Get the latest news about SolarWinds Security Event Manager (SEM)
I have an issue I've noticed becoming a problem for me. Many of windows agents nodes that have secondary network interfaces are all showing up as non agent nodes in addition to the main agent node in manage nodes. This makes one machine eat up more than one license from my license pool. I have many developers that add…
Why does LEM nDepth only show 20 events, console show 80k and Cisco show 31k For the past day I've been struggling with why the events leaving my Cisco switches haven't all shown on LEM. At first I thought it was the Cisco devices not sending the data correctly, here is that config Logging trap debug logging fac local2…
We have multiple ASAs logging to LEM 6.5. We experienced an outage causting the server hosting LEM to crash. LEM console boots normally but no records are being processed by LEM. I can run a checklogs and verify data is being written to [16]: Syslog local4 Log. LEM Console is showing no data for the nodes. I can't locate…
Hello, First post here. I have setup a 3Com Baseline Switch 2928-SFP Plus to send logs to my SEM appliance. I know it is sending because I've SSH'ed into the appliance, viewed the local log and I see raw data there. I have my connector setup for 3Com switch, log file "/var/log/local7.log" where I saw the raw data and…
I am looking at the Linux agent installation documentation (below) and it applies to v6 of Linux (configuring a script in /etc/init.d). Installed SEM version = 2019.4 Install the SEM Agent on Linux and Unix It also notes: To configure the SEM Agent to start automatically on boot, add /etc/init.d/swsem-agent (or…
We have a couple of Windows 10 workstations that are running Docker containers. The agents installs successfully on the base Windows systems and picks up the correct OS, IP address and License type (Workstation). The agents show online and have the normal four connectors running that our other Windows 10 systems have…
How can you use LEM (nDepth?) to locate servers or desktops that have initiated a powershell instance/script?
We're using LEM/SEM on some of our networks right now. We're wanting to standardize on LEM/SEM but the licensing is maybe an issue. I have many isolated enclave that are small. It doesn't make sense for small networks with maybe 5 machines on it to have 5k$ instance. Suppose I have many of these. Is there a way solarwinds…
I am trying to configure a filter to identify logon events that occur outside of business hours. I followed the below article on configuring Time of Day Sets, but LEM is capturing all of the login events and ignoring that I say "Do not include Business Hours." Has anybody else had this issue or found a way to fix this?…
We have SEM environment in our organization and seems like firewall logs consume a lot of disk space Is there a way to separate the database of network logs(firewalls) and windows logs? or maybe limit the number of days that I can store for the network logs?
It looks like you're new here. Sign in or register to get started.