Clik here to view.
Re: Rule triggers went it is not suppose to trigger
A couple of issues. There is a Group inside a Group. It is effectively a single group. The innermost group is joined by an OR logic. It should be AND. The outermost group logic is AND. Since there is...
View ArticleClik here to view.
Re: Rule triggers went it is not suppose to trigger
So, I did some digging. No connector will throw a PingSweep event by itself. Some of them will create ICMPPingSweep events, or TCPPingSweep events, but no "just" PingSweep events. That means all of...
View ArticleRe: Rule triggers went it is not suppose to trigger
HolyGuacamole and Curtis, Thank for the quick reply and suggestions. I will make changes and test. T.J.
View ArticleRe: Setting up LEM to detect Advanced Persistent Threats (APTs)/Trojan-Ransom
Rufat87, Thanks for the tip! T.J.
View ArticleRe: LEM SDK ?
Correct - we're looking into exposing LEM data via SWIS similar to other SolarWinds products, but it's not in our immediate roadmap or something we're committing to just yet.(I didn't find a feature...
View ArticleClik here to view.
Monitor License Key Activation?
Hi guys I was wondering if there was any way to monitor license key activation using LEM? For example, Windows or Office have had a product key entered? Thansk!
View ArticleRe: Monitor License Key Activation?
I've been Google'ing, and it looks like there are some events, like this one in the Application Log: https://support.microsoft.com/en-us/kb/921471 Or these: Get help with activation errors - Windows...
View ArticleLEM older release notes?
Does anyone know where I can find the Release Notes for LEM 6.01? I seem to only be able to find links to the latest version. Thanks!
View ArticleRe: LEM older release notes?
Here you go: http://www.solarwinds.com/documentation/lem/docs/releasenotes/releasenotes.lem.6.0.1.htm
View ArticleClik here to view.
Re: LEM older release notes?
Also you can find links to older release notes usually at the bottom of the latest release notes (There is a link at the top to the Version History section at the bottom as...
View ArticleLEM doesn't know how to handle file share audit events
So I have file share auditing enabled on a file server. The event log collects data every time a share is accessed and the events in the event viewer are easily readable and contain all of the...
View ArticleRe: LEM doesn't know how to handle file share audit events
First thing, I'd suggest updating your connectors. I think we already addressed this in a new connector revision for Windows Security events. If that doesn't work, you'll need to work with Support so...
View ArticleRe: LEM doesn't know how to handle file share audit events
Well I followed the instructions to update the connector package, the SSH console leads me to believe it was successful although I do not have the filter "InternalToolOnline" like the instructions say...
View ArticleRe: LEM doesn't know how to handle file share audit events
It's possible that the share events were different when the connector was written (a lot changed between Server 2003 and Server 2008) and no one has brought this up yet. The usual SLA promised is 4 to...
View ArticleClik here to view.
Re: LEM doesn't know how to handle file share audit events
If you need something in the meantime you could check out LANGuardian. It captures file activity from network traffic so you don't need to worry about auditing on your file servers. Demo available...
View ArticleRe: Modifying your own AD account Alerts
Have you tried Auditable Group Events.EventInfo I use the strings Member "*" removed from group "DOMAIN\Group Name" Member "*" added to group "DOMAIN\Group Name"
View ArticleSyslog node names?
I have a number of syslog devices pointed at LEM, but they all show up as IP addresses for node name. Is there a way to change the name of these nodes? Thanks!
View Article