The most recent content from our members.
Normally if someone edits a node, I see the evidence of the change in both a weekly report that is emailed out, and in the "Last 20 Audit Events" table on the node dashboard as well as the "ALL AUDIT EVENTS" view. But someone edited the names of a group of nodes, and there is nothing to tell me who did it How do I get the…
Hello everyone. My team is looking for a SIEM and SEM looks promising. I see that it can pull logs & events from Windows nodes via agent. What kind of user activity would that agent be able to pull to send to SEM? This is in an AD environment, domain-joined PCs. Would it only be able to capture logon/logoff events? Or can…
While trying to generate report using Non Admin Account Users unable to see AuditingEvent NetObjectID in report, which shows as NULL. The privilege given to Non Admin group account users, are as below: The privileges given to the "abc" non admin group is as below: 1. Account Enabled-Yes 2. Account Expires-Never 3. Disable…
Hi, I am trying to find out "Who has created/modified/deleted a report" (web based or from report writer.) Though I am using Orion 2020.2.5 and report writer is already deprecated. But I would like to see audit events atleast for web based reports. Gone through How can I get audit events on add/remove/change…
Simple report that shows the audit events for additions or deletions of Nodes, Interfaces, Volumes, and Application Templates.
There are some ideas and questions about how to see particulat issue in Audit Events. One asked who cleared alert instance, another one asked who enabled NCM on a node. I remember that I didn's see all events I'd like to in some installations I configured. Please make Audit Events fully customizable to select relevant…
In the "All Active Alerts" page, a user may delete a triggered instance of an alert by selecting an alert and clicking the "CLEAR TRIGGERED INSTANCE OF ALERT" link at the top of the grid. When an alert is cleared this way, the AlertHistory table is updated, but the AuditingEvents table is not updated. Solarwinds already…
For some reason the "Last 10 Audit Events" resource in NPM is showing constant events for the "SYSTEM" user. They seem to be logging status changes on groups based on configured dependencies. Is there any way to filter them out? I'd like to have only "real" users show up here.
Howdy, Does anyone know if UDT can use the logon/logoff audits from the Advanced Audit Policy Configuration, as well as the Basic Audit Policy Configuration? The event IDs are different, but this is a Microsoft built in option since Server 2008R2. Event IDs 4624, 4634 w/ Advanced vs. 6948, 6749 w/ Basic Here's a link on…
As I'm perusing through the audit log to look for who changed a device-type view in Orion, I'm realizing how much I'd love to see the audit logging enhanced quite a bit and made more useful. Right now everything (that is there) seems to be heaped into one big lump for us to digest, and combined into the message center with…
It looks like you're new here. Sign in or register to get started.