I am trying to find out: Is there a way to block a node in LEM from obtaining a license? Is there? T.J.
View ArticleClik here to view.
Not receiving events from Cisco 4260 IPS/Cert Issue?
After following the SolarWinds procedure Integrating Cisco IDS/IPS with SolarWinds LEM. I am still not receiving any events from our IPS. However, looking through the showlog, I see the following:...
View ArticleClik here to view.
Re: Restricting Nodes from obtaining a LEM license
Short answer is no. Re-configuring the devices is the least disruptive way to control which devices get licensed.
View ArticleClik here to view.
Re: I can not get my SWLEMReports.exe to run.
I was able to over come this problem by installing the SolarWinds-LEM-v6.0.0-ReportsAndCrystal. First I uninstalled the SolarWinds-LEM-v6.0.0-Reports, not sure what this would be used for if you need...
View ArticleIs it possible to have the detection time reflect the local time of the node?
I have several nodes located in various timezones. Currently all events reflect the local time of my appliance. Is it possible to configure the LEM settings such that the DetectionTime of an event...
View ArticleRe: file audit nt authority
I have some advice for your situation that I'll pass on in a bit, but for everyone following this thread I wanted to pass on that the release candidate of our service release is available that includes...
View ArticleClik here to view.
Managing multiple LEM appliances
As we expand our number of LEM appliances I am finding I need a method for centralized management and I am curious what the best way to do this would be? We are a solution provider that implements...
View ArticleRe: snort output server setup
I have 2 NICs on this physical Linux pc (OpenSUSE 13.1) one is in promiscuous mode, now do you need the snort daemon running, could you show me the snort command that you use to get the logs. I have...
View ArticleClik here to view.
Network Events Widget - What is it looking for?
Can someone tell me what the Network Events Widget is supposed to be looking for? What activity kicks it off? I would love for LEM to sniff traffic or even show any network activity that takes place...
View ArticleRe: Network Events Widget - What is it looking for?
Most of those widgets are driven from filters, which are driven from real-time event data - i.e. stuff coming from logs. Usually network events come from firewalls, routers, switches, IPS/IDS, proxy...
View ArticleRe: Managing multiple LEM appliances
I don't think this is documented more than stating a fact that you can add more than one So, the way it works is that you add more managers from the Manage > Appliances tab, and you can access and...
View ArticleRe: nDepth graph days mixed up
This is new to me - there must be something in the data throwing it off, or something not collated. I'll check with the team. Edit - what is the timeframe you're searching where you see this so I can...
View ArticleRe: Is it possible to have the detection time reflect the local time of the...
Hmm... the way it works is that the events may be reported in the original timezone, but they get displayed "normalized" into the same timezone so that you see all the events in order. The timezone is...
View ArticleRe: Not receiving events from Cisco 4260 IPS/Cert Issue?
Sometimes we see issues when the LEM appliance can't contact the IPS using the info provided, but without more detail I'm not sure. Can you paste the entire error event that shows that stack trace? We...
View ArticleRe: Emailing nDepth Report Through PDF File Format
Hey Vinaya, you might want to post or look over in the Log & Event Feature Requests forum. I didn't find one, but we've heard this request before, so I'd definitely post it if you don't see...
View ArticleRe: Using a Thread Intelligence Feed with LEM?
We keep an eye on this question to see what we can integrate with natively, but so far haven't heard much of it. We have had some people import feed info via CSVs to User-Defined Groups to use in...
View Article