Comments
-
Darn, so it looks like there is no way to log when a file is opened and know for sure that the file was opened. I would settle for the "traverse folder" events but those don't even happen when folders are traversed most of the time.
-
That video was very helpful, thanks. By any chance can you demonstrate the "file read" auditing? I am having a very hard time finding a way to audit when a user actually opens a file because there is no way to accomplish this with regular windows file auditing, I can audit read permissions or read attributes but they show…
-
There is only one way that NONE and NOT ALL work in the english language. "N" = the total number of objects NONE means 0 out of "N" number of objects. NOT ALL means anything less than "N" number of objects If i had used "NOT ALL" here it would not work because there can never be more than 1 condition true in this condition…
-
Well I followed the instructions to update the connector package, the SSH console leads me to believe it was successful although I do not have the filter "InternalToolOnline" like the instructions say I should so I have no way of telling for certain if it worked. Needless to say, it did not fix anything with File Share…
-
So even though they are logging into a domain the domain controller does not log these interactive logons?
-
Yes if you read my question I have already done what is in that KB. Where are the instructions for using the LEM FIM connector?
-
There is no "not any" option, only "all", "any", "none" and "not all". This logic is pretty basic, unless I am missing something glaring at me I really think that something is wrong with the way Orion is checking triggers...
-
I have having the same "exception logged" problem except all I am trying to do is add a second recipient to an email alert that was already working. When I try to add the second recipient I get a popup error that says "exception logged" and now my alert has 0 recipients. The rule status is "ok"... So my alert is now not…
-
I know this doesn't directly answer your question but have you contemplated just using the ${VolumeSpaceAvailable} variable instead? It would give your alert better information as to how much space is left instead of just telling you it's less than the value you set.
-
You can use "Machine Type is equal to ______" options include "windows 2008 R2 server", "windows 7 workstation" etc. It should have every type of machine type that is in your environment listed as options.
-
If you are adding windows machines it's as simple as installing the agent on the machine. During the installation you enter the manager's name and at installation completion the agent will reach out to the manager and add itself. I haven't done much with syslog nodes yet but I'm pretty sure for those you just point the…
-
If you are logging these alerts to the NetPerfMon Event Log you should be able to sort through it and find out if certain alerts fired, but it could take a while... You could just test your current alerts to make sure they work by adjusting thresholds to force them to fire, then once you know all of your alerts are…
-
So after a bunch of troubleshooting I have the alert working now, but the way I had to get it to work is not very encouraging. I have determined that when you use "trigger the alert if NONE of these conditions exist", you cannot use more than 1 argument within that condition group or it will ignore the entire group. I…
