evanr

I would suggest keeping your share path as simple as possible. Preferably no spaces..etc.

Start by looking in Build - Rules. 

I suxor. A more complete search helped. http://thwack.solarwinds.com/thread/45529. Had to change "Statistic: Up" to "Statistic: 1" and Down to 0.

To answer your question if LEM can monitor IIS logs. Yes it can.

You would have to enable the rule first under build -> rules. Then you can set up our action (email)..etc.

I found what I needed. SolarWinds Knowledge Base :: How many days of live data will the LEM database store?

5.6 converts your existing data to the new database format. We used archiveconfig. I believe it will backup all data in logs/data under diskusage. Whether or not it outputs everything I don't know.

We struggle with this as well. As far as LEM is concerned I don't have any rules to give out that would help. We have gone the route of setting up traps to alert us. So for example I want to be alerted to scanning attempts via burst rate threshold %733105. I would set up my SNMP trap via SAM that also logs it to LEM for…

Do you have restricted access to the console (GUI)? Proxy server? I have had to add our LEM site to the proxy exception on numerous occasions for strange quirks like this. 

Yes we have custom logs going to the event viewer that we are monitoring. Just create another Windows Application monitor and use the name in your Alias. As far as drilling down into Microsoft-Windows I'm not sure. Edit: Sorry I should have mentioned that these are logging into the Application Log. If you are trying to…

Our current attack surface is very low. Being privy to our penetration scans, and often having to confirm said vulnerabilities. We don't worry so much about remote attacks. The focus is mainly on 0 day stuff, and the users that already have access into our infrastructure. So I would say in our environment its the "insider"…

I believe its installed to /usr/local/contego/ContegoSPOP

Nevermind quick reboot and it works now.

You can edit the policies by going to manage - appliance. Click the gear on the left hand side and go to policy. From there you can disable the policies you don't want to see. 

You can try stopping the SolarWinds Log and Event Manager Agent. Delete the spop folder from C:\Windows\SysWOW64\ContegoSPOP (depending on what version of Windows is installed). Then start the agent again. That will usually bring them back.

Not sure about your space question. I thought there was a document floating around out there that documented that. In regards to your backup scheduled - SolarWinds Knowledge Base :: How to Configure Backups on Your LEM Appliance

How beefy is your box? Just last week I had to pull a log from 4 months ago and while it wasn't instantaneous the query finished in a little over 4 minutes. I find that the more detailed and granular I get in my refinement fields the faster I see results.

Its a soft stretchy material. The inside is exactly the same as the outside. Just a different color.

I experienced this same issue but we had 5.7 RC to 6.0. 

Strange. This works for us w/o issue out of the box.

I hate to beat a dead horse here but I upped the log output to something other than the default 3. This particular machine just will not connect. I can telnet to the ports fine from this particular machine, and other servers that sit on its LAN are able to hit our LEM device w/o issue. I get two consistent error messages.…

Well I figured I would try one more time before I open a support ticket. We still have 3 or 4 agent machines that were connected to LEM at one time but for whatever reason refuse to re-establish the connection again. I have tried the usual stopping the service, deleting the spop folder, and starting the service. I tried…

What about event log consolidator? Then set up your connector on that specific machine that has consolidator installed. 

We had experienced this sometimes when running ad-hoc reports during the day. But since have set our reports to run as batches at night and have had no problems since.

You can view this in real time by logging into your LEM device. cmc>manager cmc: :cmm# watchlog Then run your SMTP test via Build -> Users -> pick your user -> Test Email Notification

As far as low end thoughts. I was in that boat of annoyed customers for a bit. Once I had my email template set up, variables defined, body of my email constructed..etc. It took me a good week to figure out how to then get the rule set up and email data sent correctly. Only until I realized that if I had say a SQL…

Is it possible to monitor all the spawned w3wp processes? We have a process monitor set up to monitor w3wp - (name of our app Pool) this works great. But will only monitor one PID. Is it possible to monitor all the PID's spawned? Kind of like in the real-time process explorer? We would like to start getting a memory…

I would start with looking in the spoplog on the new server. You could try stopping the lem service on the server, deleting the node from the LEM console, delete the spop folder under the ContegoSPOP folder on the server. Then start the lem service again. From there I would sniff the traffic between that server and the LEM…