Comments
-
I created two separate rules... on that handles the NewGroupMember event, and another that handles the DeleteGroupMember event. this seems to be working out. Thanks for all your help!
-
ok... that seems like a step closer, but now I dont know how to adjust the Action part. See the screen shot below.
-
WAIT! suddenly the alert is sort of working... just not showing the info that am looking for (same alert...why didnt it work before? maybe because "test" was checked? what does that do?) I recieved the following alerts after adding a user to a group, and them removing that membership a few seconds after adding it. first…
-
Let's go back to the beginning on this... When I use nDepth to look for the events associated with group membership changes, I put in the following filter: Auditable Group Events.DestinationAccount = SG-*_Support The results that show up look like this (redacted): There are two interesting thing to note here; the first…
-
I can probably make that work.
-
So I would have to build a filter for each business unit then? What is the easiest way to go about that? I am assuming that I can create all the filters beforehand, and then assign those filters out to various users? And on the topic of filters; before I had AD authentication working, I just logged on as the admin user. I…
-
I do see the event show up in the DC event log and also in the LEM console...the rule is not firing though as far as I can tell. I dont even see a failure event in the SolarWinds alerts filter. I activated the rule, the appliance clock is spot on, but I cant figure out what is wrong with the rule. thoughts?
-
Those are all great suggestions. I think part of the learning curve is just the fact that I don’t know what each object is. For example, you giving me a sample of what ProviderSID results in was really helpful.
-
Thanks for all your help! …Unfortunately, I don’t drink. As one of my coworkers says, “I feel bad for Kris… I know that when he comes to work in the morning, that’s the best he will feel all day!”
-
That is all definetly very useful to know. What do you mean by use the HA built in to the hypervisor? VMWare won’t be able to provide HA when I only have one appliance… is there some sort of “scale out” deployment method that I should be doing?
-
This alert isnt working... I performed a group membership change after configuring my domain account as the recipient of the alert, and never received the alert. I cant tell if the rule itself isnt firing, or if I'm just not getting the alert because of some sort of mail send error... where do I begin to diagnose this?
-
ok, well, now that I have the AD authentication working, how do I set things up so that UserA can log on and only see the nodes that belong to their business unit. We dont want the user to be able to make any modifications or anything (yet)...just view the logs/events for the machines that they "own".
-
Yep… that’s the point! What other apps use the FQDN? None. How does the update to 5.5 work? Is it additional licensing? A new appliance? Is there any documentation on what is changed/fixed/improved?
-
It looks like a reboot resolved this. Thanks for your help. On the subject of reboots, is there some sort of high availability configuration that I can do with appliances so that if I have to reboot an appliance, I don’t lose log and event collection/actions?
-
Very cool! Can I not use an distribution group in AD for this though instead of a contact that is stored in the virtual appliance? And where are the settings to configure the smtp server that it uses to send with?
-
I changed the filter to use AnyAlert.ProviderSID = NETLOGON*, and then I saw events that I was looking for. I configured a rule based on this as well, and sure enough, got an email. The email doesn’t have that much detail in it though (I used the Default email template).. I will have to mess with it so that I get all of…
-
Ok. I changed this… we will see how it goes!
-
The error stays if I refresh the search, and it does happen with every search. Sending a filter to nDepth does the same thing.
-
Super helpful! Thank you! Just a few things to go over though: When I try to select a user that should be a recipient of the emails, I actually want it to be a distribution group…how do I do that? Right now the only recipient option that it gives me is the local admin account which doesn’t have an email address. Also, what…
-
You’re right…that’s weird! What would you recommend setting the limits at initially?
-
I just test with FQDN\username, and it worked. But let’s be honest here; that kind of stinks! Is there a way to set it up so that the fqdn is not required?
-
I created a filter as you suggested, but none of the events are being captured in the filter, so I am confident that no alert will be generated either. I am kind of at a loss for what to do next...
-
Nicole- Thanks for the help! That worked great!
-
Unfortunately, it seems as if some things are still not quite right though: when I open Explore --> nDepth, a big red message appears that says Error:General:FATAL: no Vertica user name specified in startup packet What does that mean??? I seem to have lost the ability to look at historical data…
-
I opened my web console this morning, and suddenly it was prompting for a license agreement…it looks like it did the update sometime overnight, or a simple reboot of my pc fixed things. Thanks for your help!
-
Thank you so much for all your help on this. Unfortunately, I am REALLY new to Log and Event Manager. Can you give me the "for dummies" version of your instructions? I went to Build --> Groups and found the Alert Group "Auditable Group Events", but am confused on where to go from there. Do I edit the built in AlertGroup?…
-
below is a screen shot from windows for one of the events that I am looking to monitor for (sorry, but i still havnt figured out how to search for specific events in Log and Event Manager)
-
I am actually going to modify my dev environment in order to generate one of the alerts that I am looking for so that I can give you an example of something that I want to be alerted on. ...i'll be back with additional info. Thanks for your help!
-
Thank you! It looks like this shows me what I am looking for.
-
I can tell you that right now, I have done the following: - moved the virtual appliance to its own ESXi host - reduced the cpu resources from 2 sockets with 2 cores to 2 sockets with 1 core - left the memory resources at 8 GB With that configuration, and about 70 nodes being managed, I am seeing the following:…
