-
Re: Help with LEM Report
mesverrum
Aug 30, 2017 8:44 PM
You will need to set up a FIM monitor
Set up File Integrity Monitoring
Loop1 Systems: SolarWinds Training and Professional Services
- LinkedIN: Loop1 Systems
- Facebook: Loop1 Systems
- Twitter: @Loop1Systems
-
Re: Help with LEM Report
Thanks for getting back to me mesverrum. We use Windows File Auditing to get the events into LEM which works perfectly. I can see the events in LEM monitor. The problem I have is I can't work out how to filter all the file activity for the folder G:\12Data\Folder1\Folder2\CulpritFolder using nDepth.
-
Re: Help with LEM Report
mesverrum
Aug 31, 2017 12:22 PM
Can you paste in an example of a windows file audit event in LEM? I don't have any in my lab to look at to see how they show up
-
Re: Help with LEM Report
To filter the report using the Reports Console:
- Run a "File Audit Events" report, I recommend only running it for a 10 or 30 minute span, something short
- When the report completes, pick the Select Expert option in the View Ribbon
- When the prompt comes up, pick "New"
- Pick "(FileAudit_1.FileName)" from the list
- Set the operator to "Starts with" and enter the folder name (G:\12Data\Folder1\Folder2\CulpritFolder\)
- Hit OK
- Click "Export" and save the report you just filtered to wherever you installed Reports (C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\ by default) in the CustomReports folder as a Crystal Reports (RPT) file
- Go back to your Settings tab, and change the Category drop down to "Custom Reports" and hit F5 to refresh the view
- You should have a custom, pre-filtered Report! Run that for whatever time-frame you like
-