Clik here to view.
Directory Groups empty?
I'm trying to create a Directory Group. I'm pretty sure the Connector is working, because the tree populates and BuiltIn also populates on the right. However, none of the other groups populates. For...
View ArticleClik here to view.
How can I make LEM take any notice of hostname field in syslog messages
We need to forward syslog messages from several systems via a syslog relay to LEM. This works but LEM identifies all events as relating to a node corresponding to the relay server's IP. How can we make...
View ArticleRe: Directory Groups empty?
The connector for Directory Services will identify and display Security Groups, not OUs. I think OUs can also be Security Groups, but if you don't have Security Groups, you won't see much in the...
View ArticleRe: How can I make LEM take any notice of hostname field in syslog messages
What is the syslog relay server? Are you sure it's passing the hostname on when it forwards a message and not replacing it with it's own name?
View ArticleClik here to view.
Re: How can I make LEM take any notice of hostname field in syslog messages
The relay server is straight rsyslog running on Centos 6.6. As I stated in the call, we know the hostname is being passed on by the relay because we can see the hostname in the syslog entries if we...
View ArticleLem Custom User Account Created Report
I am working on trying to create a custom report in LEM that would be a modification of the Change management - Windows/Active Directory Domains: user Events - Account Created report. Here is what I...
View ArticleRe: Lem Custom User Account Created Report
Regarding connecting Crystal to the LEM, have you seen this KB? http://knowledgebase.solarwinds.com/kb/questions/4951/Creating+a+Custom+Report+for+LEM+5.6+and+newer I'm not sure the information you're...
View ArticleRe: VPN Down with No Up after 5 minutes rule?
The criteria in the "not exists" are specifying the types of IPSecTrafficAudits that the rule "remembers" - basically you need to tell the rule how to cancel your other event out, otherwise ANY...
View ArticleRe: How can I make LEM take any notice of hostname field in syslog messages
This did work as described previously, so I'm not sure if it's an environmental combination or something that's changed. The LEM appliances are currently using syslog-ng, so we might try a quick tweak...
View ArticleRe: FIM Compliance with Log & Event Manager
Our experience as of late with customers and PCI has been that they have actually been able to sneak by using Windows File Auditing to pass most of the requirements, so LEM's FIM is certainly a step up...
View ArticleRe: Full or incremental backup?
It's going to do a full backup to the new path, because it "touches" the destination to see what needs to be written/what is already there. When you change the path, it's like configuring a whole new...
View ArticleClik here to view.
Clik here to view.
Re: FIM Compliance with Log & Event Manager
Thanks for the response! I certainly want to do more than sneak by and from what I can tell if I am looking at everything correctly; it seems that using LEM for the FIM requirements with the FIM...
View ArticleInfo logging vs Warning
Pardon me if my question has been answered but I could not find it.I have some questions about what gets logged into the LEMFor example: I have a Cisco VPN appliance that sends all of its syslog...
View ArticleClik here to view.
Reports by user
Hey guys, I need some help. Once in a while I get to collect information on a specific user and his/her activity on the network. Since we now have LEM, it is one of the sources of the information I can...
View ArticleRe: Info logging vs Warning
In our experience, it depends on the connector. For example, the Windows Application connector has a "catch-all" pattern at the end which is designed to pick up events for which there aren't...
View ArticleHi all, I'm new to Solarwinds and can use your help.
We just installed Solarwinds Log and Event Manager. I'm looking for common security monitoring events that I can configure in Solarwinds.Any suggestions? Your Help would be greatly appreciated,...
View ArticleRe: Reports by user
I'm going to argue with qle: You can customize the out-of-the-box Reports in the Reports console. Say, for example, that you want authentication events for a specific user.Run ReportsRun an...
View ArticleRe: Hi all, I'm new to Solarwinds and can use your help.
Hi danielr79, Welcome to thwack! I moved your questions to the LEM forum, so that it get more visibility. Also, you might want to check the Library & Support page for LEM Log & Event Manager...
View ArticleRe: Hi all, I'm new to Solarwinds and can use your help.
hi maria,Am kinda new to solarwinds(server and application monitor), i urgently need help on how i can integrate the solution to my ifrastructure and trgger realtime alerts.Thanks
View Article