npatterson · IT Manager

Yes, I used Cisco DUO using authentication proxy with LDAPs. This only works with domain accounts,s not global accounts thought.

Wow, learn new stuff all the time flash is dead it lives on in adobe air. LEM is alive Sorry but useful none I can view the SolarWinds pre-defined grouped. I notice the group's solar wind ships with SEM have not been updated since 2008 I think we need to address this as 14 years are eons in security. I will send this a…

This would be captured on the firewall, not the endpoint for tracking URL history as each browser stores the history in a different location. The field in SEM is webtrafficaudit for the information your looking for. Make sure you have logging enabled on the firewall and have the right corresponding connection installed to…

You need to call support to deactivate the licenses and reissues as the unique ID does not match the issued licenses on SW.

First, if would check if you have the proper logging enabled on the DC check the security logs cover both Success and Failures as this is not typical. The best method I can do is follow the MS baseline setting for the version of windows as it gives the GPO settings for normal server and DC. This way you sure you are…

You can use the group predefined in the left sidebar and there is one for user creation. I do not see an option to create more groups than what is already provided. For each group, you can click the 3 dots and add a filter to that group specifically. There might be a option for importing filters via Json format but I have…

If that is the case failover clustering might be a better option than proper HA with same VM share across two nodes

Create ISCSI target storage so both nodes can access the cluster shared storage. That is the quickest solution I can come up with.

could be logged under DNS name not IP address check the dns name of the printer and select non-agent from the configure search bar

Check the event log of the source machine for more information it could be as simple as a mapped drive with admin credentials on the source machine but the event log of 10.0.0.221 it good place to start

I have a rule sent for this personally this is windows Security toolalias I have set for my DC node group eventype UserEnable you can filter more ou that was not possible for me I added users to disable security group and add the directory service group to SEM

try using the juniper virtual gateway connector unfortunately I do not have juniper you have to test thought,

This requires the PowerShell 5.0 connector installed and make sure the Microsoft-Windows-PowerShell/Operational is added using the process https://support.solarwinds.com/SuccessCenter/s/article/Configure-the-Print-Services-Connectors the event ID is 4104 if you are wondering. for mass deployment for endpoint I recommend…

Depending on the version of the Juniper what firmware are you using?

do you have auditing enabled on the file server for SMB success and failure make and check the event viewer of the file server to make sure it is not an authentication issue? is the share everyone accesses as SolarWinds is Linux based so Kerberos does not work all too well for a file share. 

under managed connector enable Aruba2930 select both raw and normalized make sure the log file for your class is set to local2.log try that let me know

Could you try setting up another ldap connection with secondary AD if you have one to make sure in not a LDAP profile issue you. You could look at logs via console but depending on traffic it would be very hard. under CMC goto appliance watchlog to see the authentication processes. check for failures.

are you using local account or LDAP\AD or SSO login?

I would check the audit log on M365 Applications to see if any failures. Goto Azure AD dashboard >> Enterprise Applications >> [whatever you name Solarwind apps As] goto sign-in logs on the left side select principal sign-in log check for any failures

Did you select the right connector what firmware version are you running on switches if 3 or high make sure Aruba 3x is used for the managed connector is enabled

You want to set syslog server not snmp string so you only to to list internal options or sem

what version is the connector and do you have auto-update connectors. I have version 9 of the connector and seems to be working fine for me.

I have an MX 100 in the dashboard under Syslog servers can be defined in the Dashboard from Network-wide > Configure > General. Enter the syslog of SEM Under SEM add configure and manage connectors add merkai MX connector you then can search via MerakiMX under tool alias to find all logs sent to SEM

I would like the ability to export rules configuration with reporting options this will allow for my customize reporting outside of the Security frameworks. Considering HTML 5 interface it should be easier to transfer from SEM platform in to report template than the CSV dump.

If you have the FIM enabled on the Node the FileAttributeChange event capture the event crossreference with the eventinfo ="*rename*" for when have is renamed.

Look through the connection Regex is does capture x-forwarded-for data in the ExtraneousInfo field of WebTrafficAudit event so you might not see it as it not readily apparent.

Honestly, I would start by doing a search in historical events for port 53 and add more conditions and search until the results are manageable this will point out which condition is messing up the results. It's time-consuming yes but you can match the create a Sus DNS entry and see what have it differs in SEM from normal…

this require a registry entry to work correctly https://support.solarwinds.com/SuccessCenter/s/article/Configure-the-Print-Services-Connectors?language=en_US SEM can not look into nested window event logs so it needs to be configured with the instruction above so it is not nested and it will be able to collect logs the log…

I check my instance of IIS and if your want to have x-forwarded-for this are not on my default and have to add this in IIS to appear in the logs. Add X-Forwarded-For column in IIS 8.5 and newer versions Custom logging became easier to configure with the IIS 8.5. Follow the steps below to add X-Forwarded-For column into IIS…

I have both 2022 and 2019 with no issues make sure the WMI in firewall inbound rules is enabled to work correctly. Make note if your public\private\domain in the scope of the rule