• Using auditd for Linux File Integrity Monitoring with SEM

    I have seen a few requests for examples of using auditd on Linux in combination with SEM to create something similar (with some caveats) to the file integrity monitor that is available out-of-the-box for Windows nodes...
    Profile Photo
    last modified by jvb
  • LEM/SEM  Exchange Message Transfer Logs

    I am pretty new to SEM/LEM.  I Created the message tracking log connector and it is green indicating a active connector.   I see nothing in SEM as far as exchange message tracking logs. ?  When I searc...
    Profile Photo
    last modified by jjashley
  • UserLogon / UserLogoff spam

    I have been making an effort to get our LEM/SEM logs in order so we can start shaping and alerting the information it is giving us.  One problem I have run into is we are getting a huge number of UserLogon and Us...
    Profile Photo
    last modified by jnink
  • SEM AWS Installation

    Hi All,   Can someone please help me with how to setup SEM in an AWS environment I have been trying for a while and cant get it to work
    Profile Photo
    last modified by finnb
  • DNS Server Audit - Email alert

    Hi there, I am trying to setup email alert for DNS record update alerts. In the action tab, I am targeting to Host incidents as we trying to get alert from internal DNS server if there are any DNS records update. Afte...
    Profile Photo
    last modified by venkythiru
  • Inablility to add custom Tags

    I noticed when I upgraded from 6.6.0 to 6.7.1 and 6.7.2 that my custom Tags went missing under Rules. Under the Manager Console I was able to create a Tag but cannot add any rules to the Tag. I also see no way to dele...
    Profile Photo
    last modified by jtrimmer
  • Alert on Not Receiving Syslog From a Device

    Is there a way to alert on a syslog device not sending?   As part of our security checks we have to alert if a server or device stops sending logs.   Thanks for any ideas you might have.   Steve
    Profile Photo
    created by sosborne99
  • SEM: Rule Help

    Needing a hand, this is my first time diving into LEM/SEM and created my first rule but doesnt seem to be working. Im trying to send email alerts each time a user gets disabled to our help desk but doesnt look like it...
    Profile Photo
    last modified by castlerobertd
  • Send Email Message action - could not be edited.

    Hi there...I am trying to edit a rule to have an IP or host name detected when a user was added to administrator group. Previously created rule (by another person) doesnt have the IP or host name to detect, when the e...
    Profile Photo
    last modified by venkythiru
  • SEM / LEM rule creation basics

    Hi there...I have worked on LEM before, but its been awhile. I am trying to find if I create a rule and not specify a group to target for systems or users, will that rule apply for every nodes thats added in the LEM ?...
    Profile Photo
    last modified by venkythiru
  • Decommissioned Nodes Still showing in SEM Nodes

    I have servers that have been removed from the network still populating in my list of Nodes, I have even manually deleted these nodes. What would cause these nodes to reappear?
    Profile Photo
    last modified by sean.cantu88
  • Respond and Kill Process

    Is anybody else is having issues with responding by killing a process?   I was able to successfully send popup messages on the process starting but I try to kill the process as the response and it does nothing r...
    Profile Photo
    last modified by techguru
  • Email Alerting stopped

    Hello,   My email alerting stopped for my rules.  I checked the diskusage and the EPIC rules queue is backed up.  How do clear this?   cmc::acm# diskusage Checking Disk Usage (this could take a ...
    Profile Photo
    last modified by dchau
  • Password Spraying Policy

    I'm brand new to LEM and I'm struggling to create a rule that would send an email notification after X failed login attempts originate from the same source machine in Y seconds. Is anyone using LEM to combat password ...
    Profile Photo
    last modified by joshua-kreider
  • How to block IP using LEM

         Recently we have installed the LEM virtual appliance to collect devices' syslog as PoC. According to the guides, the LEM can block IP via Fortigate. Then we added the Fortigate into LEM, set u...
    Profile Photo
    created by Tira Li
  • New to LEM and have an issue with Database Monitoring

    I set up LEM to monitor MSSQL DB Object Change Attempt on a SQL 2016 system, however, it seems to not detect when I create and drop a database. I do not seem to know why it is not alerting me of the change. Also, how ...
    Profile Photo
    last modified by jstexasdba
  • LOGBINDER SQL SERVER UNMATCHED DATA

    Hi!   I have configured log binder to send syslogs to our LEM console but it is giving below error.Please let me know what was the problem.   Unmatched LOGbinder SQL data ($Revision: #10 $)
    Profile Photo
    last modified by aqudoos
  • Rule Alerts Stopped Sending Emails and Executing All of a Sudden

    I have several rules setup for various events, and the result is to send an email. For some reason all of a sudden the rules stopped firing and emails stopped as well.   These were all confirmed working rules an...
    Profile Photo
    last modified by techguru
  • Display Full Name From AD

    Is there a way to display the full name listed in active directory in an email alert?   For example, if somebody had a username 'jsmith' and in their active directory profile their full name was 'John Smith'.......
    Profile Photo
    last modified by techguru
  • Solarwinds LEM

    We recently just deployed LEM into our environment and I am having issues with setting up a rule/filter. I am unsure if this should be a rule initially before filtering or vise versa. Nevertheless, I am working on a c...
    Profile Photo
    last modified by ffannoh