jhynds ✭✭✭✭✭

Good stuff - glad you got sorted!

Can you confirm what happened when you tried to start up the VM? Did you get an error message?

Perfect - if you can let me know how it goes, that'd be great. Just to make sure to synchronise with the catalog to ensure you've got the revised package and delete the old package on your WSUS prior to publishing the revised package. Thanks for bearing with us!

When the rule triggers I assume you can see a corresponding 'InternalRuleFilred' event within the Rule Activity filter in the Monitor section? If you then click on the rule in question & then Explore -> Event, this should show you the events that caused that rule to trigger. Using the UserLogonFailure rule above as an…

I've never actually implemented that regedit myself. Leaving LEM aside, can you confirm that the 2013 Event ID is actually triggering and appearing within the Windows Event Viewer? (Obviously if the event isn't being generated, then LEM con't be able to capture the event & alert accordingly).

We have tried to reproduce the issue but both the .exe and .msi are working fine in our lab. Can you confirm what checksum you are seeing so we can validate that it matches what we expect?

Hi Damien - if you could pull the logs and send the logs to us, it would be greatly appreciated!

Glad to hear you got sorted

Hey - can you post a screenshot of the correlation rule & I'll take a look? Also - did you manage to check the if the 'Activate Rules' button is highlight under Build - Rules?

Thanks. Would you mind also providing a screenshot from your SQL Server to show exactly which version you are running? Steps available here.

Sounds good. If you need any help just let me know.

Could you please post a screenshot of the rule configuration?

Hi Edwin, Thanks for the update regarding the Gatekeeper settings. Unfortunately we aren't in a position to share an updated Mac client at the moment, but I'll be sure to keep you in the loop on progress. Jamie

Hi Shaun, So you've configured the IP address etc on the LEM VM (deployed via the template). Can you access the LEM web console from a web browser, using the IP address you set on the VM? There is no LEM Reports agent - it's an exe you install on a Windows Server. When you say LEM Reporting Server - are you reffering to…

Hi Mike - yes, I'll ensure that customers are notified via channels such as Thwack and the Customer Portal.

I would recommend raising a support ticket. Depending on when the issue arose, there may be some information within the LEM appliance and agent logs which could help in determining the root cause. Support will likely ask you for debug logs, you can gain a head-start by following this article to gather the logs.

PM sent Jay.

Hi Larry, Jamie here - LEM Product Manager. We added support for SNMP monitoring of the LEM appliance in the latest release (v6.3.1) - you can view the release notes here. You can view the steps involved in configuring SNMP on the LEM appliance here. When you add the node into SAM you can monitor metrics on the LEM…

Hi Adeline, The LEM admin guide provides information on the out-of-box LEM reports on pages 538-582. While we don't have a similar listing for the rules, you can view them (along with a description for each rule) within the rules section of the LEM Demo. LEM includes a wide range of rules including categories such as…

Could you send me a screenshot of your filter conditions? UserLogoff.LogonType = *remote* should work:

Out of curiosity, how many syslog would you typically collect over 24 hours? What would be a reasonable limit for you on the number of rows on a 24 hour syslog report? Yes, in order to avail of the Export to CSV feature, you'll need to upgrade to 2.0. More information on the release available here. Would love to get your…

Do you have ePolicy Orchestrator deployed to manage Virus Scan Enterprise? If so, there is an ePO connector available: Integrate McAfee ePolicy Orchestrator (ePO) with SolarWinds LEM - SolarWinds Worldwide, LLC. Help and Support

Hi Dave, As part of the Patch Manager installation, you are asked if you want to supply your own WSUS Server or configure a new WSUS. If you don't have an existing WSUS configured, Patch Manager will install the WSUS Server Role as part of the installation so you can configure both at the same time. Once the installation…

David's response above is accurate. If there's any other questions you have, just let me know.

Thanks for confirming Mohammad. One of our Sales Engineers is going to reach out to you (if they haven't been in touch already) to take a look at the logs and work through the parser update with you. Any issues let me know.

When you connect a USB Device to one of the LEM agent nodes - can you see that event within the LEM Console? The event should appear in the Monitor section under IT Operations > System Events: If the event is not appearing - that would be the cause of the rule not triggering & it could be an issue with the USB Defender.

Thanks for checking. We have seen characters been displayed correcting using the Windows Event Log Forwarder, so it may be an issue with the Kiwi Syslog Generator. I will investigate further and report back to you.

Correct - it is not possible to preserve the original severity. When logs are forwarded they will include the severity specified in the log forwarding settings in LEM. I'll raise a Feature Request for the ability to preserve the severity.

Yes, if you can't attend the webinar, just make sure you have registered. You will then get a follow up e-mail with a link to the recording

Yes - SQL Server 2016 is also supported in v2.1.4 The download should be included in your Customer Portal. If not, let me know.