The most recent content from our members.
I've been having an issue working with nDepth to perform log searches vs. working in the Rule builder. When I create a Rule, the logic allows me to pull in logs from various different event sources, including mixing correlation rules with fields from Event Group > Any Alert with fields from Event > TCPTrafficAudit/etc. and…
It would be nice to have a feature to correlate and reduce high volume of events and alerts from Solarwinds products also integrate data source feeds from other vendor products. Example: Splunk, AppDynamics etc.. Example: RightITNow HP OMi IBM/Netcool SaaS Solutions: Big Panda Incident.MOOG
What is the ideal correlation condition for port scan? I mean the No of Events per Second so it doesn't result in to false positives.
I'm having an issue creating a multi-event correlation due to the way that LEM parses certain logs, in this case - logs from a NGFW. All of my IPS logs get parsed and placed into a variety of different event types depending on what they are. This results in about 20 or so different event names that my logs fall into. (This…
What are “Rules” in Log & Event Manager? Rules, in SolarWinds Log & Event Manager (LEM), are customizable event correlation algorithms that correlate events sent by LEM Agents and remote logging devices. Whether you are monitoring the LEM console or not, LEM rules track events in real time allowing you to * Correlate…
Those of you that are security practitioners know the necessity of incident awareness across various dimensions of the network. Threats are ready to strike any time, and having informative and meaningful data at hand would help to counter-attack and remediate risks. Logs are the means to any actionable result. Any piece of…
Hello, I have problems with setting up Rules for SNMP Traps received from SolarWinds. SNMP Trap connector is set: Filters for traps were created: and I can see received SNMP Trap messages: Rules section: For any other InternalNewToolData I can create rule and get incident: No luck with Traps received from SolarWinds (even…
Hello, Currently LEM allows to run a simple wizard for adding nodes connectors, and it works fine for common nodes. But when one wants to correlate systems like IBM AIX or HP UX, the available documentation to add these kind of systems is not easy to find (for AIX there is an article in the knowledge base, but it´s not…
Hello, we have APM 4.2.0 SP1, NPM 10.2.1 and IVIM 1.2.0 and I have been searching every where and could not find any info on the following issue: I receive traps from certain devices and I can see them in the TRAPS view. The problem is that these alarms static you can just look at the and that's not very useful. So I was…
Team, Has anyone created a method to suppress four similar Syslog events and create one new event that states the root cause. In my example, I received the following four events and want to create a new event/alert that states "Host 085 is down" since this is the root cause. Error Mar 4 03:20:51 nobuslor1…
It looks like you're new here. Sign in or register to get started.