Re: Does LEM automatically capture Windows' EVENT VIEWER APPLICATION logs?
nicole pauls -- Can you validate the above and/or offer any other comments? Thanks.
View ArticleFile Audit showing user as NT AUTHORITY\SYSTEM
I have set up a FileAudit filter but all logs are showing the user as NT AUTHORITY\SYSTEM. I installed the hotfix suggested in this post: Re: file audit nt authority but it hasn't worked?
View ArticleRe: File Audit showing user as NT AUTHORITY\SYSTEM
What version of LEM are you using? Is NT Authority\System the only user that appears in FIM logs?
View ArticleRe: File Audit showing user as NT AUTHORITY\SYSTEM
LEM version is 6.0 I think. NT Authority\System is the only user showing under the File Audit filters (including the one that is pre-setup)
View ArticleClik here to view.
Re: File Audit showing user as NT AUTHORITY\SYSTEM
Please update to 6.1 and let the LEM upgrade the Agents. Some operations will always show SYSTEM but you should see user names for most delete, create and write events once you upgrade.
View ArticleRe: LEM and Juniper SRX 550
I found this SolarWinds Knowledge Base :: Integrating Juniper Firewalls with SolarWinds LEM Is it similar to what I need to do with SRX?
View ArticleClik here to view.
Re: How can I log when a file is opened using Object Access Auditing?
That video was very helpful, thanks. By any chance can you demonstrate the "file read" auditing? I am having a very hard time finding a way to audit when a user actually opens a file because there...
View ArticleRe: Duplicate not connected agents eating up licences
Yes, I have a support case (712756) and solarwinds has tried everything. The ticket is actually closed now and I am in the process of trying to recreate that environment within our network to eliminate...
View ArticleClik here to view.
Re: How can I log when a file is opened using Object Access Auditing?
Yeah, that's a limit of Windows, I'm afraid. Even FIM will get flooded with the attribute and property "reads" because Windows makes no distinction between actually opening a file and just getting...
View ArticleClik here to view.
Re: Not all USB devices being picked up
Does the iPhone or Nokia come up as a mass-storage device in Windows? What device stack does it fall under?
View ArticleRe: Eliminate .tmp and ~$ with filter?
Hi Curtisi Thank you for the reply. I have removed the exists part of the filter: FileDelete.FileName /= (does not equal) *.tmp *~$ OR FileCreate.FileName /= (does not equal) *.tmp *~$ OR OR...
View ArticleClik here to view.
Re: Not all USB devices being picked up
Hi Curtisi Thank you for the reply. I have taken some screenshots of what shows when I plug in the Nokia as an example.Thanks Jack
View ArticleRe: Not all USB devices being picked up
So it appears that that device isn't advertising that it has mass-storage capabilities, so USB Defender won't catch that.
View ArticleRe: Not all USB devices being picked up
Interesting! So is there another option for picking up anything connected via a USB port?
View ArticleRe: How can i change the SNMP settings used when polling LEM (from NPM)
Nicole, I'm trying to monitor the Virtual Infrastructure... it must be possible as I found a way to do it when it was build a few years ago... I have set a custom community RW string but now need to...
View ArticleRe: Windows share mount error
Steve, I have the same issue where my LEM appliance (virtual machine) is unable to mount windows shares when trying to upgrade through the console (same error 13). If you contact SW support they can...
View ArticleLEM High Availability
I can not find any docs or details for LEM High Availability setup but see a mention in the user guide, how is this done? ThanksTony
View ArticleRe: LEM High Availability
SolarWinds doesn't directly offer or support LEM HA. If you're running LEM on VMWare you can look at vMotion or SRM as an option. Jeff
View ArticleClik here to view.
Re: Eliminate .tmp and ~$ with filter?
Just want to be clear, you are saying they are still showing up in events under that specific filter, or they are occurring just in general?
View Article