Clik here to view.
LEM: Is there a way to delete old data from the alerts database and/or set...
I have close to two years worth of data in my LEM now. I'm also experiencing slow response-times and/or timeouts when executing nDepth searches. I'm guessing this is directly relating to the size of...
View ArticleRe: snort output server setup
I want to thank you again for your advice, now my problem is that it is making logs but they have to be in text format, not binary. Would the command to do so be: snort -D -c /etc/snort/snort.conf -l...
View ArticleClik here to view.
Re: snort output server setup
Would this command be more accurate: snort -D -de -c /etc/snort.conf -A fast.
View ArticleWhitelist specific USB Device model - LEM
We have a specific model of USB device that we are trying to whitelist for one of our networks. We have used the pre-defined rule and added the ExtraneousInfo which is USB\VID.....etc and confirms it...
View ArticleRe: snort output server setup
-K ascii would be the correct flag if you wanted them in plain text. From your command I don't see you logging it in binary however.
View ArticleRe: FIM is setup. Getting .tmp alerts
Solarwinds had called for another issue and I raised this question to them. It appears if you setup a FIM the rule that is created still needs to specify the file .zipx, .txt, .log. Once this was...
View ArticleClik here to view.
Re: Adding a Syslog node
Having a similar issue. On Kiwi, see lots of log activity. In LEM, barely see any action.
View ArticleRe: Adding a Syslog node
What you see in LEM by default is normalized events, not raw syslog messages like Kiwi. Unless the relevant connectors are turned on, there will be no normalization and hence no activity in LEM. Please...
View ArticleIs there a way to monitor disk space in LEM?
We are already doing this through Orion but i'm wondering if it can be done through LEM as well?
View ArticleRe: Whitelist specific USB Device model - LEM
So here's some samples from my lab: Event NameEventInfoInsertionIPManagerDetectionIPInsertionTimeDetectionTimeProviderSIDExtraneousInfoSystemStatusDetached "Port_#0001.Hub_#0001" (SAMSUNG Mobile USB...
View ArticleRe: Implementing Login or Warning Banner
It doesn't appear that this is a feature in LEM, though I definitely see the value of it. I didn't find any similar feature request for LEM, so I created one here:...
View ArticleClik here to view.
Re: LEM: Is there a way to delete old data from the alerts database and/or...
I see this question a lot, so here's some info. There are two ways to approach retention in an appliance like the LEM. First: you define a number of days. If the device can keep that number with the...
View ArticleRe: CIDR Notation for LEM rule
There isn't a way to do that in the LEM, but I definitely think it's worthy of a Feature Request. It already looks like you have your first supporting vote in msteinvertifi! The LEM's Feature Request...
View ArticleRe: Adding a Syslog node
Hi Thank you for the relatively quick response. Are dlink home routers supported ? most small offices use these kind of routers for internet e.g (DIR 645 etc.)
View ArticleRe: snort output server setup
This is what I am looking for, I want Snort to log Alert logs in text format. Now I am not sure which command would be appropriate, I have tried snort -D -c /etc/snort/snort.conf -l -K ascii...
View ArticleClik here to view.
Re: Is there a way to monitor disk space in LEM?
There seems to be two ways to interpret this question, so I'm going to tackle both. First: Can I monitor the LEM's disk space? Yes! There's a couple ways to do this. If you SSH into the LEM, under...
View ArticleRe: Adding a Syslog node
It doesn't look like there is a connector readily available for this device. However, new connectors are added fairly regularly and if this device supports Syslog, it would be relatively easy to add a...
View ArticleRe: Is there a way to monitor disk space in LEM?
Thanks for the response. I was looking for option B but both are very helpful.
View Article