Comments
-
Do you have a sample of the log entry that you want to base your rule on? Once I see the associated fields with that particular entry I can advise on the rule & alert.
-
Thanks for flagging this - looking into it now.
-
The free space result is displayed in bytes, so based on your screenshot it's approx 17GB.
-
Firefox 60.0/60.0.1/60.0.2 ESR packages have now been published to the Patch Manager catalog. Apologies for the delay in making these packages available.
-
You can view the benefits associated with maintenance renewal here: Benefits of Maintenance Renewals | SolarWinds As well as the benefits listed in the link above, you will also continue to have access to the Patch Manager 3rd Party Update Catalogue while your maintenance is Active.
-
Hi Darragh, .MSU file support isn't something we are currently working on, however we are tracking the Feature Request here. As you've mentioned, the wusa.exe approach is an option. Another customer has successfully used an alternative method which you can view here.
-
Hey, Can you try removing the domain name from the username field? I believe the connector takes the value from the Domain Name field and automatically applies it to the username when trying to connect to the DC. Let me know how that goes...
-
Hi surfrider26, There's actually a resource available within the Sprawl section of Virtualisation Manager which may be of interest. The resource shows VMs Powered Off for More than 30 Days & it also includes the option to delete the VM's directly from the Orion web console. Although the resource isn't populated on the…
-
These packages are now in the Patch Manager catalog.
-
Hey, It may be possible to import your ESX syslogs. You can try this - on a machine that you have the LEM agent installed on, apply the appropriate ESX syslog connector on that agent (via the LEM web console) & point it to an empty file (e.g. esx.log). Open the empty file & paste your log contents into it. The connector…
-
LEM only includes a handful of connectors to parse SNMP traps, it isn't really designed to monitor SNMP Traps. However, Log Analyzer may be a suitable fit as it can monitor traps from any device and is tightly integrated with NPM. Can you confirm how many traps per hour/day you expect to collect (given that you had…
-
Generally speaking, an appliance upgrade doesn't take very long - I would say around 15 minutes or so, but you could allow 30 minutes to be safe. You can upgrade via mounting an ISO to your hypervisor or extracting the upgrade zip file to a network share, all steps are listed in the LEM Upgrade Guide. Worth noting that LEM…
-
SQL 2017 is supported so you shouldn't be blocked due to an unsupported version during the install. Would you mind posting a screenshot and I can advise on next steps? Thanks!
-
Hi Shaun, Have you seen the LEM Evaluation Guide - sounds like it could be what you're looking for. Lots of useful videos on the LEM Youtube Channel too. With regards to LEM Reports - you have to install the LEM Reports application on a Windows server & you can then add your LEM Manager (i.e. the IP address of your LEM VM)…
-
Thanks for flagging this. We'll ensure the text is fixed from the next set of Chrome updates onwards.
-
Hey, I've attached a rule which meets your use case (kudos to curtisi for the rule). You can import it into your existing rule set & edit if required. Any questions let me know.
-
Hi Matt, This is typically what a root/cron logon looks like within LEM: You can add conditions to your correlation rules to exclude certain usernames, hostnames, etc. For example, you can add a condition to the 'Authentication Attempt - Default Account' rule to exclude events where the DectectionIP is not equal to the LEM…
-
Thanks for bringing this to our attention. The affected packages have been republished so if you synchronize with the catalog, the packages should no longer point to PackageBoot.
-
Hi Jeff, Have you tried using the https login instead of http? The format is https://<LEM-IP-ADDRESS>:8443
-
Hi Edwin - yes, are currently working on an update to the Mac agent as part of the next LEM release. Can you confirm which settings you need to change as part of the Security & Privacy Gateway policy? Jamie
-
Installing CatTools on a cluster is not currently supported. Do you want to install on a cluster for HA/DR? If so, you could run regular CatTools backups and replicate the \ProgramFiles(x86)\CatTools folder to ensure the backups are available should an issue arise with the primary CatTools server. Some information on…
-
There isn't any functionality in SEM to automatically pause all alerts. If there's some particularly noisy rules during vulnerability scans could you manually disable them during the scan, or even place them in Test Mode whereby the rule will trigger but actions won't be executed.
-
Hi Shane, Did you raise a support ticket regarding the issue? If so, can you please send me a DM with the Case ID? Thanks, Jamie
-
For anyone that didn't see the Hotfix 6 announcement, please update your LEM appliance to v6.3.1 Hotfix 6 in order to resolve the issues with connector updates failing.
-
As Marcos stated above, we are experiencing an issue with the automatic connector updates at the moment, but are working to get it resolved ASAP. In the meantime, connector updates can be applied manually by following the steps here. I'll provide an update once the automated connector process is back online.
-
Hi Jay, Can you confirm if you have configured your Fortigate device to send syslogs to LEM? The CSV file only contains events from Windows Security logs. You will need to send syslogs from the firewall to LEM. LEM can then capture events to show that someone logged onto the device & made a change (assuming your devices…
-
Sometimes this can happen if your appliance has been offline for a long period and the agents start transmitting data as soon as the appliance is back online. Is this a possibility? Can you confirm which versions you are running? We made some improvements to the temp partition as part of the latest LEM 6.6 release. In…
-
There aren't any known issues with Patch Managers Orion integration at the moment. I'd suggest raising a Tech Support ticket, they'll be able to examine debug logs and determine the root cause. If you can send me the Case ID once you've raised the ticket, I can track it internally.
-
Hi Nicholas, Have you tried using the Variations UI to amend the Cisco.Wireless.lan template? Under the 'Additional Commands' tab you can amend the Show Running Config field to match the command expected by your 5508.
-
Hi afiore, curtisi provided some information in this thread that may be helpful: Agent Cache Size I'm not aware of any specific internal events to capture the scenario mentioned in point #2, but I would certainly recommend keeping an eye on Internal Alert/Error/Exception/Warning if/when this happens again. If it happens…
