Sharing custom LEM Reports (credit unions)
Any CU's out there willing to share some of your custom reports...
View ArticleRe: Email alerts missing information.
It looks like you need to drag and drop the fields you want into your variables in the Action portion of the rule. For example, drag "UserDisable.EventInfo" into the $info field. Then make sure that...
View ArticleLEM syslog issue
We have an application (Trend Micro Deep Security) which is able to forward events as syslogs (under the SIEM tab). I have configured it to forward as Basic Syslog, Local3 facility. The server hosting...
View ArticleClik here to view.
How do I export all raw data from Logs/Data?
I would like to get the data, but not in LEM report form, not to mention ndepth crashes and times out consistently. This is for examination by a third party. I have verified that there is 200gigs of...
View ArticleRe: LEM syslog issue
I'd suggest that you run an ExportSyslog command and dump the Local3 to a server, and then contact support. They can test your logs against the LEM tools, and it could be that a new revision of an...
View ArticleRe: How do I export all raw data from Logs/Data?
You could use the various backup commands to get the LEM to dump all its data to a share, but it's still going to be in a format that is unique to the LEM. SolarWinds Knowledge Base :: How to Configure...
View ArticleRe: How do I export all raw data from Logs/Data?
Thanks, that helps a lot. Is there no way to examine the data outside of LEM? We have auditors and outside security firms that want to examine LEM logs. What options do we have?
View ArticleClik here to view.
Re: How do I export all raw data from Logs/Data?
You could theoretically have them spin up a LEM and send them the database partitions, and have them import those partitions for their own analysis. Part of the reasoning for all this complexity is so...
View ArticleRe: PURGE DATA SOLARWINDS LEM
my disk is at 100% please let me know how to fix this.. Checking Disk Usage.......Disk Usage:TriGeo: 20% (545M/2.9G)OS: 35% (978M/2.9G)Logs/Data: 100% (482G/482G)Temp: 22% (1.3G/5.9G)Database...
View ArticleFIM Folders Best Practices?
Hi I am trying to setup FIM to monitor our network for PCI. I have started with the PCI starter monitor but that shows all files on the C:\ that are .dll, .exe or .bat. I have many legit file types...
View ArticleLEM Rule Creation
I'm extremely new to LEM and I was wondering if anyone could guide me in the right direction. I'm trying to create a rule that will send out an alert when someone modifies their own AD account. This...
View ArticleClik here to view.
Re: FIM Folders Best Practices?
You can have a monitor that looks at multiple sub-folders like so: And then make sure it's not applying your filters recursively with this option:
View ArticleClik here to view.
LEM (Version 5.7) and Windows 2012 R2
Anyone had issues with 2012 R2 and version 5.7 and directory services reporting? Thanks George
View ArticleRe: Email alerts missing information.
iclemuser is right, but I decided to make this answer a little easier with a demo:
View ArticleIs there a way to create custom actions?
I wish to create custom actions to use within my LEM rules. For example, Based on a certain event; I would like to copy a specific file (related to that event from one location to another).
View ArticleRe: Is there a way to create custom actions?
There's not, but you could put that in as a feature request.
View ArticleRe: Is it possible to have the detection time reflect the local time of the...
There are several timezone based requests that I think could be consolidated into one request and then get everyone to vote for "all" the options. I think they would benefit anyone operating in...
View ArticleAlerts on Event Viewer items
Can someone direct me to an article or specific pages in the LEM user guide that will explain how to setup Event Viewer monitoring for certain events? I have been tasked with alerting a team if any...
View ArticleLEM OPS Center - View Historical Data
Hello, I have recently installed the LEM appliance and all is going well, but I can't view historical data in the Ops Centre dashboard. I would like a dashboard widget for account lockouts for the last...
View Article