jrouviere ✭✭✭✭✭

This is likely where you'll find links to most of the articles relating to Report Writing and NTA: NTA reports - SolarWinds Worldwide, LLC. Help and Support Specifically, if you're looking for external stations, I'm assuming you mean remote locations which you may want to track through IP Groups, so here's an article on…

LEM alerts and reports off of the log data given it by a system. So really the question is: How would you tell they are using TOR in your environment? Do you have an application or device that logs when a certain application is run? Do you look out for specific ports they're using? Are you watching for specific domains?…

You should be able to do the same with Filters in LEM. If you edit the filter and scroll to the bottom where Notifications is (it's where Actions would be in rules): Configure event filter notifications in LEM - SolarWinds Worldwide, LLC. Help and Support

This issue is on the tip of my brain somewhere in the distant past, but I can't recall the specifics at the moment. One thing that comes to mind is if there are any dependencies that are not running (dependent services). Another thought is to check the subscriptions, or try re-creating the configuration file: Success…

Most likely you're going to be doing a custom SQL/SWQL alert. tomiannelli has a pertinent question, could suggest some basic query if we know how you've set up the monitoring.

Seconded for Agent based polling if you're having this issue, it should be using Free + Buffers + Cached for memory available.

I think you've largely got this answered, but wanted to provide some information for your question here. When I calculate a changed retention size I find that I have to save the change and then hit calculate to get updated information. I would stand by your estimation, but you will want to keep in mind that moving any…

Those are actually Orion services and have nothing to do with Patch Manager directly. If you have the Orion products installed on the same server, you will want to look into repairing those services. However, if this is a stand alone Patch Manager server and you are not purposefully trying to run the Orion products here…

One thing that takes a little getting used to for the custom SQL/SWQL alerts is that the initial SELECT statement is locked in as you've found, but one of the good things about SWQL is that the joins are basically baked in, so with a little bit of exploration you can typically get out the results you want, but stay…

It is possible that there are more than one way to do this, but using a virtual router I had in my GNS3 lab this is all I did: I added a DNS record for the device. You can test this by checking your DNS information for your "one working" device and see if there's a DNS record. Otherwise if they're the same make and model…

It's not impossible that you just don't have data back that far. To get some insight into that can you run an nDepth search for 1/1/2019 for the whole day? Does it return any results? If it does then it would point to a Reports Console issue, but if it doesn't then your data retention may not go that far back. You can…

I would definitely do this as a report, I've done something pretty close in the past: I used a Custom Table resource and the below SQL code: SELECT c.Application.Node.Caption as [Node], c.Application.Node.DetailsUrl as [_LinkFor_Node], c.Application.Node.Status as [_StatusFor_Node], c.Application.Node.ChildStatus as…

Here are some of my thoughts on this question, but if you're wanting to make configuration changes based on these answers I would confirm it with Support first: Licensing - Last I was aware, monitoring windows nodes via the syslog even forwarder isn't supported. That's what the agent is for. If you are able to get the data…

For disable networking, if it's a 64 bit machine you may want to review this: Disable Networking Action not working for 64bit in LEM rule - SolarWinds Worldwide, LLC. Help and Support For the process name, I'm not sure that the WebTrafficAudit event is going to have any process information relating to the browser to use in…

For me it looks like "Description" and "MachineType" pretty much have the same data, but there is a "NodeDescription" field that appears to have different data, do you mean to be searching that field?

Firstly you will want to make sure it's configured and started: SFTP/SCP server From there you're going to want to use an SFTP tool to connect to the host. It should be listening on the IP/Port specified, you will need to login if you've set up those accounts and then when you transfer files they will go to the SFTP root…

I wanted to reply as I had a shade of this similar issue which this post was able to help jog my memory. There is a way you can potentially find these and fix them in the UI if you're squeamish about going into the database or have a few (we had four instead of hundreds): I found these applications by checking the Unknown…

As Patch Manager hosts the third party content on the WSUS server, the client machines will need access to a WSUS server. In most configurations you wouldn't be able to use Update Management or the Update Management Wizard to handle updates with remote clients as Patch Manager would need WMI access to the remote clients.…

Not sure if there's an easier way to do it, but this is what I did (granted it's for looking for application templates, but you can do the same thing just pulling from the AssetInventory tables): SQL Query: SELECT DISTINCT IP_Address, Caption FROM Nodes Where NodeID not in (SELECT Nodes.NodeID FROM Nodes,…

I wanted to add that I had a similar experience as Jan, but I added lines for DNS and Sysname. I ran the script multiple times as is and it never so much as added the pollers, I removed the pollers section and had similar results. Finally, when I re-added the pollers section and the DNS and SysName sections which are in…

Hello Ahmed, These issues can take time to diagnose. If you're able to connect remotely with a Support representative they are likely to be able to help you in a more timely fashion. That being said, the first thing you will want to verify is resources: Plan your deployment - SolarWinds Worldwide, LLC. Help and Support If…

* You would need to create a connector per server, or create one connector and point it to a DNS name that would resolve for both hosts. * There is no way that I am aware of for the LEM to send to one host in some cases and then the other in another instance. For example, if you have two active response connectors set up…

My first thought is groups, you would need to create groups for each site, but it would only be one alert. Similar as this: Re: Nodes dependencies Basically you can set the group to use best status rollup so that both nodes need to be down for the group to go down and then alert on group status down.

I've not run into this issue before and I don't see it giving you an associated error code, so it could be just what it says. A few things you would want to triple check: * Date/Time on one of the clients with the error. Including time zone. * Date/Time on the WSUS/PAS all in one server. Including the time zone. * Beyond…

Those are definitely two options, but NTA should help you resolve this. For example, if you're already sending that data from F5 to NTA you might see the alert in this KB article: Not primary NPM node IP address - SolarWinds Worldwide, LLC. Help and Support If you do, you can follow this article to allow monitoring flow…

Two things: * LEM is specifically designed to run in an on-premises hyper visor (such as Hyper-V and VMWare) so it doesn't tend to play in the cloud space. * There aren't any existing connectors for those specific services. At the end of the day if you're able to get the log data to the LEM by writing it locally in your…

With SAM I would say just use a script monitor which you can pull that data into alerts directly. With NCM the Execute an NCM Action" alert action already does this, notes from the action itself: "Results of this action will be stored in the ${Notes} variable" With NPM there are some actions that will add to the alert…

SWQL Studio doesn't connect to the DB directly, but connects to the primary server or an APE. At first I was thinking check the service, firewall, etc, but then I noticed that. If you point it to one of your APEs you should get the same data, but that it's SolarWinds itself that's offering up the information through the…

That question is pretty broad, do you have a specific example of what you're looking for? I would say logon failures in a way. The LEM normalizes the data that is being generated by your system, so it's legitimate events, but you would see Inferred Incidents reported for multiple logon failures, say in 30 seconds, that may…

If the SFTP server is a Windows based server you should see the System, Application and Security logs by default. If it's a Linux based server, you will need to be sure you've configured connectors to read the logs: Linux agent is connected but not sending any events - SolarWinds Worldwide, LLC. Help and Support