curtisi

Plus a million points for the Rick reference. Not sure what the consequences of magnet'ing Rick to your tower will be though... probably an inter-dimensional portal.

As an alternative, they can click into the asset and get the asset's ticket history from that screen.

Has anyone else had issues with the THWACK store since the upgrade? Usually I get the "Last step" e-mails pretty quickly, but now I've let it sit for 30 minutes and nothing. Has that changed in the upgrade?

I AM ROOT!

I used to work in the Finance Industry, so I'm well aware of things like the Chinese Wall and protecting confidential information. As a support tech, I more than once remoted into a system to troubleshoot issues, and saw some proposal for an IPO or handled a request that was unusual (like access to Facebook) because our…

Can you confirm that the events appear in the windows event logs?

Only if the VPN is using TCP port 53. I mean, this might be crazy talk, but the point of that rule is to identify suspicious traffic...maybe you have some and need to investigate where the class C address is coming from?

Are you running the Agent on the DC where the changes are occurring or just on a primary DC?

With the disclaimer that I don't know what I'm doing, and might just be making it worse, here's an attempt at a generic connector band-aid: Generic Syslog Connector

Sure, you can either open a ticket via the customer portal (https://customerportal.solarwinds.com/support) or by calling in to the support desk: http://www.solarwinds.com/company/contact.aspx

You would turn off nDepth under the nDepth options in the SSH shell, and either leave the DB or call the helpdesk and have us drop the database partition for nDepth data.

How long are you waiting between stopping and starting the agent service on your test system?

At this point, it doesn't appear to be a LEM issue. Can your Cisco device ping the LEM's hostname or IP? Is traffic on port 514 allowed in your network? You're going to have to do some basic network troubleshooting to make sure that the devices can communicate. The LEM does not appear to be getting any traffic from the…

Ah ha! There's the rub. You either need to upgrade the LEM to 6.0.1 or downgrade Reports to 6.0.0. Personally, I'd upgrade the LEM.

Is your internal network a class C? If not, could be a VPN or someone has a device plugged into the network that they ought not to, maybe?

Might I suggest that you spend some time with our video training on the LEM? https://www.youtube.com/playlist?list=PL7E0C96A8AA76F1D2 This video specifically covers creating Filters: https://www.youtube.com/watch?v=Zdp3xsAvVFA And there's this KB:…

Assuming the other lines in that file do show carriage returns, I'd suggest editing the file and putting the return there. ManagerAddress=IPADDRESS ManagerInstallPort=37890 ManagerSecurePort=37891 NioManagerSecurePort=37892 OutputLevel = 2 UseRMI=false LogFile=spoplog.txt LogFileType=File

Your domain controller(s), sorry.

Well, the good news is: they work on my system! Bad news is, I have no idea why they don't work on yours. Maybe try turning on the "TEST" option and see if that allows it to fire?

My understanding of the reader/connector is that yes, it will realize when a file closes and move to the next file.

I got nothing at this point. Open a Support ticket (looks like you have maintenance) and work with them. Sorry.

Then it sounds like the custom report has a bad query in it that eliminates all data. Have you tried running a simpler query to see if data is returned?

$DestinationMACAddress has a capital "A" in the variable name for Address, and a lower-case "a" in the e-mail template. They need to match.

Can you open a command prompt as an admin and run "auditpol /get /category:*" and post the results?

Yes, because memory is a factor, and the LEM will prioritize processing new events and keeping rules firing over the database partitions being warm. Our assumption is you want your real-time alerts more than you want to search for things. As far as "removing" alerts, the LEM is passive. It's like a mailbox: it doesn't go…

In my experience, most vendors provide a way to change the source name of log messages, like Cisco. Those are usually available from the various vendor admin guides. If you have devices older than IOS 12.2, then you have other problems: why are you worrying about logging and auditing with a version of IOS that has so many…

What version is the LEM that you're connecting with? In Reports, can you confirm that that the "Configuration --> Managers and Credentials" is pointing to the right IP and using the right user name? The username needs to be one that is in the LEM (look under Build --> Users in the LEM console) that has the Admin or Reports…

It looks like you went back a few versions of Reports: 2014-10-15 08:25:24.270 threadid=1712 ******************** SWLEMReports.exe : Version 5.4.0.1 ****************** 5.4.0.1 isn't going to know how to log into LEM 6.0.1. Please upgrade reports.

Yeah, it does prove you're getting it, but it's nice to confirm that it's our agent truncating the data and not the mysterious network gremlins or something. It creates a database, but that database will only grow as data goes into it. The LEM does a pretty good job with partition management.