phil3

I hope some customers will chime in here with their experiences, but I'd just like to offer that the process looks something like this: * Decide what you want to monitor with LEM. For example, let's say a Cisco PIX firewall. * Configure the firewall to syslog to LEM. * Open the LEM console and go to Manage > Appliances. *…

Hello again. I spoke with one of the developers, and he said your best bet for resolution is to open a Support ticket. There are several things that could be causing this issue, so we'll have to take a look at your logs to determine the correct fix. Thanks. 

Hi, Troy. Is this related to the OP's issue? If not, we can move this post to its own thread. I'll check with Dev to see if they have any recommendations for this error. Thanks.

is right. Here's a KB article for that resolution: SolarWinds Knowledge Base :: Apply Microsoft updates for WSUS to your Patch Manager servers as well.

Hi, Dean. Have you tried the troubleshooting steps in this KB article? SolarWinds Knowledge Base :: Troubleshooting Network Devices Logging to LEM Let us know whether or not that helps. Thanks. Phil

Hi, Steve. The big thing to be aware of here is that the alerts/alert groups in your Actions area need to match the alerts/alert groups in your Correlations area. The default settings for the rule you mentioned serve as a good example of this. As long as these alerts/alert groups match, you should not get the error you…

Hello again. I just modified the document referenced in your post so that it's more searchable in our Knowledge Base. The entire document will probably be very useful to you as you optimize your LEM implementation, but I've also embedded an anchor in it to the section you're particularly interested in. Here's the entire…

Hi, there. If you're pushing the LEM Agent to computers that are already on your network, there currently isn't a way to do this. On the other hand, if you have computers that you haven't deployed yet, you can install the LEM Agent on your Windows image, which could specify tool profile membership. If by some chance that's…

Hi, Jake. Check out this KB article to get historical information for these clients: How to configure Inventory tasks to populate Patch Manager reports. If there's another part of your issue that I'm missing, please let me know. I'm fairly new to this product too. :) Thanks. Phil

Hi, liufisky. This isn't exactly what you're asking for, but one of the shortcomings that we've recognized in accessing the CLI from vSphere, etc. is that it doesn't allow scrollback. The workaround (and preferred method for accessing the CLI, really) is to connect to your appliance with an SSH client. Here's a KB article…

Hello again. The main thing you'll want to check here is the settings in the Firewall filter compared to the settings in your firewall connector. The default Firewall filter is based on the logic: Any Alert.ToolAlias = *firewall*, so if the Alias in your connector doesn't contain the word, "firewall," the default Firewall…

Hi, Mark. Did you do anything with the Re-Infer TOT checkbox on the Set Advanced Thresholds window in Rule Creation? Thanks in advance for the clarification. Phil

Hi, Eoin. I expect someone else will weigh in to answer your specific questions, but as a point of clarification, I thought I'd point you (and future users) to the current link for the deployment guide: http://www.solarwinds.com/documentation/patchman/docs/PatchManagerDeploymentGuide.pdf. At the moment, the content in both…

Hi, ak00. You need an EXE to call the CMD file. There are also a few other typos your XML. Here's a corrected example using CMD.EXE to call the CMD file: <program type="exe" <span style="background:yellow;">operation (typeaction)</span>="runandwait" name=<span style="background:yellow;">"DoThis.cmd (cmd.exe)"</span>…

Hi, Cheryl. It sounds like what you'll want to do is figure out what existing resources you want your manager to see, and then create a view with a filtered version of those resources so he only sees the nodes he's interested in. After you figure out what resources you want to use: * In the EOC web console, click Settings.…

Hello again. First, let me clarify what you mean by "group." If by that you mean Tool Profile, you would set the tool up just like you would for a single LEM Agent, only you would do it at the profile level. Here's a KB on how to set up the tool: Configuring the USB Defender Local Policy Tool. The ... button you see next…

Good morning. I just wrote a new KB to answer your question. Check it out here and let us know if you have any additional questions about this process. Thanks.

Hey, there. Check out the following KB article: SolarWinds Knowledge Base :: Apply Microsoft updates for WSUS to your Patch Manager servers as well. The basic gist is that all components in your publishing environment (WSUS servers, Patch Manager servers, WSUS consoles, etc.) have to be running the same exact version for…

Hi, aca5tle. We have a NATO5 rule called "User Account Lockout (Updated)" that you can configure to send you an email anytime a user locks himself out. You can also use the same logic to create a filter or nDepth search: UserDisable.EventInfo = *Account Lock* If you're not too familiar with LEM, here are some additional…

Hi, Curtis. It sounds like you might be sending logs from different types of Cisco devices to the same local facility on your LEM Manager. Check your connectors, and if that's the case, try changing the logging facility on one or more of your devices/types. The best practice (especially with Cisco devices) is to put logs…

Hi, Mark. Would you please check a few things for me and let me know what you find? * Double-check the ExportDest value in each of the INI files in C:\Program Files\SolarWinds Log and Event Manager Reports\SchedINI. This value should match your desired export destination, and the user you assign in Task Scheduler to export…

Hi, Darryl. The only settings that are stored locally with the LEM Console are your custom filters and saved nDepth searches. So, unless you have a lot of either of those, moving the Console should be as easy as installing it somewhere else. If you have some custom filters you want to move as well, there is an Export…

I think what you're looking for is: %USERPROFILE%\AppData\LocalLow\Apple Computer\QuickTime\QuickTime.qtp Source: Environment variable - Wikipedia, the free encyclopedia HTH Phil

Hi, Bert. This is a doc we're trying to perfect at the moment - we've had mixed results with customers. If you can open a Support case, that would be great. That way, someone on our side can walk you through the process and try to pinpoint exactly what's missing from the doc. If you can't open a ticket (i.e. you're…

Hi, Aaron. Provided the computers that have the LEM Agent installed have network access to the LEM Manager (i.e. no firewall in the way), the Agents should connect automatically. The LEM Agent for Windows has three tools configured by default, so you should start getting alerts for these resources immediately: Windows…

Hey, Byron. When the LEM eval license expires, it stops collecting and processing data. In other words, if you have a device logging to the LEM appliance, its data won't get normalized and you won't see it in the console. Similarly, if you have normalized data coming to the LEM appliance from an agent, the data won't get…

Hi, sparkey. When you get the nDepth search results, do they include the types of alerts you're looking for? If not, it might be that your firewall doesn't log that level of detail. Another (perhaps easier) way to see this data is to use the default Firewall filter on the Monitor tab. If your tool alias contains "FW"…

Hello again. You'd use similar logic to what you used in your other rule; only this time, use the "UserEnable" alert. Take a look at one of these alerts in your environment (disable and re-enable a test account, for example) to see what fields/values might be of most help to you. You may or may not be able to differentiate…

Hi, Quang. Agents are used to monitor events that are logged by the computers on which they are installed. Local events such as logons and logoffs, as well as certain change management events like software installs and changes to local policy are the types of events collected by LEM Agents. Once in place, the LEM Agent is…

Hi, there. It looks like the first exe line is not enabled. <program type="exe"typeaction="runandwait"name="uninstall_flash_player_32bit.exe"successcode="0"failureaction="stop"enabled="false">-uninstall</program> To fix this issue: * Change enabled="false" to True. * Republish the package with Delete existing… selected. *…