4 Replies Latest reply on Aug 31, 2017 6:56 PM by curtisi

Help with LEM Report

arrr.me.mateys Aug 30, 2017 6:48 PM

Hello All!

*Potential Noob Question*

I have been asked to run a report of file activity one of our file shares. As it has been quite a while since I helped integrate LEM and received the training, all the knowledge has leaked out of my brainbox. I have played about in nDepth but I can't work out how to specify a particular folder within a share.

Can someone assist me getting the activity on (example below) for say the last 3 months. The activity will All file activity.

The server will be: Server12

And the folders on the server: G:\12Data\Folder1\Folder2\CulpritFolder

Thanks in advance!

Michael.

Re: Help with LEM Report

mesverrum Aug 30, 2017 8:44 PM (in response to arrr.me.mateys)
You will need to set up a FIM monitor

Set up File Integrity Monitoring

-Marc Netterfield
    Loop1 Systems: SolarWinds Training and Professional Services
                LinkedIN: Loop1 Systems
                Facebook: Loop1 Systems
                Twitter: @Loop1Systems
Like (0)

Actions
Re: Help with LEM Report

arrr.me.mateys Aug 31, 2017 11:46 AM (in response to arrr.me.mateys)

Thanks for getting back to me mesverrum. We use Windows File Auditing to get the events into LEM which works perfectly. I can see the events in LEM monitor. The problem I have is I can't work out how to filter all the file activity for the folder G:\12Data\Folder1\Folder2\CulpritFolder using nDepth.
Like (0)

Actions
- Re: Help with LEM Report
  
  mesverrum Aug 31, 2017 12:22 PM (in response to arrr.me.mateys)
  
  Can you paste in an example of a windows file audit event in LEM? I don't have any in my lab to look at to see how they show up
  
  Like (0)
  
  Actions
- Re: Help with LEM Report
  
  curtisi Aug 31, 2017 6:56 PM (in response to arrr.me.mateys)
  
  To filter the report using the Reports Console:
  Run a "File Audit Events" report, I recommend only running it for a 10 or 30 minute span, something short
  When the report completes, pick the Select Expert option in the View Ribbon
  When the prompt comes up, pick "New"
  Pick "(FileAudit_1.FileName)" from the list
  Set the operator to "Starts with" and enter the folder name (G:\12Data\Folder1\Folder2\CulpritFolder\)
  Hit OK
  Click "Export" and save the report you just filtered to wherever you installed Reports (C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\ by default) in the CustomReports folder as a Crystal Reports (RPT) file
  Go back to your Settings tab, and change the Category drop down to "Custom Reports" and hit F5 to refresh the view
  You should have a custom, pre-filtered Report! Run that for whatever time-frame you like
  
  Like (1)
  
  Actions

Go to original post