Get the latest news about SolarWinds Security Event Manager (SEM)
Hello, I am trying to have LEM displays logs from two devices that run Linux. The environment has a virtual machine runs pfSense as a router, and another virtual machine that runs Fedora as File Server. I want them to be Syslog Client, and send logs into LEM. @/*ip address of LEM server*/:514. When I go back into LEM,…
Hi all, I have an LEM server taking in logs from our domain controller and most of the built-in alerts are working correctly. The problem is when we make a change group memberships the alerts we receive are not resolving the username of the person changing the memberships. I have a recent example alert below (### indicates…
Hello, I am trying to create filters that help displaying RDP traffic information (Remote user logon and logoff), Workstation logon and logoff, administrative use, and SMB (when users access shared drives, folders, and files). Please advise! Thank you very much for your time and effort!
How can I get vCenter logs into LEM? I am running vCenter version 5.0 on a Windows host. If you are running vCenter Server Appliance 5.0 this might help you( virtuallyGhetto: Forwarding vCenter Server Logs to a Syslog Server ) This article explains how to configure esx hosts to syslog events into LEM ( SolarWinds Knowledge…
I am trying to find a rule template in Solarwinds LEM that would notify via email or otherwise if changes are made to the actual LEM appliance security. This is needed to respond to a NCUA audit finding. Is this possible? I have only found three rule templates for the LEM appliance itself under Devices --> Manager. None of…
I want to monitor Kaspersky security center 10 in SolarWinds LEM (Logs & Events Manager), Would you please guide me which connectors i need to configure for Kaspersky security center 10, which settings need to configure in connectors, and a requirement i need to configure to get Kaspersky security center10 complete logs in…
Hi All, I am trying to configure an alert that will trigger when a user in a DS group (AD) fails 3 attempts within 3 minutes from same detected IP. The DS-group is populating correctly with all the user accounts from our AD. But it is not triggering?
I'm sure at least some of the information below is already out here, but based upon my recent adventures getting our syslog devices into LEM, I thought it may be handy to have more information on a single page. The instructions that LEM links to for the configuration of Cisco syslog works fine for switches. For routers…
Is there any way to estimate the amount of time a LEM upgrade on a standalone appliance will take? Specifically we're going to upgrade from 6.3.1HF7 to 6.4. I'd like to give my support teams some estimate of downtime. I can reasonably estimate the time it will take for agents (~660) to upgrade, but I'm primarily concerned…
Does anyone have a list of all the ProviderSID list. I am needing this to help create a LEM alert for Database Service Start, which for when someone creates a new Database to get a alert on it. Any help would be helpful The version of LEM 6.3.1 HF7
It looks like you're new here. Sign in or register to get started.