jhynds ✭✭✭✭✭

Have you tried using the out-of-the-box rule as a starting point? You would just need to add a condition to say UserLogin.SourceAccount = 'your admin group'. You would also need to remove the Log Off action and replace with the e-mail action.

Hi, we recently added an Export to CSV option on the Log Viewer page to export your log data/search results. It isn't currently possible to schedule an export or e-mail the CSV, but it may be a suitable workaround? For a scheduled report, what would you like to see? All syslog data over the last 24 hours or a filtered set?

Can you confirm which McAfee product you are referring to? LEM includes a support for a number of McAfee products.

This guide walks through the steps involved in deploying LEM on Hyper-V. Can you confirm which 'virtual machine' folder you selected from the extract LEM download?

There appears to be a setting you can adjust in auditd.conf that will replace the UIDs with the actual username. SEM will not automatically lookup the passed/group files, we will only parse the information contained within the log data. Under the FileExecute events, are the SourceAccount and SourceLogonID fields populated?…

You actually don't need to install anything, we can provide you with a Private AMI which you simply launch within your AWS Management Console. You'll just need to raise a Support Ticket and provide them with your AWS Account ID and which AWS region you would to deploy in. They can then share the AMI with you.

You can download the latest agent installers (mentioned by Justin above) and deploy on Server 2016 via the following links: - Windows Agent Installer - Windows Remote Agent Installer - Windows Remote Agent Uninstaller

Assuming it's an Oracle database that you need to collect logs from, there are a number of steps you need to follow on the Oracle side before configuring the LEM connectors. Please see the steps here: Success Center

Have you applied the message tracking connector to the SEM agent installed on your Exchange server? Can you also confirm that the path to the log file you need to ingest is C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking and the file is named MSGTRK.LOG?

Hi All! Moving away from flash is a top priority for LEM. Although I can't provide any timelines, I can assure you that we are continuing to work on the HTML5 Events Console. As per the What We're Working On page, moving away from Flash completely will definitely take time, but we are taking the first steps with the Events…

Hi benc175, As you mention above, the only way to view the LEM Console within Orion is via the external URL option. As you can see from the What We're Working On page, better integration with LEM & Orion is listed.

Would a report like this provide what you need, which shows OS Version and Build Number? If so, this is the predefined 'Computer System with OS Info' report under Configuration Management Reports.

Hey Bill - if there's logs being transmitted from the additional interfaces, they will appear in SEM based on the source IP of those logs. However, I'd recommend creating a support ticket as there are tweaks that can be made to the agent config files which *should* deal with the issue. 

Hi Rene, I'll reach out to you offline. I'd like to get a set Orion diagnostics so we can investigate and determine the root cause. Based on the above, it seems like it could be a problem with the date/time format, but we can confirm via Orion diags. Thanks, Jamie

Our LogBinder connect is designed to monitor LogBinder logs that are within the Windows Security log, not syslog. Could you configure LogBinder to output the logs to Windows Security and install the LEM agent on your LogBinder server? The connector should then correctly parse the events.

Hi Cassandra, Typically speaking, LEM receives logs from network devices via syslog on Port 514, using TCP/UDP. If you need advice on how to configure a particular device/LEM connector let me know.

Hi Rui, I'd recommend following the steps outlined under 'Configure your Patch Manager environment' here. Assuming you have machines reporting into your WSUS, the workflow will involve adding the WSUS Server to the Patch Manager console, setting up a credential ring, generating a publishing certificate, applying that cert…

Can you confirm that this issue is related to case number 00425046? Also, can you provide the messages per hour you are receiving when the service stops?

I'd recommend taking a look at this video - How to Troubleshoot Syslog Nodes in LEM. Around the one minute mark, it covers how to use the 'checklogs' command to verify if the logs are hitting the LEM appliance. Can you run that command and check the appropriate facility to validate that the logs are being received by LEM?…

This can most likely be resolved via an update to our Kerio connector. Would you mind raising a Tech Support ticket and passing the ticket number to me? Once we obtain a log sample which shows where the machine/client IP resides in the log line, we should be able to adjust our connector.

Can you confirm what facility (e.g. local1, local2, etc) the Synology device is transmitting logs to? Using the checklogs command you should be able to browse to that facility and validate that syslog from Synology is hitting the facility. Once you get that far, we can concentrate on getting the connector started to parse…

Provided the current connector is stopped, it shouldn't interfere with the connection to the R80.30. Can you confirm that you've followed all the steps listed here to configure the integration between SEM and the R80.30. Can you also confirm which version of SEM you are running? Checkpoint made some changes to their…

You will first need to validate that the logs are actually hitting the LEM appliance. You can view the steps involved in this video: How to Troubleshoot Syslog Nodes in SolarWinds Log & Event Manager - YouTube Did you specify a facility to log to within the rsyslog.conf? You will need to check that facility within LEM to…

Can you confirm where this data is coming from? Is looks like you are using the Event Forwarder to transmit Windows Event Logs to LM? Do the Chinese characters display ok from syslog devices such as firewalls or routers?

This issue is sometimes caused by Windows Events themselves. Can you pick a sample event from the Windows Security log in nDepth and compare it to the local event on the source machine - is the username populated within the Event Viewer? Having said that, there was a known bug with name resolution in some older versions of…

Firefox 60.3.0 ESR x64 packages are now available in the Patch Manager catalog. Apologies for the delay in getting these packages into our catalog. If you have any feedback or questions on the new packages, please let me know.

As the Cisco ISR series runs IOS, you can follow the steps listed here: Success Center

There aren't any known issues with deploying on ESX 6.5. Is it timing out when you go to deploy the template within vSphere or what exactly is happening?

Hi All - my name is Jamie Hynds, the Product Manager for this exciting new log management product! I'm looking forward to walking you through the product on the webinar later this week

Happy to announce that the Patch Manager catalog now includes Flash PPAPI installers. -Jamie