phil3

Hi, Marc. Are you using a licensed or eval version of Patch Manager? If you're using an eval version, you only have access to limited catalog of third-party updated. For additional information, see SolarWinds Knowledge Base :: Getting Started with Your SolarWinds Patch Manager (previously EminentWare 3rd Party Updates)…

Hi, there. The domain is required for AD authentication. That's what defines the user as an AD user as opposed to a local LEM user. To change whether you have to enter domain.com\username or domain\username, edit the setting in the Directory Service Query Tool connector. Let me know if you have any other questions. Thanks.…

Hello again, Quang. It looks like this one's going to be a "Yes, but..." kind of answer. :) You basically have two databases available to you with LEM: one for alert, or "normalized," data, and one for original, or "raw," log messages. The former is used for your filters and rules, and is also available for reporting and…

Thanks for the question. Now I have one of my own: Did you upgrade your 4.5.2 SIM appliance to 5.3.1 and then migrate its settings to your LEM appliance, or do you have two functional appliances on different versions? The first option will get you what you're looking for. Trying to export and import groups between…

Hi, tagathzg. Thanks for all your thoughtful questions. Here's what I know... I am interested if LEM can log application events from IIS, DHCP Windows, MS SQL server and Oracle Audit? The quick answer is "Yes." We have connectors for all of those items, and you can find a comprehensive list of our supported data sources…

Hi, Darryl. There isn't really a list of parameters for email templates, as the parameters are really just placeholders for dynamic text from your alerts. For example, I could call a parameter "TGIF" and map that to any alert field from my rule. That said, I think this is the blog post you're referring to:…

Hi, there. This is a good point of clarification. You only need the one connector (tool) on the appliance to cover both of the devices. You'll be able to know what device any given alert came from by looking at the IP addresses. Thanks for the heads up. I'll work on getting this into the documentation somehow.

Have you tried installing a LEM Agent on the DB server? If you do that, you should be able to configure the Forefront Security SQL Database tool on that Agent and it will send the normalized alerts from your DB server to the LEM Manager.

Hi, John. The 1.73 installer is a full-product installer, so you can technically use it to upgrade any version of Patch Manager/EminentWare Extension Pack. However, we have only tested the upgrade for version v1.71.210.1 and higher. Let us know if you have any other questions. Phil

Hi, there. Have you tried the auditd connector? That level of auditing is not turned on by default in Linux, so you might have to check out your Linux man pages to set that up, but the connector should pick that stuff up once you have it logging on the Linux side. If you don't already have the sudo connector configured,…

Hi, there. The reason your filter is working that way is because that resource cannot be filtered by Volume or SAM properties. You can only filter that resource by the following entities: * EOC.Alert2 * EOC.Node * EOC.Node.CustomProperty (what you're currently using) * EOC.Orion Source:…

Hi, Mark. I think these two KBs will help: How many days of live data will the LEM database store? How to Configure Backups on Your LEM Appliance With regard to your extended VM disk, the appliance will use whatever it can whenever it needs it. I think with the backups in place, you'll definitely be able to meet your…

Hello again, Steve. Use the machine name of your servers, surrounded by asterisks. The asterisks serve as wildcard characters so you don't have to enter the FQDN. If you find that the alerts needed for your rules/filters/etc. reflect IP addresses instead of machine names, you might consider cloning the group and having one…

Hi, Jake. Welcome to thwack! I can think of two things to check: * Confirm that the computers that are missing from you WSUS computer groups are configured appropriately to receive updates from your WSUS server. This is a group policy setting under \Computer Configuration\Administrative Templates\Windows Components\Windows…

Do all of the servers have the same level of file auditing enabled in Windows? We have a KB with recommendations if you're interested: [LEM] Audit Policy and Best Practice. If this doesn't help, perhaps you could post the entire search parameters. You can switch your search input mode to "Text" using the toggle on the left…

Hi, liufisky. The Explorer Command Agent is the agent LEM uses to execute commands from the Explorer utilities in the console. These utilities include WhoIs, NSLookup, and Traceroute. If you don't set an agent here, LEM won't be able to run those commands from the console. By default, LEM tries to use the first 4.6+ agent…

Hi, Espen. That is actually part of the basic functionality of EOC. The idea is to give you a consolidated overview of all of your SolarWinds servers, and then to allow you to drill down to specific nodes on specific servers if you need to. Someone else on the forum might be able to provide some of the best practices and…

Hey, Mark. Most everyone's gone for the weekend, so you might not get a detailed response until Monday. In the meantime, if you want to check out the documentation, see "PackageBoot" starting on pg. 22 of the following document: http://www.solarwinds.com/documentation/patchman/docs/PatchManagerLocalPublishingAdminGuide.pdf…

Hi, there. It sounds like this is eventually going to be a Support call, but before you open a ticket, please turn on logging in your scheduled task, and wait for the task to fail one more time. When it fails, open a ticket and be prepared to supply the latest version of the log file. To turn on logging in your scheduled…

That's good to hear! To answer your question, we have connectors for the MS Exchange Application and Event logs. As long as you have logging turned on in Exchange, all you'd need to do is install a LEM Agent on the server and configure those two connectors. Let me know if you have any other questions. Thanks.

Hi, Andrew. The easiest way to get what you're looking for is to: * Send the default Incidents filter to nDepth as a query * Adjust the timeframe to something appropriate for your purposes (Last day, for example) * Save the query for future use Then, you can run the query every day and export it as an on-demand report.…

Hello again. I did some digging, and it looks like the easy answer is, if Windows logs the event twice (whether on the same computer or different computers), you're going to see two alerts for it. And, oftentimes, this is going to directly affect your rules. That said, if all you're looking for from your rule at this point…

Hi, byrona. First, let me say that we are still in the process of updating and enhancing the LEM documentation, so much of the documentation you're looking for today will be available in the future if it's not already. That said, here's what I can say about each of your questions: Setting up additional appliances…

Hi there. Someone might have already suggested this, but, as an interim solution, you can set your IT users up as "Monitor" users in the LEM Console and modify their filter set according to what you do and don't want them to see. For more information, check out the following KB article: Modifying Filters for "Monitor"…

Hi, Quang. That functionality is not currently available, but it's on the list for future releases. Initially, the web console (which is slated for the next major release) will allow each LEM Console user to access his own filters from any computer. The web console also opens up the possibility of sharing filters across…

Hi, Todd. Thanks for the post. Hopefully I understand your issues correctly: * You were unable to uninstall agents that were running an earlier version of the agent (presumably 4.6), but you were able to upgrade them to the latest version (5.3.1). After upgrading the agents, you were unable to get them to connect to your…

Thanks for putting the call out there to others that might have a similar need. In the meantime, you can enable your LEM appliance to store original log messages so that you'll at least have everything in one spot. Plus, once your original logs are on the appliance, you can view and search the logs using the nDepth utility…

Hi, Todd. This looks like a database issue, so we might need to look at some logs to get it figured out. Can you open a ticket and reply back here when you have a ticket number, and then again once you have a resolution? Thanks. Phil

Hi, Quang. I'm not sure we have exactly what you're asking for in your post, but I'm interested to know more about the exact problem you're trying to solve. With that additional information, we'll probably be able to get you what you're looking for. Thanks.

Hi, Chris. First of all, which filter(s) are you using to view these events? Are you just looking at the All Alerts filter right now, or have you created one for those ESXi hosts? In either case, you can add a line to the filter logic to omit these superfluous events. Just identify something special about the alert…