jhynds ✭✭✭✭✭

If you are running the 6.7 agent, you can safely delete the \jre6.3.1.hotfix directory. This directory is not used by the latest agent and is likely there as a result of an auto-upgrade, but no longer used. The 6.7 agent leverages OpenJDK and does not require Oracle Java. Can you remove the directory, re-run the Nessus…

Correlation rules & nDepth searches work differently - rules work on multiple events but nDepth queries only work off single shared events. I can see that you have UDPBombDenial & CoreAccess events in order for your rule to fire. You will need to determine what the main trigger is, which is likely the CoreAccess event. You…

Sorry to hear your upgrade didn't go as smoothly as it should. This certainly isn't expected behaviour and we have received no other reports of this issue. Would you mind gathering a set of debug logs and sending to me via direct message? I'd be more than happy to take a look for any pointers as to why the e-mail connector…

Hi Larry - Glad to hear you got the SNMP up & running ok. Apologies, I just realized the original template monitors all 54 processes & some of these may not be applicable. For example, the opsec processes you mentioned are related to Checkpoint log collection. I have updated the template above to only monitor 8 processes…

I'd need to see the full screenshot of the 'Send EMail Message' box, but it sounds like you don't have the fields populated within that box in the rule config. Have a look at this video & it walks you through how to populate the fields correctly: Solarwinds Log and Event Manager - Resolving E-mails With No Information -…

Ok gotcha - can you try restarting the LEM VM. Sometimes I've seen that a reboot can help after changing the network settings. Can you SSH on port 32022? Can you try https on the web browser? https://'lem-ip'address':8443

Kiwi Syslog Server v9.6.5 is available for download in your customer portal for customers under active maintenance. This release can run on TLS 1.2 only. If you are not a Kiwi Syslog user yet, you can download new version from www.kiwisyslog.com now! Additional details about this release can be found in the release notes.

Hi Edwin - there is currently an issue with the LEM agent installer on macOS Sierra. As a workaround, do you have the agent installed on a previous version of macOS? You could copy the ContegoSPOP folder from an older version of macOS to Sierra - this will bypass the need for the installer.

That's a strange one alright. Could you try running the 'sqllocaldb i'command via the SQLLocalDB.exe utility. It should be located in your SQL install path, e.g. C:\Program Files\Microsoft SQL Server\130\Tools\Binn\SqlLocalDB.exe

Yes - both Server 2016 & SQL 2016 are supported by Patch Manager v.2.1.4 If you are still experiencing issues after you upgrade to the latest version of Patch Manager, please re-open your support case & let me know. Thanks, Jamie

You'll need to configure ePO to send SNMP Traps to LEM and then configure LEM to receive those traps. You can view the steps here: Integrate McAfee ePolicy Orchestrator (ePO) with SolarWinds LEM - SolarWinds Worldwide, LLC. Help and Support Any problems let me know!

Ok cool. Can you edit the correlation rule to look like this - i.e. add the Provider *USB* condition and also adjust the response window to 5 minutes? Can you also make sure to click Activate Rules on the main Build - Rules page?

Hi Mike, If the logs aren't reaching the LEM appliance, it is generally down to an issue with the source device or something blocking the connection between the Nexus & LEM. The connectors won't pick up any new log sources if the facility is empty. Could you try running a Wireshark between the Nexus & LEM server on port…

Can you send me the Case number please? Thanks!

Yes, Orion Alert integration is included in both versions of Log Manager, so you can trigger alerts/notifications based on syslog/traps. The full version currently includes features such as tagging/tag filtering, charting, live mode and 'Analyze Logs' from the Node Details page, not to mention other exciting features we…

Are you running the 'Patch Manager full package' installer on your Orion Server? When the installer loads you should see an option to update the web console? Can you provide a screenshot so I can confirm which option you need to select in order to upgrade your web console? Worth noting that you should upgrade your other…

Hey Will! In short, it is all or nothing. Once you hit the license limit any additional logs will be discarded. I totally understand the desire to split the functionality depending on log sources but it would get complex very quickly and could get very confusing, e.g. log messages containing keywords that you want to tag,…

Hi! In order to assist with the database and Orion Server sizing, we would need some information on the volume of log data you expect to transmit to Log Manager. Do you have any indication as to the Events Per Second (or day) you expect the 7,300 nodes to generate? It may be possible to locate the Log Manager database on…

While LM does not natively support log4j logs, it seems that it may be possible to transmit these logs as syslog to LM via the SyslogAppender included with log4j. This PaperTrail KB article walks through the steps involved: Java log4j logging · Papertrail log management If you'd like to spin up a Log Manager instance and…

Yes! LEM 6.4 shipped last June and includes improved support for SMB. LEM 6.5 is the latest version, so I recommend updating to that version.

I'll send you a DM. It is possible to provide a quote for >1,000 nodes, provided you stay within the scalability limits of Log Manager.

Absolutely - will be happy to touch on the differences during the webinar On that topic, for anyone who is interested in attending the webinar, but has yet to register you can do so here.

The connector is available under all the connectors available to your LEM agents. If you need any help with the connector just let me know.

We are currently working on moving the nDepth functionality from Flash to HTML5. Would love to get your thoughts on some design options we're working through and also understand how you use nDepth today. Will drop you a DM to setup some time to chat if you're willing.

SEM is the product formerly known as LEM, they are not two separate products. In order to upgrade to the latest version of SEM, you can follow the steps listed in the Upgrade Guide. If you are running SEM 6.4 or greater you can upgrade direction to v6.7. If not, you'll need to upgrade to v6.4 and then to v6.7.

Thanks Andrew - will reach out to you shortly.

Thanks for the additional info. Can you run the agent installer as an Administrator? Also, can you confirm if the OS language is set to English? If it's not English, that may be causing an issue too.

The appliance can be found under 'All Release Downloads' on your Customer Portal: If you are upgrading your appliance, I'd recommend using the ISO within 'Upgrade Downloads':

If you are transmitting the logs to LEM it is possible to export the raw log sample via one the CMC commands. Could you raise a Support ticket and send me the Case ID? Once we have the log sample we can determine if adjustments can be made to our parser in order to capture the https connections.

Received the file - thanks Peter! Will get your Thwack points awarded later today.