jhynds ✭✭✭✭✭

Thanks for the great feedback! Did you adjust the types of events you want to monitor via Extended Events? The 'Select Events to Capture' wizard works in a similar way to Profiler to allow you to customize which events you want to monitor. Your other comments should be addressable via an update to our SQL Connector. Would…

The easiest approach to create a ServiceNow ticket based on log data is via Log Manager for Orion (LM). LM includes the ability to generate an Orion alert and avail of all the Orion alert actions, including Create a ServiceNow Incident. If you already have Kiwi in place, you can set up a forwarding rule to forward certain…

That looks correct, but when you browse to those folders can you confirm that MSGTRK.LOG is the correct prefix? If so, raising a support ticket is the best route. They'll be able to review debug logs and determine why does logs aren't appearing in SEM.

LEM 6.4 does not include support for Elliptic Curve certificates. I have seen the Feature Request you've raised so if anyone would like to vote for EC cert support you can do so here.

If having your log data visible within SolarWinds is very convenient for you, Log Manager could certainly be a good fit. I'd love to chat to you for 30 minutes to discuss your environment size and whether Log Manager could handle the event load (LM's scalability is higher than the current Syslog/Trap viewers). I can also…

Hey, To add a visual to Nicole's response, your search query should look something like this: This query will show File Deletions excluding file names that contain tmp or ~

I'd like to clarify that Log Manager for Orion is an entirely separate product from LEM. Log Manager for Orion is a brand new product, developed from scratch, which provides a unified view of log data and performance data within the Orion console (when integrated with other modules such as NPM). This unification of…

Apologies for the typo! Can you send me your case number please?

This certainly isn't a known issue with 2019.4. I'd recommend raising a support ticket as they can review the agent logs to determine the possible root cause. 

There appears to be a setting you can adjust in auditd.conf that will replace the UIDs with the actual username. SEM will not automatically lookup the passed/group files, we will only parse the information contained within the log data. That setting could be set only for logoff events in your case. 

User Defined Groups is the best approach and you can view the steps to configure them here. You can create a group of 'in-scope' machine and then easily create rules/filters for those particular machines. For example, this rule would look for any userlogon failures on the machines within a particular group:

The scenario you describe is actually addressed by our Log Analyzer tool. It is an Orion module which offers tight integration with modules such as NPM, however it allows you to store your log data in a separate SQL database from Orion to alleviate the burden on the Orion database and allow for improved scale for log data.…

We are currently focused on performance and scale enhancements to Kiwi Syslog as well as several minor bug fixes. Is there any particular updates you'd like to see in the product?

You are correct, the LEM 6.6 Release Candidate was made available earlier this week. You can join the RC forum to gain some insight into what's included. The RC is fully supported and I'd encourage you to upgrade. Would love to hear your feedback!

Looking into it for you now and will drop you a note offline.

Yes Sir - the forwarding also works for Windows Events collected via the agent. The raw logs are forwarded as syslog (both RDC3164 and RFC 5424 are supported). There are a few steps involved to enable forwarding, which can be viewed here.

Thanks for flagging this issue with us. Glad to see that the download is now available in your portal.

Hey Sean - apologies for the delayed response. Thanks for flagging the issue with the download size, I'm looking into it now. I've been unable to reproduce the issue with Chrome and the default download going to 2.1.5. Can you trying clearing the cache in Chrome and trying the download again? I'm going to do some further…

Glad you like the PoSH addition! Currently, there is not an option within the Credential Ring to specify an account for executing PowerShell scripts. Local scripts run under the account which starts Patch Manager. Remote scripts use the credentials specified within the Credential Ring for the particular client machine (if…

Glad to hear your upgrade went well and you're enjoying the new interface! I understand the frustration that it is separate from the rest of LEM, however we are working on additional functionality within the new HTML5 console to reduce the dependency on the older LEM console.

Hi Wayne - can you please confirm which version of Patch Manager you are running?

Hi David - are you using one of the 'upgrade' packages? Can you confirm which version of Patch Manager you are running?

Hi Wayne - DameWare MRC 12.0.5 has been added to the catalog. Apologies for the delay.

PM sent David.

Hi David - can you confirm which product you are referring to?

Hi Wayne, sorry to hear you're having issues. Looking into the packages for you to confirm if there's any issues with the applicability rules. Will get back to you shortly. 

Apologies for the confusion. The MRC service installers are not included in the Patch Manager catalog, however you could create custom packages in Patch Manager to deploy the msi. Please see here for information on creating packages in Patch Manager.

Hi All, We have added support for Wireshark to the Patch Manager catalog. Versions 2.2.1 - 2.2.7 are now available. There are fresh install and upgrade packages available, as well as 32-bit and 64-bit editions. Please note that it is not possible to install WinPcap via Patch Manager, as WinPcap does not support silent…

Hi Wayne - Dameware MRC v12.0.4 should appear in your Patch Manager catalog. Can you kick off a synchronization and let me know if it's not appearing? When applying the Dameware MRC updates, make sure you select the appropriate version for your Dameware installation - Centralized or Standard.

Hi Steve - this update is now in the catalog. Apologies for the delay.