curtisi

Do you have the Microsoft Telnet Client feature enabled on your station? Can you try opening a command prompt and running: TELNET SOLARWINDS-LEM 9001 You should get something back like this: HSQLDB JDBC Network Listener. Use JDBC driver with Network Compatibility Version2 .1.0.0 and a JDBC URL like…

I see a connector for a Citrix NetScaler in my lab, and it looks like all we're expecting is syslog traffic to the LEM. It looks like Citrix has a pretty decent guide on configuring NetScaler Syslog here: How to Configure Syslog on a NetScaler Appliance Take note of the Syslog Facility you pick, as you'll need this for…

What is the syslog relay server? Are you sure it's passing the hostname on when it forwards a message and not replacing it with it's own name?

I have seen this before when a rule creates an Incident or Infers an alert and the wrong field is being used as "DetectionIP" in the Rule Action. In one case, someone had "DetectionTime" in the "DetectionIP" field, so the LEM was adding a node a second until the license was consumed. Alternatively, it could be that…

Does the iPhone or Nokia come up as a mass-storage device in Windows? What device stack does it fall under?

It is possible, but you have to do some work in ADSI edit to enable auditing on the Group Policy containers. The resulting events will look like this: So you'd need a rule that captured those events, and an e-mail template that will pull in Detection Time, Event Info and the Object Name.

The nDepth search tool can be a little intimidating at first, but I think a key part is realizing that events are normalized (made to fit categories) and that you get live counts under the "Refine Results" drawer in the Explore tab. Have you checked out the Video Zone from this page for the nDepth training videos? Log &…

As jhynds​ siad, try the https port. Also, try a different browser or try an incognito tab. I've seen the cache/cookies on a user profile do strange things to the LEM console.

If I have something in my cart, can I cancel it and get my points back, then? I'm about 35 pounds beyond an XL.

I'd be willing to bet a dollar that you need to click the "Activate Rules" button on the Build → Rules screen. When you make changes in the Build → Rules screen, you're making changes on the LEM's disk. Rules, however, are processed in memory. You need to click the button to commit the changes on the disk to memory, or…

Are you using the Log and Event Manager to track things on the ASA? You opened this in the LEM forum, but it looks like an NPM question. If this is LEM, do you have any screenshots of what the shunning event looks like? Then I could help you make an alert.

You can use the Kiwi Syslog Forwarder for Windows to get syslog versions of the logs into Kiwi. However, the LEM Agent isn't really going to know with what to do with syslogged-Windows logs, so you're not going to get the Reporting and Alerting from LEM that you've come to expect for your US machines. Really, it sounds…

steven.goldberg@citizensfla.co We have a new connector revision for ManageEngine, thanks to your provided samples. This is now part of the generally available connector upgrade pack.

I guess if the FAA is still using 7 inch floppy disks, someone is still using CD-ROMs, but doe the life of me I can't find an actual CD with content anywhere to test with! So I mounted my smart-phone, which briefly emulates a CD-ROM to install some auto-run stuff. It looks like you might be able to monitor for the…

Which windows log? Do you have an Event Idea? What application is generating that event? Can you include a screenshot of the event from the Windows Event Viewer?

So I'm assuming you're talking about this thing: First off, taking a "random sample" from my System, Application and Security logs, most events seem to have this set to "None," so what are you hoping to get from this field? The one exception to "Almost everything is none" that I saw was the Security Logs. For many of…

If you look at the FIM templates, they are incredibly general because, among other things, we have no idea where your important files are or what files they're in. The FIM templates generally only look for key system files, and you'd need to create new monitors for other locations. If it helps, I have just completed this…

I don't see anything called Weblogic in my lab, but part of LEM is that users can request new connectors. How does the Weblogic device log or operate?

I think the big thing here is that domain level events and local machine events get logged by each domain controller. If all you care about is account lockouts or login failures, you may only need to monitor a selection of Domain Controllers (although your rules may or may not fire if your replication takes longer than the…

Yep, see this thread: Alert on login attempts of disabled accounts

My thought is that the console isn't really meant to be a full-time monitoring solution. It's useful if you become aware of something going on in the network (a rule has sent you 14 e-mails that someone is trying to log in as an administrator to various systems, so you open the console to watch in real-time as a…

No, if the LEM Agent is configured to read a log file, it will send any and all messages it finds in that log file. You'd need to adjust audit policy on the system to prevent those messages from being generated.

Searching their Wiki, it doesn't appear that they produce syslogs, only SNMP. It might make more sense to send that to NPM or SAM and let that monitor the health of the system.

I don't see a connector for LifeRay currently in existence. If LifeRay writes to the Windows application log, our default Windows connector ought to capture at least some of the information. If it's going to some custom Windows log (or something non-Windows), that would require a connector request via Support.

You can backup the normalized or RAW event databases by following the steps described here: Configure Backups on your LEM Appliance - SolarWinds Worldwide, LLC. Help and Support Restoring the data will require intervention from Support.

First, there is a list of supported data sources on our website here: Data Sources - Log Management & Log Analyzer Software | SolarWinds * Fortigate 100 is listed * A lot of HP devices are listed as well, so assuming the devices you want are syslogging in a similar format to the ProCurves or other HP devices, you're…

As a requirement to getting those events, you will need to be running the LEM Agent on your workstations (workstations do not replicate "lock" and "unlock" events to the DCs). You'll also need to make sure that your Windows Audit Policy (whether in local or GPO) is setup to tell Windows to make those events.…

In the most recent connector pack, there is revision 4 of an SNMP connector for SolarWinds Orion and Virtualization Manager. By default, it reads from the snmptrapfmt.log. Have you configured this connector on your appliance? It should be noted that we release updated connectors every 2 to 4 weeks, so it's a good idea to…

The file sizes aren't included in log messages (typically) so the LEM won't see them.

Have you seen this article? SolarWinds Knowledge Base :: Configuring Cisco IOS Routers and Switches to Syslog to Your LEM Appliance It looks like your logging configuration is missing some lines and details. Then you'll need to add a connector as evanr describes in the Manage --> Appliance screen of the GUI. As a note,…