Apollo

Nicole, That's exactly what we're trying to verify...A device not on the local network (e.g. smartphone remotely accessing mail). We have one iPhone user that keeps getting locked out of his domain account. We've tracked it down to either a virus, Windows backup login error or a Smartphone). No viruses found and we've…

Neither in my case. We've looked into that as well. We're not renaming volumes and the iSCSI volume names do not change.

Phil, Thank you for the information and suggestions. I've opened a case with support. I can confirm it talks to our AD, but the LEM won't complete a directory service setup. ~Steve

Aw...that makes sense now that you've pointed it out. One thing I don't know is why the rule kicks off alerts for services not in the rules list. ~Steve

Sorry I'm not following where or how to enable the advanced editor.

Verifed that I'm using the account lockout event (as far as I can tell from the template). Only one email fired per lockout as well.

My only guess is that 2008R2 has a bug in the snmp reporter. When I've noticed the problem, Orion never showed that the server was offline and did keep historical up time going, etc. Perhaps the drive information is a subset of the MIB and gets generated as null information...don't really know. Its annoying especially when…

I think I managed to send you a private message with the exported rule. Thank you, ~Steve

I don't see a method to send it to you in a private message or get it uploaded in this thread. ~Steve

I have no other rules for this specific server and no other events are backed up.

Phil, I do have the directory service too setup on the appliance. However, when I attempt to create the DC group the appliance comes back with "Directory Service assocaited with the domain <FQDN> is unresponsive." <FQDN> represents what we have specific to our environment. I've confirmed that the account used is not locked…

I'm a little confused on why I would need to create three alerts. Are you suggesting one for each drive percentage? I've already gotten that part of the alerts to work. They do kick off at the intervals we needed. What I'm stuck on is how to have the alert to kick off for ANY of the systems I want monitored and how to…

Nicole, Right now I have the following in this template: System: $info At $date From: $DetectionIP Source: $source Destination: $dest When the alert kicks of I'm getting the domain controller name from the $DetectionIP and from the $Source (same information). The destination information is usually blank. The $info does…

Yup...I did lose all historical data. I just tired it.

I don't think so. I can give it a try on my end to double check and let you know?

Phil, The problem I'm having is with a specifc NATO 5 rule. The rule status is highlighting the "Domain Users' as "the value in the comparison is not available." This is from the NATO5 fule "Authenitcation - Unknown User."

Okay so I've altered the rule, but I'm still getting other service alerts from that same server (Avantis). I do not have that service listed in the rule set whatsoever. Here's one such alert that kicked off: WinHTTP Web Proxy Auto-Discovery Service stopped at 2016-04-07 10:21:32.0 using WinHTTP Web Proxy Auto-Discovery…

Thanks for the suggestion...that's been checked as well, but as I said any other workstation or server can still access the systems Orion thinks are down. I've even gone as far as checking for a duplicate IP and clearing the forwarding tables on the primary switch Orion is connected to.

Well the goal is to create an alert that will trigger for each volume for each threshold every time. How would I go about doing that if an advanced alert won't fire as you described?

Perfect thank you. Not too excited about learning that SourceFire was acquired by Cisco. ~Steve

Murpr, I don't see that as an option in my interface. I'm using NPM version 11.0.1. The rule interface I have on the solarwinds box itself doesn't show me any time options.

Thanks for the suggestion...however the /I argument prevents the schedule from running in my case. In addition the scheduler shows "running" in the status but the job never finished. I've been troubleshooting this for some time without much luck as yet. ~Steve

Thank you. I'll give that a try.

Nicole, Thank you. I've actually set up the Account Lockout rule yesterday and would like the ability to have the alert include the offending IP, but I don't think that's possible without having an agent on the workstation itself. Cost wise, that just isn't feasible. Is there a way to add the alert information (windows…

Curtisi, Thank you that's a nice elegant solution. I'll give it a try and see what happens. ~Steve

Aruba WAPs -Dell branded.

That fixed it. Many thanks! ~Steve

Updated the NTP server IP and it ran an NTP update command. Time is exact now. Will watch alerts. Thank you! ~Steve

It is about 8 minutes. Not sure how to update the time on the appliance. I don't see any obvious options in any of the menu options; appliance, ndepth, manager, service or upgrade. Digging into it menu by menu.