Re: Error with Reports Manager
It's been a while since the last update. Continuing to work with Customer Support on this issue. The three Windows 7 desktops that were previously configured with Reports (and had an operational link...
View ArticleClik here to view.
Re: No docs for connector and other items
It's taken me a while to get back to it, but here's my 10 minute take on Incident Management and Reporting with LEM:
View ArticleRe: Syslog node names?
Are the Cisco? If they are Cisco devices, make sure you have enabled origin-id logging for syslog messages. The command is: logging origin-id { hostname | ip | ipv6 | string user-defined-id }...
View ArticleRe: Modifying your own AD account Alerts
That's how i do my alerts for people added to groups who aren't pre-approved, but i don't see how that will tell me if a user modifies their own account. However, you did give me an idea (this may be...
View ArticleRe: Modifying your own AD account Alerts
Yes the AND / OR functionality helps here I use this to differentiate between domain account password resets for people (that I want to know about as soon as the change is made) and computers (that I...
View ArticleRe: Syslog node names?
Some are Cisco, some aren't. For the Cisco ones, I don't seem to have the "logging origin-id" option. I do have "logging device-id hostname" which doesn't seem to have affected the name of the node in...
View ArticleRe: Does LEM automatically capture Windows' EVENT VIEWER APPLICATION logs?
Turns out. This is not entirely correct. It appears that the Solarwinds LEM team is going to write us a special filter to be able to capture events that we write to the application log.
View ArticleCan LEM alert on a "Failure of security event logging mechanisms?"
If logging to a security log fails for any reason, can LEM produce an onscreen alert of such failure? I am not referring to the failure of some account failing to logon properly, but I am referring to...
View ArticleRe: Can LEM alert on a "Failure of security event logging mechanisms?"
There are template rules for Windows logs being cleared or full, and so logging has been compromised or stops. If an event is generated, we can probably alert off it.
View ArticleWindows Filtering Platform Auditing - What if it Never Existed?
Hi All, We're considering turning off by default the Windows Filtering Platform events from the Security Log that tend to make a whole lot of noise for no really good reason. The only problem we have...
View ArticleRe: LEM doesn't know how to handle file share audit events
I was just looking at these events the other day - they are relatively new so I think they didn't quite get mapped 100%. As curtis said if you can submit what you're seeing in the event log and what...
View ArticleClik here to view.
Re: Windows Filtering Platform Auditing - What if it Never Existed?
I have worked with a large amount of LEM clients over the past 18 months. During that time, I have not had a single client need (or want) anything from WFP events. For me, I absolutely LOVE the new...
View ArticleRe: Syslog node names?
Cisco docs says the command has been supported from 12.2(15)T release train onwards. Is your device an ASA? ASA command reference states that "logging device-id hostname" would set the hostname of the...
View ArticleRe: LEM not displaying all syslog messages/events
HolyGuacamole, Thanks for the reply. Following are a few of the MANY Syslog messages received on the ASAs and that I expected to find as LEM Events. (Yes. the ip addresses and acl names have been...
View ArticleLEM Syslog Question
I'm a SolarWinds LEM newbie but really like it. I am trying to connect our AudioCodes Mediant 1000 syslog to our LEM and it keeps telling me no nodes found. I can't find the device in the list so I was...
View ArticleRe: LEM Syslog Question
Hi,first you must know which syslog facility you are using to send the syslog events over to LEM.Ensure that this facility is not used by other applications sending syslog events to LEM to ensure no...
View ArticleRe: Syslog node names?
Hi,is there a way to change it on LEM itself other than from the source device.
View ArticleClik here to view.
Re: LEM not displaying all syslog messages/events
hi T.J,What you are asking for is documentation for the LEM ASA connector. Probably best to open a support ticket to see if there is something they can dig up. For the specific messages you have...
View ArticleRe: LEM Syslog Question
There's a little more configuration that has to happen, so as an addendum to what joelyue posted: You'll need to configure the LEM to have something to do with the raw logs. Those directions are here:...
View Article