Re: Clear the LEM database to start fresh
There isn't a way for a customer to nuke the database. What I'd suggest is backing up the LEM configuration on Dec 31, re-deploying the VM and then importing the LEM configuration. You'll start with...
View ArticleRe: LEM reports export
Yes, you can have the reports dump to a UNC path instead of to the local drive. Just specify the path when configuring the reports task.
View ArticleRe: LEM reports export
Thanks curtisi, I tried like crazy but it kept giving me errors. I ended up just putting it on a more secure machine for my team and sharing the folder just for them. Maybe I was missing something. But...
View ArticleRe: Clear the LEM database to start fresh
Thanks again curtisi, Will this affect my remote agents in anyway? I off course know that the LEM IP and hostname need to stay the same when migrating to the 'fresh' appliance. Besides that, will my...
View ArticleWho is using LEM as a SIEM working in the DoD?
If so, how are you all using it? I want to use it more than just a log collector or troubleshooting server/application events. I want to use it review security information and events. Review advanced...
View ArticleRe: Clear the LEM database to start fresh
They should. The point of the config backup/restore is partially to restore those links.
View ArticleClik here to view.
Re: Who is using LEM as a SIEM working in the DoD?
We have installed and configured LEM for civilian, DOE and DOD agencies. I have a current project underway configuring LEM to inspect devices for DISA STIG settings. LEM is a somewhat complicated...
View ArticleRe: Palo Alto config with LEM
lcfc, I am curious if you had to do anything special on the Palo Alto zones/rules settings to allow Syslog traffic to be permitted to be sent to LEM?
View ArticleRe: Palo Alto config with LEM
I setup log forwarding and syslog parameters but no zones/rules.
View ArticleLEM 5.7 Compliance/Disa Stig
I been using LEM for about 6 months, we went through and setup all of our rules. Now I notice that under Compliance There is a DISA STIG rule set template(s). Have these been there the entire time or...
View ArticleRe: LEM reports export
curtisi,Once I got the reports onto another server I tested with UNC path and it worked! Not sure what I was doing wrong before, thank you for the help.
View ArticleRe: Clear the LEM database to start fresh
I had heard that the server may generate a new certificate and clients would need a reinstall of the agent - to re-establish to the newly built LEM server...
View ArticleRe: LEM 5.7 Compliance/Disa Stig
Be carefull using these rules. They are good starting points. They will need to be updated and configured for your network.
View ArticleRe: Clear the LEM database to start fresh
The cert in question is backed up as part of the backupconfig and restored as part of the import command, so no worries there!
View ArticleLocation of Windows/Solaris Agent Log Files
Looking at the output of checklogs, I can see when, where, and more importantly IF LEM receives events from non-agent devices. This GREATLY helps in troubleshooting. However, I am not sure I can answer...
View ArticleClik here to view.
Re: LEM 5.7 Compliance/Disa Stig
@ Curtisi, really. Don't know how the hell I missed them. @Chet, yea. I'm combing threw them,cherry picking the ones we are not already using. Thanks much, All
View ArticleLEM - Logs on Windows file copy
Hi everyone, I wanted to know if events are generated when file copy are started between windows workstations, server and to USB key when the remote agent is installed.Thank you.
View ArticleClik here to view.
Re: Auditing Windows scheduled tasks run using LEM Agent
I see that SolarWinds has added a new connector for this (Operating Systems: Microsoft Windows Task Scheduler). Yesterday (11/19/2014) I added this connector to a Win 2K8 server and executed...
View Article