jhynds ✭✭✭✭✭

Hi Ray, Apologies for the inaccurate documentation, we'll get the KB updated. As per this Trend Micro KB, notifications are automatically sent to the Windows Event Log on the OfficeScan server. In order to collect those logs on your OfficeScan you need to install the LEM agent on that server. Once the agent is installed,…

Dameware hotfix's are not supported by Patch Manager as the hotfixes generally don't have an installer and have to be applied manually (usually by replacing some files). A service release (e.g. v12.1.3) would be possible as it includes an installer, but unfortunately there isn't we can do for the hotfix.

There isn't currently a beta open for the next release of LEM. Apologies for the confusion regarding the Mission - I'll ensure that the Mission is updated to avoid any confusion going forward.

Thanks to every who has provided samples so far! Your 1,000 THWACK points will be awarded later on today.

SEM 6.7.1 is now available on your Customer Portal and includes a fix for the agent memory issue. Apologies for any inconvenience caused as a result of the issue, I understand it was frustrating. Once you upgrade the SEM appliance to 6.7.1, the update will push to your agents (provided auto-update is enabled) and no…

Thanks to everyone for reporting this issue. We are currently looking into the issue as a matter of urgency and aiming to resolve ASAP. If you haven't already done so, I'd encourage you to raise a Technical Support ticket if you encountering high CPU on the SEM agent. Update: We have determined the root cause and working…

I've attached the PCI Filter. You need to import into your LEM console

The Flash Player (ActiveX & Plugin exe's) have been updated with the correct file names. Apologies for the inconvenience caused.

LEM ships as a virtual appliance which supports both VMware and Hyper-V. It is not possible to install on a 'stand alone' server, it needs to be deployed as a Virtual Appliance. The deployment process is very straight forward, you can view the steps in this video: How to Deploy SolarWinds Log & Event Manager with Hyper-V -…

Yes, SQL Server 2016 is supported by LEM's SQL Auditor. You appear to have found a bug within our SQL Auditor template names, however I can confirm that the selecting the Server Type as 2014 and using the 2016 template (as per the second image within your screenshot) will work fine. If you encounter any issues, please let…

Hey! This KB outlines the steps to run on the LEM virtual machine. Once you have updated the date/time you may have to reboot the appliance for the change to reflect in the web console/nDepth. Hope that helps

Unfortunately, sometimes this is down to the way in which Windows logs the failed authentication events. Are you getting the same EventID (ProviderSID in SEM) for each logon failure, or are they different Event IDs? Worth noting that LogonType can often help to filter out some of the noise. For example, you can hone in on…

The workflow to add FIM connectors to a profile isn't as easy as it should be at the moment because we've migrated FIM to our new interface but Connector Profiles have yet to be migrated. It will be more straight forward once Connector Profiles are migrated. Configure an agent that isn't currently part of a profile with…

Thanks for flagging this issue, revised packages have now been uploaded to the catalog. There was a minor error within one of the Install Rules. Apologies for any inconvenience caused.

Hi Daniel, Would you mind posting a screenshot of a sample rule you are testing against in nDepth & I'll do some investigating. Thanks, Jamie

You can change the hostname by logging into the LEM appliance via SSH (instructions here). You will be presented with this menu: At the cmc prompt enter appliance: At this point you can enter the hostname command & follow the on-screen steps from there:

Event ID 4887 seems to be a close match to what you require. As per the linked article, you may need to adjust your audit settings within the CA in order to trigger the events in Windows. From there, you can leverage the Event Log Forwarder to send those events to Log Manager.

Hey! You can do this via the 'Advanced Correlation' tool within the Rule Builder, if you click the 'Advanced Correlation' button with the 'Correlation Time' widget: You can then set the condition, such as the DestinationAccount and/or SourceMachine must be the same (or distinct): Hope that helps!

Hi Sam, You will need to setup the 'Directory Service Query Tool' connector within LEM in order to integrate with AD. See here for steps to follow. You can then use the 'Directory Service Groups' window within the rule to add domain users (or individual groups) to your rule.The second line of the rule refers to the Service…

There could be a timeout occurring due to the widget being based on 40 nodes, I'd recommend raising a Tech Support ticket so they can analyze debug logs and determine the root cause. As a first port of call, you could edit the widget and change the 'max number of items to display' to 10 and see if that results in the same…

You can view the steps to mount the ISO and upgrade the LEM appliance here.

Hi Don - SEM is actually a secure appliance and is therefore not possible to deploy any additional software, including anti-virus onto the appliance. You can view the steps we take to ensure confidentiality and integrity here: Log & Event Manager Appliance Security and Data Protection

The Patch Manager 2.1.6 Release Candidate is now available on the Customer Portal which includes the ability to run pre and post-update PowerShell scripts. You can provide any feedback you may have within the RC forum.

Yes, Patch Manager is still being actively developed - you can view the roadmap here. PowerShell scripting support is the top item we are working on, which will allow you to run scripts before and after update tasks. This will enable to to perform actions such as snapshot a VM prior to patching, revert a snapshot if an…

Hey, Can you confirm that you have selected the correct template as part of the correlation rule? Also - did you click 'Activate Rules' on the Rules page after making the change to the template? It sounds like you mightn't have Activated the rule & it's still using the old email template.

Hi, In order for LEM to alert on low disk space, Windows needs to trigger the Event ID 2013. LEM can then alert if this event appears in your logs. In order to adjust the threshold at which Windows generates ID 2013, you have to edit/add a registry key. All the information you need on the key should be here: Force Windows…

I would recommend raising a Technical Support ticket in order to resolve the issue. If you can provide me with the Case ID, I will ensure it is dealt with as quickly as possible.

Hi Folks, Just to add to what Chell has already outlined. We are doing our upmost to ensure that we can continue to support Java updates going forward. As you can see from the MSI Enterprise JRE Installer FAQ, the MSI Installer is now only available as part of the Java SE Advanced commercial license. There are some caveats…

A member of our Sales team appears to have been in touch with one of your colleagues. Will send you a DM to discuss further.

Hi Sam, I've only just come across your post now. Log & Event Manager can certainly assist with PSN/GPG compliance (guide attached). Network Configuration Manager can also assist in terms of the baseline of configs across your network devices & ensuring real-time change detection, backups and more. Any questions please let…