Clik here to view.
Re: Node name in LEM
DNS is going to be the most general way. For agents, node name/IP comes from information the agent itself picks up, since we have a point of presence there. For non-agents, node name comes from...
View ArticleClik here to view.
Can’t set correlation for received SNMP Traps
Hello, I have problems with setting up Rules for SNMP Traps received from SolarWinds.SNMP Trap connector is set:Filters for traps were created:and I can see received SNMP Trap messages: Rules section:...
View ArticleClik here to view.
Re: Can’t set correlation for received SNMP Traps
Check out the timestamps - it looks like either the time/timezone on your LEM appliance isn't set or it differs from your Orion system sending the trap. Due to that huge delta, the rules won't fire...
View ArticleClik here to view.
Re: Can’t set correlation for received SNMP Traps
Hello, NTP fixed.Without success. I have tried with SNMP Traps from my PC:DetectionTime is still different. Should I do another tests? btw. how LEM is parsing SNMP messages? Best regards,Matt
View ArticleRe: Can’t set correlation for received SNMP Traps
If you have any other events in your "LEM Internal Events" filter, what do their timestamps show? (How does it compare to the SNMP traps?) The date is parsed from the log on the appliance (you can see...
View ArticleClik here to view.
Re: Can’t set correlation for received SNMP Traps
Timestamps in "LEM Internal Events" are fine. There is small difference, less than 5 minutes in InsertionTime and DetectionTime.LEM can successfully fire alert on those evens.Problem is with SNMP...
View ArticleClik here to view.
Re: Can’t set correlation for received SNMP Traps
Hmm... I verified in the connector it's parsing that 20150528.163102 to create a timestamp (it reformats it to 2015-05-28 16:31:02), so it's weird that somehow it's being timezone adjusted. Usually...
View ArticleClik here to view.
Re: Can’t set correlation for received SNMP Traps
I have no problems with other connectors. Security Events (FW)Service EventsSystem Events (PIX and IOS Connector)User Logons (received from LEM Agent)andLEM Agent installed on workstation For those...
View ArticleMonitoring Microsoft Endpoint Protection
We are using Microsoft System Center Endpoint Protection on our systems. I would like to be able to monitor our systems for a few specific things related to this. Systems failing to remediate an...
View ArticleRe: Monitoring Microsoft Endpoint Protection
I have finally found this as the path to the log that Endpoint creates, but am not yet sure what to do with it: %systemdrive%\ProgramData\Microsoft\Microsoft Antimalware\Support\MPLog
View ArticleRe: Monitoring Microsoft Endpoint Protection
THIS is what I was wanting!Windows Server Antimalware Events
View ArticleRe: Can’t set correlation for received SNMP Traps
Weird. I'll check with our internal team and see what they think, too,.
View ArticleClik here to view.
new syslog node
hiwe have Netasq Firewall in our networkit is not valid in node vendor optionhow can i add it ?Thanks
View ArticleRe: Trigger rule based on time of day
I went and bothered the devs, and the issue we'll have is that there always has to be some event to kick off the rule correlations. You could create a scheduled task on a system with the agent, and...
View ArticleLEM not displaying Events in All Events Filter
I need a little help troubleshooting LEM. Reviewing the All Events filter, I noticed LEM stopped displaying new events in this filter around 08:01. Issuing the diskusage command, I saw the Console...
View ArticleiSeries & Lem/ Lem and Hardware requirements
I have barely over the minimum on our server to run LEM; just got it running in our environment for about about a month.We currently have an iSeries agent sending logs and about to add a second...
View ArticleClik here to view.
Re: Ideal system requirements and settings for LEM
Did you do the upgrade?What did you end up getting? How is it holding up?
View ArticleRe: Can’t set correlation for received SNMP Traps
Hello, I have fixed this.We had problems with evaluation license (license expiration related to timezone and date) which lead us to discover wrong time settings.Similar...
View ArticleRe: How does the Block IP active response work for multiple connected firewalls?
I had considered this but I think my superior wanted to be able to have active responses for other things on that firewall.
View ArticleLEM Reporting - How to build reports on explicit data-sets?
I was wondering how I can use the LEM Reporting software to create reports on explicit data-sets. I am familiar with how I can run a report, use the Select Expert to filter on specific items and then...
View Article