The most recent content from our members.
Hi Dears, I’d like to gather your input on best practices for creating rules What are the recommended rules or alerts you suggest for monitoring Linux servers that host web applications (Apache, MariaDB, etc.)? What are the best practice rules to apply for Active Directory and Windows servers? What about the rules to apply…
Introduce the ability in SolarWinds Service Desk to dynamically enforce field requirements based on the current state or phase of a ticket (e.g., New, In Progress, Resolved, Closed). This would allow administrators to configure specific fields as mandatory only at relevant stages of the workflow. For example, in Problem…
Hi Team I hope you're doing well. I am currently working on setting up an alert system and report for the traps we receive from the devices, specifically in relation to SLA breaches. Please see the attached snapshot for your reference. The team has configured these traps in the devices to monitor SLA breaches. My team's…
Hi SolarWinds SEM Product Team, I’d like to request support for the Sigma rule format in Security Event Manager (SEM). This could begin with a conversion script to translate Sigma YAML into SEM’s JSON format and ideally evolve into native Sigma rule import support through the SEM UI or API. Why this matters: Sigma has…
I migrated this filter rule from KSS legacy, and there are a couple issues with it in NG. I'm looking for syslog messages where DOT1X failed, but want to exclude them if the client mac starts with 0010.49, 0800.0f, or 1400.e9 (Mitel phones). This worked like a charm in legacy, but the multiple entries under the Exclude…
I'm having trouble with the message content variable $Message.MsgHost in a rule action for send an email. I'm expecting it to return the host IP address of the message, but I'm getting a random number instead.
I am attempting to set up email notifications for Kiwi Syslog. They have failed due to port closure - in the meantime, how can I stop the errorlog notification from continuing? I already turned off the rule but the error button continues to light up. Any suggestion?
Is there a document that explains what each SEM Rule Parameter does? For example, is there an explanation for what "network audit alerts.InferenceRule" parameter means? Another example is "Auth Audit Alerts.UniqueID", what is the UniqueID pulled from? Thank you
Hello Are there any best practices for a good setup - after the install? For example: "Move every messages from special devices/IPs to a separated log file or database" or "Log all messages into one SQL Database" or "You should log all massages first to an SQLDB and after that some of them into different files"... Maybe…
I'm tried to use Email Notification when there are "Alerts" Severity show up. I'm using command "$Message.MsgHost" in body email so that it will show Device IP Address/Hostname. But when i try to test email notification, the "$Message.MsgHost" didn't show IP/Hostname of device, but only show "EmptyVarMessage" Does any1…
It looks like you're new here. Sign in or register to get started.