jhynds ✭✭✭✭✭

Yes, Orion Log Viewer requires its own database (SQL Server 2016 or later), however this database can reside on the same server as your Orion database. When you upgrade to Log Analyzer/Orion Log Viewer, your old log data will remain in the Orion database but all new log data will be stored in the new database.

You need to download and install a free trial of Log Analyzer on the same server as your NPM instance. At the end of the 30-day trial, if you decide not to purchase LA, the additional functionality that it provides will simply turn off, and you'll be left with Orion Log Viewer.

Glad to hear you like what we've done with Log Analyzer so far! Kiwi Syslog licensing remains as-is, with no plans to make any adjustments.

Hi Jawwad - can you please raise a Technical Support ticket in order to request the new connector. They will require a log sample and some additional information to determine the feasibility of building the connector.

Sorry to hear you are having issues. Raising a support ticket is certainly the best path here, if you can send me the case number I'll ensure it's investigated as a matter of urgency. Do you experience the same issue within the HTML5 console or is it only nDepth that's affected? Worth noting that we just shipped SEM…

OpenSUSE isn't listed on the supported Operating Systems by the LEM Agent as it has not been tested by us, however I don't envisage any issues with installing the Linux agent on the OpenSUSE. If you have any problems during the install just let me know. Which logs do you need to collect? LEM includes connectors for logs…

There are Terminal Services connectors available out of the box, including Terminal Services - Local Sessions Manager. These connectors can be applied to any Windows Agent:

Hi Jeff - are you using http? If so, can you try using https? The address will be https://[LEM-IP-ADDRESS]:8443

They are stored within C:\Windows\SysWOW64\ContegoSPOP\spop\

We have just released a new connector for the vCenter 6.0+ vpxd log. This log is the main vCenter Server log which consists of all vSphere Client and Web Services connections, internal tasks and events and communication with the vCenter Server Agent on managed ESXi/ESX hosts.

Unfortunately it is not possible to create a custom update view based on KB numbers, it's only possible to filter after all the updates are shown. Do you need to filter based on KB number across all updates? You could create a custom view with a limited set of updates, e.g. by classification, production and release date…

Hi sja! When you upgrade your current Syslog/Trap Viewers to LM, your existing log rules/alerts are not migrated to LM. However, the Syslog/Trap Viewers will remain on your Orion server in a read-only state, which allows you to view your log rule/alert conditions to assist with the manual creation of these rules in Log…

The easiest way is to use the Events per Minute widget on the Ops Center page, and manually convert to Events per Second (e.g. 60 events/minute = 1 event/second)

Hey, You will need to install the LEM Agent & USB Defender on each machine you want to monitor. When a user copies a file to a USB it generally appears as a FileCreate event like below. If they modify the file it will probably appear as a FileWrite event. You could create a rule something like this: I haven't tested that…

Hey, LEM can detect the Logon Type - you can then create a filter/rule to capture Lock/Unlock events. Lock: Filter Conditions: Unlock: Filter Conditions: Equally you could create a filter based on the event ID's (4800/4801) Hope that helps!

Hi TJ, Internal events aren't triggered for manual backups - they are only generated for scheduled backups. I suggest you raise manual backup auditing as a Feature Request here​.

There haven't been any changes made to our recent Flash updates. If you want to update existing versions of Flash, can you use the Update packages? The applicability rules for the 'Update' packages are intended to check for any existing Flash on a machine and only update machines where we find an existing version of Flash.

This is due to SMB1 being disabled on the network share where the upgrade bits are stored. More info here. We are working on support for newer SMB versions as part of the next release.

We definitely want to do more. The tool covers the basics pretty well, which is why it’s used by thousands of customers today. It saves hours of time for admins doing the tedious job of keeping servers & endpoints up to date. There’s so much more stuff that could be done with it though, I agree. Frankly, we have not made…

Thanks for pointing this out Graham! Will aim to correct the spelling in a future version.

Hi Eric, We are certainly aware of Microsoft's plans to deprecate SQL Profiler. This will likely impact the method we currently use to collect SQL logs, however we will be doing our upmost to provide continued support for SQL log monitoring with LEM. Jamie

Can you post a screenshot of your Rule Action to show which fields in the Kill Process action are populated? If the rule appears to be set up correctly, I'd recommend submitting a support ticket - they'll be able to review debug logs to determine why the action isn't triggering correctly.

At this point, it's best to raise a Tech Support ticket so an Engineering can dig a bit deeper and resolve the issue. If you want to send me the Case ID, I can follow up internally. Thanks!

Can you confirm which Windows Server version you are trying to install on and also the filename of the SEM agent you are trying to install? This isn't currently a known issue with the 2019.4 agent, but you can generally bypass the error by running the installation in compatibility mode.

Hi, Is your LEM deployment currently under maintenance? If so, could you please raise a Tech Support ticket. It is likely the root login will be required to resolve the issue, so Tech Support is the best route. Any problems let me know.

Apologies for the delay. Could you provide me with a log sample from your ASA which shows the HTTPS connections? I can then determine if we can update our ASA parser in order to correctly parse the HTTPS events.

Unfortunately, I can't provide a timeline as to when support for MS SQL 2017 will be available. However, can you confirm if you specifically need to monitor SQL Traces or could you get the information you need via SQL Audit Events?

A Log Summary dashboard, along with updated Node Details resources is something we are currently working on. I'll second Marc's comment above - if you could provide some screenshots of what you'd like to achieve it'd be great. Equally, if you'd like to set up a quick call to discuss further, just let me know.

I just discussed this issue with your Account Manager, they are going to reach out and arrange a WebEx to get to the root cause.

This is not currently possible in LEM Reports, however we are working on the ability to export log data from the HTML5 Events Console, which may solve your problem. Out of curiosity, for a weekly/monthly report, how many lines would you expect to see?