-
nDepth search for a complete string
In nDepth, I need to search for complete strings, including spaces, periods, hypens, etc. Here is an example: If I search for DstIP: 12.34.56.789 I get results for DstIP and 12.34.56.789 in the same event, but not as a complete string. It could be DstIP some text 12.34.56.789, or 12.34.56.789 some text or numbers DstIP.…
-
LEM newbie questions about upgrade from 6.1 to 6.3.1 HF6
Hi everyone...Solar-n00b here, and I am new to this forum (and to LEM in general). I've recently joined the team at work, and they've placed me on a task to assist in upgrading their current LEM from 6.1 to 6.3.1 HF6...I'm assisting and not leading, but would like to be as prepared as possible to understand fully what is…
-
Collect Logs of Application Web to LEM?
Can LEM collect the logs of the Application Web? When a user log into the application web, the site generate a log, How can I collect that Log?
-
Unable to use domain service account to run MSSQL Auditor
I just installed MSSQL Auditor. I followed the instructions to import the template in Profiler. Now onto MSSQL Auditor: I entered the server IP and typed in the domain service account that I want to use to run this service. When i click on the button to test database connection, it immediately says the username or password…
-
How to control email alert in rules serviceWarning.EventInfo = Disk
I have setup a rules serviceWarning.EventInfo = Disk, I only want to receive an email when the alert is first triggered, and then 24 hr to remind me. The event is triggering every 5 seconds, What setting are needed, I used to Orion alert which look easier to manage.
-
Remembering passwords with 6.3.1
Has anyone come across the issue that LEM will no longer remember local user's password after upgrading to 6.3.1? We dont use the SSO function and have a set of service accounts that are used for various things by various teams etc and pre 6.3.1, they would have the username and pw saved using the 'save credentials'…
-
Audit Account Actions
How would I go about using a Rule in LEM to audit all account actions (creation, modification, enabling, disabling, removal)? I have a rule set up to use certain logs (e.g. UserModifyAttribute.ProviderSID = Microsoft-Windows-Security-Auditing 4720), but when I test it by creating a new user in AD, nothing appears. I tried…
-
Looking for a way to filter out legit password changes in audit logs
when a user's password expires in AD, we first get logon failures, then account changed for Domain Events, next password change, then user properties changed. seeing as we have a lot of users, these alerts happen regularly. of course all these alerts do cause some fatigue. what i am thinking we have to do is create an…
-
Flood traffic
My question is in reference to the Denial of service attack. If there is a Denial of service attack on the monitored device than how LEM will react to that traffic? Will it log all the events of DOS attack or specific? Any filtering done at agent level in forwarding filtered DOS attack events? Asking this as I think if…
-
Tintri Syslogs
We have installed Tintri and configured it to send syslogs to our LEM server's IP, but are not seeing it in the LEM Console. In Tintri, there is only one setting for configuring syslogs (the syslog server's IP), no other settings to specify logging facility. I have not been able to find it in the CMC's appliance >…
