We wrote back in 2012 about the challenges of SharePoint auditing and how to address them via Auditing SharePoint with LEM & LOGbinder SP, but the folks over at Monterey Technology Group (the same folks who brought you Ultimate Windows Security) went on to create even MORE useful Microsoft auditing tools. This time around, we've also integrated LOGbinder for Exchange (LOGbinder EX).


Without LOGbinder EX or a tool like it, it's very hard to get visibility into the Exchange auditing logs. Audit data is stored as a part of the mailbox instead of the Event Log, and there's no clean way to get the data into the Event Log repeatably and consistently. Even if you were able to do that, there's a ton of coded data, with different types and metadata that you'd have to translate. The LOGbinder system does this automatically, storing data into the Event Log and both making it easy for you to read and for a system like Log & Event Manager to monitor, alert, and store it.


Use LOGbinder EX for:

  • Detecting non-owner mailbox access (e.g. delegate or users opening other users' mailboxes)
  • Changes to audit log settings and audit log integrity
  • Permissions, policy, certificate, federation, and IRM changes

Check out the full list of events LOGbinder EX generates for more details.


Use LEM + LOGbinder EX together for:

  • Alerting on unexpected client activity (mailboxes accessed from something other than Outlook/OWA)
  • Alerting on unexpected mailbox access (someone opening one or many mailboxes other than their own)
  • Alerting on unexpected changes across Exchange infrastructure
  • Reporting on Exchange audit and change management events
  • Viewing Exchange events in context with other system, network, security, and application events


I just uploaded some rules, filters, and reports for LOGbinder EX over at the Content Exchange that provide some additional insight for the LEM side of your configuration. There's an integration guide in the Zip file that will explain how to install the files, which are all tailored to the LOGbinder EX event log data. You will need an agent installed on your LOGbinder EX system, you'll need to make sure you have the latest product connectors installed, then it's just a matter of following the guide to get set up and start monitoring. You can download a free trial of LOGbinder for Exchange from their website, too.

Top three new monitoring and troubleshooting capabilities every SolarWinds customer should learn to use (and that we’ll be demonstrating during our Lunch & Learn at Cisco Live)

See how to use and set up these dashboards at the SolarWinds Lunch & Learn, Monday, June 8 in San Diego, during Cisco Live. Sign Up In Advance Here.

Over the past year, SolarWinds has been hard at work bringing you more product features to make your everyday work a bit easier. But the benefit to you isn’t just about having MORE features, but rather about how those features work together. Weall know it’s time to stop wasting time going back and forth between toolsets to find and fix things. So, without further ado, let’s walk through the top three new monitoring and troubleshooting capabilities we’ve rolled out recently (that work across SolarWinds® products) that all our customers should learn to use.

Network Troubleshooting Dashboard

Through combining our products, you’ll have access to powerful dashboard views. Integration of Network Performance Monitor (NPM), Network Configuration Manager (NCM), NetFlow Traffic Analyzer (NTA), and Engineers Toolset allows you to consolidate and use shared data to your full advantage.

When you look at pieces of a puzzle, you can understandthat there’s a picture, but the pieces are not a clear representation of the entire picture. However, when you put the pieces together,you’re able to clearly see what you were vaguely aware of before. That is the essence of the network troubleshooting dashboard. It allows you to visualize and be alerted on critical paths, identify the root cause from configurations to bandwidth analysis, and resolve issues through configuration management.

Map your critical path and set up intelligent alerting so you can visually see issues from your troubleshooting view. Then,from the same page, correlate events, syslog, real-time change notification, and NetFlow data to pinpoint the root cause, followed by real-time stats on interfaces and devices with the Toolset. Now you are focus-driven and have identified the issue. Simply use the NCM resources to upload a configuration or execute a script to resolve what you have identified, all from one view.

The future is not simply monitoring or having network change management software. The future is being able to link monitoring, analyzing bandwidth data, and managingconfigurations together.

How to create a Network Troubleshooting Dashboard


        Deep Packet Inspection

The SolarWinds Quality of Experience (QoE) console leverages packet analysis. What does this mean to you as a customer? This is a solution for your critical network and server performance. This allows you to have traffic type and volume distributions from one view by identifying types and relative  application traffic flowing over a network based on the host IP addresses, ports, and protocols in use.

Because DPI is inspecting AND interpreting network transactions, you are able to use the QoE dashboard for troubleshooting application issues. That pesky little question of is it the network or the application” finally has an official answer with the QoE dashboard.  (In depth look at DPI)

The QoE dashboard allows you to quickly identify reductions or changes in application performance and determine if the change is caused by an increase in network delay or slow application server performance.

Monitoring applications returns detailed information and specific types of each of the following three categories:

  1. Category
    1. remote access,social networking,streaming media, VPN, and Web services.
  2. Risk level
    1. No risk,minimal risk,possible misuse,data leaks/malware,evades detection/bypasses firewalls.
  3. Productivity rating
    1. All social, mostly social, both business and social, mostly business, all business.

As you can see, the amount of information just from the QoE dashboard is extensive and valuable. You are able to determine behaviors of applications and even set up accurate Quality of Service (QoS) policies that can help ensure that your network performance is optimized for critical applications.

Learn more about DPI


Now, number three on the list, AppStack. You know the requirements for effective management. OK, I’ll provide the list. Contextual visualization for faster root cause analysis, agentless is better, out-of-the-box usability and customizability, and capacity management. Wow, did I just list a SolarWinds portfolio or what? LOL. Seriously, application awareness is a top priority.

Visibility from the application down is expected, app-centric storage insight is wanted, rapid time to value across platforms is being demanded, and of course, virtualization is becoming more robust.

How can you quickly, confidently, and cost effectively cover these areas and be in the know?  SolarWinds Application Stack view. This combines Server & Application Monitor (SAM), Virtualization Manager, Storage Resource Monitor (SRM), and Web Performance Monitor (WPM) to give you the app stack consolidated views necessary to stay on top of your application needs!  (Quick overview video)

Integration of these products allows you to correlate therelationship, resources, and metrics across products within one view. This shows you how infrastructure resources impact application performance directly.

Using automatic maps, see how infrastructure layers relate to one another so you can identify trouble areas at a glance. Hmmm, could I use this for impact analysis? Yes! This bundle has impressive risk assessment and impact analysis that allows you to determine what would be effective in case an upgrade was to fail.

Think about storage teams that want a quick risk and impact report on an array. All they have to do is to click on an array in question. This shows you all the relationships and dependencies on that SAN. Then, determine if any ESX®, Hyper-V® hosts, VMs, and/or applications they serve would be impacted if the array went down. Having a clear view of your application relationships means you are proactively in charge of your network, and are able to make accurate risk assessments when needed.

On top of that, you are able to gather data and correlate information like WPM: user experience for internal and customer facing Web applications; SAM: applications, servers, hosts, virtual clusters, virtual data centers, volumes;Virtualization Manager: data stores, additional performance metrics for virtual servers like CPU ready, ballooning, snapshots, etc.; SRM: LUNs, NAS volumes, pools, vServers (NetApp), storage arrays.

More on AppStack

Man, I’m telling you what; the network troubleshooting and AppStack bundles really are some work horses! The key to data is that the information is valid and consistent. SolarWinds,by using one database for storage data, allows you to group, use custom properties, and even use limitations throughout to get theinformation you require where you want it. That is the power of integrationbeing able to combine useful information to help you troubleshoot faster and resolve sooner.

Well that sums up the top three monitoring and troubleshooting capabilities with Solarwinds products. Expect more from your software suite. We are constantly integrating and adding features to our products. We love to discuss planning and what you really want from your IT solutions. So come join us at the Lunch & Learn @ Cisco Live – San Diego.



Network traffic limitation is very useful concept, because it gives you the control of what critical application/traffic must be prioritized over others router ingress/egress. However it's a challenge to define traffic limitation rules and it's even more tricky to understand how they are applied on a real network. Show of hands...how many of you had to solve a problem with server, protocol or application performance even though overall switch/router interface utilization wasn't a problem? In such situation you're looking at QoS class packet drops in order to understand what's limited. That's certainly useful, but then you have to figure out how much you need to increase it, which turns into indirect mathematical formula: new QoS class % limitation = ((dropped packets/s + class speed limitation)/ class speed limitation) *100. Instead of wrestling with math- try out new NTA 4.1.1 Beta which displays QoS policing and shaping class utilization.


Before we jump to the beta, let me briefly go over QoS policing and shaping theory.


QoS Policing ("police" command)


Defines router interface Inbound and Outbound limitation and in case data is over limit it drops excess packets. Doesn't do any packet buffering. Configuration limit is in bytes.


Advantages: As it drops packets, it doesn't cause any packet delays in queue.

Disadvantages: Simply drops excess packet = data loss, affect TCP window sizes and reduce overall output rate capacity of impacted data streams with this policy (classes with drops in NTA).


Let's assume you've 75 MB/s limit on your bandwidth from ISP. The result of applying "police" command may looks like this:


Stream before limitationPolicingStream after the limitation
QoS with policing and shaping-original.pngarrow.pngQoS with policing and shaping-policing.png

QoS Shaping ("shape or traffic-shape" command)


Defines router interface (only) Outbound limitation and it buffers and queues excess packets.Configuration limit is in bits/s.


Advantages: less prone to data loss because of buffering.

Disadvantages: Likely to introduce packet delay because of buffering and queuing.


And the result of shaping policy may looks like this:


Stream before limitationShapingStream after the limitation
QoS with policing and shaping-original.pngarrow.pngQoS with policing and shaping-shaping.png


If you interested in more details (how to configure policing and shaping, Cisco has a good overview here: Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 - Policing and Shaping Overview [Cisco IOS Soft… ).


Now, how can you get that right hand part from the charts above? Well, NTA 4.1.1 beta brings support of QoS policy polling on Cisco devices. You may see not only limitation applied on your classes (bits or %) but NTA also tracks historical utilization of the post-policy class utilization in respect to the class limitation.


1) Install your NTA 4.1.1 beta - NOT ON YOUR PRODUCTION SERVER (we don't support upgrades from beta)

2) Add your CBQoS devices/nodes

3) Go to the CBQoS detail page.


What's new in NTA?


Limitations in QoS policy resources



Post-Policy Class % utilization in respect to the policy settings

Go to the Edit of the "post-policy" resource and select "% of class utilization" from "Data Units" options:



Submit changes and the "Post-Policy" resource changes into this:



What it tells you is your class "host_10.140.46.119" is in spike reaching to 60% of it's QoS limit. We also prepared the OOTB report "post-policy QoS" which contains the QoS utilization.


Many of you are certainly interested in running this on your network prior NTA 4.1.1 GA and that's why we have Beta program. Simply click on the enrollment button below and you'll get your NTA beta today.



As always, your feedback is more than appreciated (contact me directly michal.hrncirik Product Management)

If you haven't noticed, Storage Resource Monitor 6.1 is now GA!  What does this mean?  More array support!  This release adds additional device support to the Orion Module, allowing customers to monitor more devices on the Orion Core Platform and take advantage of the AppStack Environment View.

  • EMC Symmetrix VMAX/VMAXe/DMX-4 Arrays
  • Dell Compellent
  • HP StoreServ 3PAR
  • HP P2xxx/MSA
  • Dot Hill AssuredSAN 4xxx/5xxx

Storage Resource Monitor is more than the average monitor because it does more than simply monitor your storage.  When combined with other AppStack enabled products from Solarwinds, it enables you to identify when storage contention is the root cause of application performance issues.  However, Storage Resource Monitor is great even without AppStack because it provides a single pane of glass into heterogeneous storage environments.

SRM Home.png


Remember that Storage Resource Monitor (SRM) is fairly new.  Having only first come out in February, this is only the second release of this new platform.  Previous blog posts like Storage Dreaming - The Next Chapter for Storage Monitoring with SolarWinds and Dreams Come True - Storage on Orion is now in Release Candidate tell the outstanding AppStack story, but there's more to SRM than just AppStack. In my last blog post on SRM when I announced 6.1 beta, I told you about some of it's features and I continue that here by describing 4 resources found right on the main dashboard.

A Quick Overview of the main Dashboard

The "All Storage Objects" resource can browse your arrays, pools, LUNs and volumes to identify potential root causes at lower levels to impacts at higher levels.  Notice that this browser is browsing multiple storage arrays from multiple vendors.  You don't need multiple products, one for each array.  Storage Resource Monitor can simplify your storage management.

The "Array Raw Disk Capacity" resource helps you stay ahead of your organization's storage consumption by breaking down capacity into spare, used and remaining.

The "Storage Objects by Performance Risk" resource is a great way to look across a large storage environment and quickly identify the performance hot spots like IOPS, latency and throughput.

The "Storage Objects by Capacity Risk" resource reveals when capacity is getting tight for your arrays, pools, LUNs and volumes.  The Last 7 Days trend line reveals sudden growth surges and in the far right column of the Storage Objects by Capacity Risk, Storage Resource Monitor projects when storage objects will run out of capacity.

For more feature content, check out another relatively recent blog post, Monitoring and Alerting Repairs it Entirely!

AllStorageObjects61.png  ArrayDiskCapacity61.JPG
StorageObjectByPerformance61.JPG  StorageObjectByCapacity61.JPG

It’s exciting to share with you, that we reached GA milestone for Web Help Desk (WHD) 12.3! Focus of this release was ability to link service requests into parent/child relationship and thus address various use-cases like


  • Model repetitive business processes, such as on-boarding new employees or scheduling maintenance tasks
  • Track your IT projects
  • Group service request tickets together for troubleshooting or create ad-hoc child tickets to fulfil requests


Additionally it helps to address various feature requests, namely



If you want to learn more about this release check out this post: Web Help Desk 12.3 Release Candidate now available!


Now go and download web help desk from your customer portal or webhelpdesk.com.

If you have purchased or are trialing Server & Application Monitor, attached is a document that will help you set up alerts and get AppInsight for IIS configured. We often get the question – what should I be alerting on?  This document should help answer that question.  Please comment if this document is useful, and if you have any recommendations for improvement.

Citrix CloudBridge provides a unified platform that connects and accelerates applications and optimizes bandwidth utilization between branch offices and enterprise data centers and public clouds. One of the coolest features of Citrix CloudBridge (except Video caching, WAN virtualization, etc.) is WAN traffic optimization via data de-duplication, compression and protocol acceleration. This is really helpful if you have multiple remote offices which connect to your data center(s) over WAN where this kind of "WAN accelerator" can provide noticeable improvement of end user experience. The appliance can recognize the type of traffic and does continuous flow detection for WAN optimization. The result is reduced amount for connection and requests between thin client and data center (CloudBridge can send data in bigger chunks comparing to standard TCP communication).









As soon you have CloudBridge instance up and running, you will probably want to add to your existing network infrastructure monitoring to gain insight as to performance. SolarWinds collects and visualizes Citrix CloudBridge IPFIX records, thus enabling the customer to view real-time metrics, maintain historical reports, correlate metrics from the network data with thsoe from application data and configure alerts.


Network Traffic Analyzer can receive CloudBridge IPFIX protocol and show you the amount of accelerated traffic, type of TCP traffic and what IP address produces what traffic. \\


Here is how you can see NTA monitoring amount of data CloudBridge sends between instances over WAN where NTA shows you type of traffic coming/leaving the device and keeps historical data:

4 - top 5 apps line graph.png3b apps pie.png


How to configure:


1) Get your latest NTA as part of BAP (Bandwidth Analyzer Pack) - Network Bandwidth Analyzer – Bandwidth Monitor | SolarWinds


2) Enable IPFIX Collector on your Citrix CloudBridge Appliance:

     - Go to "Appliance Settings", click on "AppFlow".

     - Select "Layer 4 (256) - TCP Ingress" templage data set and select 2 minutes time interval and click "Save"

     - Add Collector, chose name, IP Address, port number 2055, enable your collector and click "Add"


3) Add Node Node in NTA - your CloudBridge IP Address and in 5 minutes you will see charts with IPFIX data from your instance.The results should look like this:



4) You need to add new application with specific CloudBridge protocol port (1494) in NTA




5) Go to NTA Summary page, click on your Citrix CloudBridge instance and NTA shows you top talkers, applications and domains for entire device.


4 - top 5 domains line graph.png4 - top 5 endpoints - line graph.png3b convesations pie.png


Alternatively, you may try SolarWinds FREE NetFlow Analyzer | SolarWinds which is good for one-shot troubleshooting and "appflow" monitoring.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.