Comments
-
I like this list! I know at least some of these things are already in the LEM Feature Requests section of THWACK, so you may want to go up-vote the ones that are there. And I think I'll be using some of this to inspire future videos.
-
Okay, it's a little hard to be sure with the obfuscation (and I understand why you did that), so here's a guide to how those fields should be populated from my lab: Alias: This doesn't matter, it's just for human readability. Domain Name: The FQDN of your domain, so you'll need to include the .com or .local or whatever on…
-
After poking around on my own console, and asking around, it looks like the answer is "No." The roles are predefined, and there isn't a way to make new roles. The sections will display, even if the logged in user has no access. I created a test account and assigned the Guest role. As an example, the user can get to the…
-
You actually want to put this in the Feature Request part of THWACK so other users can review and vote on the request. Log & Event Feature Requests
-
LEM keeps the last seven days worth of data uncompressed to make Reporting and searching faster. The assumption is that you'll more frequently want to be investigating what just happened, not ancient history. After 7 days, LEM compresses the data. That means any search that includes dates/times outside the last 7 days will…
-
Just for future viewers, as of June 2016, we were on revision 9 of the SDEE connector for LEM. Effort undertaken, completed and crushed!
-
If you look at the original logs, do they include the information that you care about? If so, what sort of device is sending that information to LEM?
-
The first thing I would do is make sure that the connector pack was the latest and greatest: SolarWinds Knowledge Base :: How to apply a LEM connector update package I've looked through the latest, though, and I don't think that Motorola's switches are matched. If a connector is needed, try the following: * Open an SSH…
-
Okay, so the option to embed YouTube is gone...that's a new feature? At any rate, here's a video of me explaining a few methods to make a "fire once" rule: Solarwinds LEM - Make a rule fire once - YouTube Correlation Time is the purple box, and it has two values and a secret button. The first value is "X events in Y [time…
-
The Ops Center widgets are driven by the filters in the Monitor tab, and these filters start counting from the moment the console is opened. nDepth and the Reports Console are the only way to get historical data, though you could have the LEM e-mail out all Account Lockouts for the last 30 days every morning or have the…
-
LEM doesn't parse e-mails sent to it, so if they're sending back to the LEM's from address, that information is being lost in the void. WHD could replace Remedy and receive alerts from LEM, or you could change the "FROM" address on the LEM so the responses go to some other mailbox.
-
I don't know if this is the particular connector for your needs, but on many connectors you can specify a log file location: You could change that to C:\Program Files(x86)\McAfee\ePolicy Orchestrator\DB\Logs\ACTUAL LOG FILE NAME.log
-
Looking at the events that my laptop made this morning, I don't see a specific "System Startup" event. What I do see, though, are a System Status event where my machine adjusted the system time (cause it was off, the OS clock needed to be adjusted by a few milliseconds) and an event for the LEM Agent coming on-line and…
-
First question: is 10.14.2.71 the address of your Log and Event Manager Appliance? Second question: do you have something else on that system binding to the Agent ports? The agent is getting port 0 (which I'm pretty sure isn't valid), and should be using 37890-37896.
-
I tried this in my lab, and I was able to build filters and rules that would fire with multiple wildcards in the AIR console. What version of LEM are you running? Thought I'd add more details on what I did to make sure it matched what you wanted. First, I created this rule, with pre-, mid- and suffix wildcards. The rule…
-
There is a Template rule called "Agent Offline Timeout" that will achieve this result.
-
That could be corruption of the user profile, and that will probably need support to fix it.
-
There's not, but you could put that in as a feature request.
-
First, the latest version of LEM is 6.3.1HF4 (as of May 11 2017). Upgrade the appliance and the Reports console! Second, I see the ping fail when Reports isn't running "As Administrator." Even if you're logged in as an administrator, if you have UAC enabled on your system(s), you need to explicitly use the "Run as…
-
Realizing that it might take a while, but if you run a Database Maintenance Report and/or an Event Summary - Top Level Statistics report, how many events are you gathering in a day? In a week? If you SSH to the LEM, under MANAGER type RCC and then pumpstatus. Do you have anything waiting?
-
It looks like we have a connector for a Panda AV SQL database to pull information in. I don't see an Informix DB connector, so that would be a feature request.
-
Can you SSH into the LEM and run a VIEWSYSINFO under the MANAGER menu and show the output?
-
If you reload the Web console and go back into that node, is the connector really gone? Does your filter have any wild cards that another node might be matching the criteria? If that doesn't explain it, go to the system in question and remove the tools. In Windows, look for C:\Windows\SysWOW64\ContegoSPOP\tools. Remove the…
-
The LEM is meant to be an appliance, and is running a hardened OS already. Updates for the LEM software are available from the Solarwinds Customer Portal, but regular end-customers have access to the LEM only via the web/AIR GUI and the CMC shell, which is restricted and hardened. Other than that, it's meant to be very…
-
Do you mean only one domain for the LDAP connector? Or one domain for the search domain?
-
Can you make sure that the date and time on the LEM is correct? - In the CMC shell, under APPLIANCE, run a DATECONFIG and press enter 3 or 4 times to see the current LEM system time Your machines might be stamping the right date/time on the events, but if the LEM's time is wrong, the events might seem outside their…
-
That's a pretty broad question, but you can definitely configure the LEM to send you an e-mail when certain events occur on a node or system. You could try adding the "Send E-mail" action to the "Agent Offline Timeout" rule template we provide with the LEM, and that would alert you when an Agent goes off-line. "Attacked"…
-
Hey danielr79, some questions to ask yourself are: * Do you have any compliance or auditing concerns? * What standards are you trying to meet? * What systems do you have that need to be monitored? Have you checked out the LEM documentation page here on THWACK? Or the video zone? I also have some videos I created to show…
-
I don't have access to Orion to test what comes out on the other end, but... There is an SNMP active response connector that can be configured on the LEM. It has exactly no configuration besides the Tool Alias, so the whole "SNMP community" thing is still out there. Now, go to your rules. You have an option to send SNMP…
-
It's working for me on A:01. Up in the corner, which system are you connecting to?
