Error with Reports Manager
Ok, I've been bashing my head on this problem for a few days now and I'm calling in for reinforcements! Just joined a new organization using LEM, and I'm happily learning all it can do. However I...
View ArticleUSB detected but not blocked on some machines??
I have a whitelist allowed USB devices configured on our system and it appeared to have been working well. We tested a number of unauthorized devices and they would get blocked as expected. Now however...
View ArticleRe: Error with Reports Manager
Do you have the Microsoft Telnet Client feature enabled on your station? Can you try opening a command prompt and running: TELNET SOLARWINDS-LEM 9001 You should get something back like this: HSQLDB...
View ArticleRe: USB detected but not blocked on some machines??
Can you post a list of the whitelisted devices? Specifically, I'd be interested in seeing any entries with wildcards in them. Can you also post the ExtraneousInfo data from the USB attach events?
View ArticleClik here to view.
Re: Error with Reports Manager
Confirmed, my telnet output looks exactly as predicted. Output copy is below: HSQLDB JDBC Network Listener. Use JDBC driver with Network Compatibility Version2.1.0.0 and a...
View ArticleRe: Error with Reports Manager
I know you've already nuked Reports and paved, but... Can you uninstall Reports, nuke the install directory if it gets left behind, and then reinstall with the "Run as Admin" and let me know if that...
View ArticleAccount Lockouts widget
I wanted to create a widget based on Account Lockouts filter.A simple one, a table with three columns: Event Info (Account lockout "user"), Source machine (to see where it got locked out), and Time of...
View ArticleRe: Error with Reports Manager
I'll try a re-nuke and directory delete this afternoon. I was kicking myself that I didn't think to verify the directory removal last time prior to re-install. I considered the RESTRICTREPORTS command...
View ArticleRe: Error with Reports Manager
Support could root in and see if the changes made by "RESTRICTREPORTS" are present in the LEM config. You can also see the config yourself. Under MANAGER run VIEWSYSINFO. The last screen of data...
View ArticleRe: Account Lockouts widget
I've been playing with it, and I had some of our support guys try, and it doesn't appear that a multi-column table such as you describe is possible.
View ArticleRe: Error with Reports Manager
Nice to know it is possible the RESTRICTREPORTS can be viewed, the other knowledgebase article (I will have to dig it up) made it sound like it was impossible to do that. It doesn't look like we are...
View ArticleClik here to view.
Re: Error with Reports Manager
Okay, we have some progress and change here.... As requested I uninstalled the Reports app. Then I rebooted my system and went into C:\Program Files\ and deleted the "SolarWinds Log and Event Manager...
View ArticleRe: Is there a place to find recommended or sample filters, rules and reports?
In one of my other posts note how the graphs are not very useful for my needs. For example, unless I missed something, there is no way to create a graph that show a list of top TCP traffic servers and...
View ArticleFREAK Schannel
Any ideas on using LEM to scan for FREAK using schannel via the windows agents? I figured out a way using USG and version numbers with IIS and IE but would like to expand with schannel, just can not...
View ArticleRe: Palo Alto threat logs
I was just looking over the logs for another case, and it looks like the formatting might have changed - if you can provide a syslog sample (to me or the support team) we'll see if we can figure out...
View ArticleModifying your own AD account Alerts
Has anyone had any success with monitoring or triggering on the modification of their own AD account? I'm having difficulties because the way LEM handles event 4728 it separates the Source Account into...
View ArticleRe: Modifying your own AD account Alerts
Do you want this for a specific user(s) or any user?
View ArticleRe: Error with Reports Manager
Folks I had the Same problem it was fixed by me changing Yes Changing AD password, its either too long or my password contained a " speech mark once I changed my password to something simple I was...
View ArticleRe: Error with Reports Manager
Interesting. Sadly I won't be able to test this and confirm/deny because my workplace enforces a very strict password complexity rule in the AD environment. However, one of the user accounts I have...
View ArticleRe: Modifying your own AD account Alerts
I'll use UserModifyAttribute as an example, but to detect that the same user that modified the account is the owner account I think you can use: UserModifyAttribute.SourceAccount =...
View Article