curtisi

There's not a way to dig into the database as a customer, by design. If you have the Reports console, can you run a Database Maintenance Report?

Based on that, it doesn't appear that you have any devices sending data to LEM. If there's nothing sending, then we can't show you any search results and there's nothing to fire rules off. Have you deployed any agents or configured any devices to send syslog to the LEM yet?

Well, there's your problem. You need to modify that and see if you get the info you want.

According to this: Google Apps SMTP settings to send mail from a printer, scanner, or app - Google Apps Administrator Help To us smtp.gmail.com, you have to be using TLS or SSL. LEM supports this, but you need to change the transport protocol drop-down and the port number appropriately. Also, it says that smtp.gmail.com…

nDepth search for the last couple hours, AnyAlert.DetectionIP = Cisco Thingy?

No, you should be able to use the Admin credentials to run Reports. Maybe re-enter the password to make sure it wasn't typo'd?

If the system is writing syslog to a file or can send syslog to a host, then there may be a LEM connector that matches that data. Support could help you test your files for a match, or work with you on the process of requesting a connector to normalize your logs.

Can you export both rules, name them so I can tell which one is the working one, and attach them to a post?

No problem! Don't forget to mark the correct answer so future searches know this thread can solve their problem!

It sounds like you're using IE. Can you try the web console in Chrome or Firefox?

By default, no, but you could certainly use Rules to create one.

Is your LEM up to 6.0.1?

Changes with RESTRICTCONSOLE should stick, but I know some LEM versions had issues with it. Are you on 6.0?

I could clean up some formatting, but functionally your rules look solid. I don't have an ASA or Checkpoint to test them with, so you'll have to let us all know how that goes.

Sean: A service account is an account created in Active Directory, usually with the option to have a password never expire, which is used for automated jobs or applications to use to take advantage of Active Directory. For the LEM's AD connector, no special permissions are required, and it doesn't need to be a domain…

Your rules shouldn't have any impact on usr\local unless they're generating errors. In addition to what wolram​ said, you can see the manager log without needing the unique root password. In your CMC menu, go to the manager section and run the "watchlog" command. You'll also be able to get a dump of the manager logs by…

Have you tried a different server to confirm it's not a server issue?

I've had discussions with the developers, including the one that wrote the code for the DS connector, and at the moment it appears LEM will always work this way. Part of this is because of the use case where there are sub-domains: apparently Java doesn't handle dev.domain.com and domain.com well, which is a shame. Also,…

I don't know what that OU is, but it's not a default OU in my 2012R2 domain.

My groups are Global and they work fine.

To address the first thing, I have a video that can help with the blank e-mails: Solarwinds Log and Event Manager - Resolving E-mails With No Information - YouTube For the second, you could have LEM run a scheduled nDepth report and e-mail you a CSV of the results every day. There's no conditions on this, though, so you'll…

Well, the Agent will attempt to restart the USB Defender service when it stops. Why it's stopping, I don't know...

What is the hypervisor that you're running? VMWare or HyperV?

You may need to open a Support ticket to have them look at what is happening. One thing to try: Edit your Reports short-cut so that the target ends with a /L, like so: "C:\Program Files (x86)\SolarWinds Log and Event Manager Reports\SWLEMReports.exe" /L Now, run the stock report that you based your report on. You should…

I pulled your ticket and just sent you an update. Let's get this show on the road!

Wish granted! https://www.youtube.com/watch?v=2e9eGQPUOmY

What version of LEM are you running? If you run a WATCHLOG under the MANAGER menu, are there any error messages, especially if you run an nDepth search with the log open? SolarWinds Knowledge Base :: Use an SSH client to connect to your LEM appliance

Can you export some of those events from your Exchange server as EVTX and attach them here or open a support ticket with the info so a connector request can be made?

Yeah, that's the options. Starting the upgrade with a broken database might work, but I wouldn't be willing to promise you anything at that stage.

Right, you'll have to run through that process to get the LEM prepared to collect the raw logs or message cores. Next, the relevant connectors need to be set to send raw data to the LEM. Either of these options will do it, but if you still want the normalized data, you should pick Alert, nDepth. Last, you need to tell…