• Non-Business Hours Filter Not Actually Filtering

    I am trying to configure a filter to identify logon events that occur outside of business hours. I followed the below article on configuring Time of Day Sets, but LEM is capturing all of the login events and ignoring ...
    Profile Photo
    last modified by techguru
  • LEM/SEM  Exchange Message Transfer Logs

    I am pretty new to SEM/LEM.  I Created the message tracking log connector and it is green indicating a active connector.   I see nothing in SEM as far as exchange message tracking logs. ?  When I searc...
    Profile Photo
    last modified by jjashley
  • UserLogon / UserLogoff spam

    I have been making an effort to get our LEM/SEM logs in order so we can start shaping and alerting the information it is giving us.  One problem I have run into is we are getting a huge number of UserLogon and Us...
    Profile Photo
    last modified by jnink
  • SEM AWS Installation

    Hi All,   Can someone please help me with how to setup SEM in an AWS environment I have been trying for a while and cant get it to work
    Profile Photo
    last modified by finnb
  • Importing Filter - SEM Console

    After upgrading to SEM from LEM, I am still learning the differences between the old and new consoles (UI). In the new SEM Console, I don't see any way to import filters other people have made (or export for that matt...
    Profile Photo
    last modified by tpmobley
  • Alert on Not Receiving Syslog From a Device

    Is there a way to alert on a syslog device not sending?   As part of our security checks we have to alert if a server or device stops sending logs.   Thanks for any ideas you might have.   Steve
    Profile Photo
    created by sosborne99
  • Decommissioned Nodes Still showing in SEM Nodes

    I have servers that have been removed from the network still populating in my list of Nodes, I have even manually deleted these nodes. What would cause these nodes to reappear?
    Profile Photo
    last modified by sean.cantu88
  • New to LEM and have an issue with Database Monitoring

    I set up LEM to monitor MSSQL DB Object Change Attempt on a SQL 2016 system, however, it seems to not detect when I create and drop a database. I do not seem to know why it is not alerting me of the change. Also, how ...
    Profile Photo
    last modified by jstexasdba

    Hi!   I have configured log binder to send syslogs to our LEM console but it is giving below error.Please let me know what was the problem.   Unmatched LOGbinder SQL data ($Revision: #10 $)
    Profile Photo
    last modified by aqudoos
  • Solarwinds LEM

    We recently just deployed LEM into our environment and I am having issues with setting up a rule/filter. I am unsure if this should be a rule initially before filtering or vise versa. Nevertheless, I am working on a c...
    Profile Photo
    last modified by ffannoh

    All,   I have exported nessus scan file and configured connector for the directory where exported nessus scan file is placed.But I am getting below errors.   Description: Recoverable IOException while read...
    Profile Photo
    last modified by aqudoos
  • Rule for LEM

    I have a rule in place that triggers an email when VPN tunnel goes down. But i am getting flase positives also , as some tunnels go down and are up immediately as the session is renewed. Is there any way that these k...
    Profile Photo
    created by schozab
  • Checkpoint 80.20 and new syslogs export info

    This is more of additional information. Checkpoint 80.20 has updated their syslog exports (including administrative logs), where if you had filter/rules created, you may need to update them to reflect those changes. O...
    Profile Photo
    last modified by marcusmm8
  • Creating A Non-Event Specific Rule

    Hello,   Are there any parameters or correlations that can be used to created a LEM rule to alert for any and all logs for a specific IP coming in and out? I have a file server I need to monitor, but I cannot cr...
    Profile Photo
    created by nsenkevich
  • LEM Database State

    Can your set up a filter to alert when the database reaches a specific size? or when the span of days is exceeded? We have a requirement to keep logs for 90 day, and we are currently capable, but we don't know how to...
  • Data correlation

    I'd want to correlate events, say a user login success, changing an admin group and then changing a password? how can this be done?
  • Multiple navigation submenus under Monitor

    I have repeating navigation items when I click the Monitor Option; see attached.  any thoughts if this is a corrupted user profile or an issue that can be fixed?
  • Correlation rule for logons to other PCs

    I have a simple list of users with their authorized hosts User A; Host A User B; Host B .....   I am trying to build a rule where in an ideal scenario and email would be fired upon the following scenario: Us...
    Profile Photo
    last modified by valkos
  • Microsoft Forefront Threat Management Gateway Logs(Huge Traffic)

    Microsoft forefront threat management gateway has generated huge logs after integration with solar winds LEM.I have heard that LEM(SIEM) is not a solution to monitor proxy logs.I have been guided to implement a proper...
    Profile Photo
    created by aqudoos
  • BARRACUDA Web Application Firewall High Traffic

    Dear All,   I have integrated web application firewall with soalrwinds LEM which is currently generating very high traffic,Did any one know if we can able to get filtered logs from Barracuda web firewall by eith...
    Profile Photo
    last modified by aqudoos