I've enabled collection of SMBv1 events on a few domain controllers that are still using it. How do I have the collector agent pull those logs in?
They're located here: Microsoft-Windows-SMBServer\Audit
You will need to add the connector to the agent in order to begin collecting the logs. From the web console go to Manage -> Nodes. Use the filter options to show just agents. Locate the server you wish to collect the SMB logs on, place a check next to it and click Manage Node Connectors. Search for SMB and once the connector is found select it and click Add Connector. Once the connector is added make sure to Start it and going forward new logs from the Microsoft-Windows-SMBServer\Audit should start showing within the web console.
You will need to add the connector to the agent in order to begin collecting the logs. From the web console go to Manage -> Nodes. Use the filter options to show just agents. Locate the server you wish to collect the SMB logs on, place a check next to it and click Manage Node Connectors. Search for SMB and once the connector is found select it and click Add Connector. Once the connector is added make sure to Start it and going forward new logs from the Microsoft-Windows-SMBServer\Audit should start showing within the web console.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 200,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.