Comments
-
This would be very helpful at managing LEM storage and I assume this setting could be set at the Appliance Policies page for each event or event group.
-
That's a nice development, appreciate your answer. However I think that also having an automated filling of UDG fields into more than one (selectable) fields, makes for a great feature, as we would be able to select various types of information from various events and event groups, which enables to present/export straight…
-
This can be done already. Although you may not be able to select the folder from the browse button in Reports UI, when setting up a task you only need to edit the RPTxxxxx.ini file and replace the line ExportDest=C:\location with ExportDest=\\server\share The user running the scheduled task, needs to have write access to…
-
I second this request. Reporting the normalized data from LEM is an uphill task and it is made more difficult with confusing UI in LEM Reports
-
This is a great suggestion.
-
Bumping an old feature request, but this is so important and necessary. Please implement this in 6.4 We need it when filtering out the noise that comes out from tons of open MS Office files in File server.
-
I'd like to add that if ever developed, the connector should report only the URLs from address bar, and not the reference links within the pages you visit. E.g. a website also have social media buttons embedded, analytics and other third party resources loaded on to the site, we don't need to have them. The objective is to…
-
Connection Event logs from Cisco FirePower are an absolute must. The WebTrafficAudit event misses a lot of traffic.
-
Sounds like it went well. I am curious if you've gone with the ISO image mount or through a network share ?
-
Apologies for misunderstanding. I was referring to the version of Windows SEM Agent that is to be deployed, in order to address the memory leak issue. I should have included a larger printscreen, (though the download size in my printscreen is an indication of small download size, compared to appliance) Thanks.
-
Hi curtisi it was actually aqudoos question, so I'd like to have more information, as it seems per OP that you may detect potential attacks with these SIDs. Thanks.
-
Sorry for bumping this old thread. It seems like this feature does not work anymore. I am on 6.3.1 HF5 and am unable to import CSV lists into User Defined Groups I followed instructions form your post and I get this error Has anyone got this feature working ? Edit: I found that this feature now works only with .txt files…
-
Can you clarify what you mean by Extended Events instead of SQL Profiler ? If that means we get some sort of native MSSQL log collection by the LEM agent, and remove the dependency of MSSQL Auditor (which does not work on SQL Server 2017) then I am all for it.
-
Those rules were helpful. And how would one go about suppressing/discarding these alerts from showing under the Incidents window ? Do I need to create a new action or need to use one from Solarwinds (although none seemed to have anything related to supressing/discarding)
-
This name change was just cosmetic. I think SEM should've been used for a major point release, like SEM 7.0
-
We also track the TSQL statements and are in process of upgrading so MSSQL Auditor support for MSSQL 2017 is vital. At least let us know if this is something that is in the process of being worked on ?
-
I don't know how could one get raw logs from ASA/FirePower, but would a screenshot with relevant details be of any help ? Thanks
-
Great post mesverrum, thanks for sharing. I would also add that a good starting point would be to make the classification based on a list like Audit Policies and Best Practices for LEM - SolarWinds Worldwide, LLC. Help and Support We reduced it further by fine-tuning the rules, correlation, correlation time and applying…
-
Which windows download is for VM based SEM appliances ? Thanks
-
That was correct. The bad thing is that upon uninstall/reinstall of local desktop console, you have to go all over the Scheduled Searches and add the schedule again. Importing them does does not save their scheduled run time too.
-
On this feature request, it says it is implemented. By suggesting us to use SQL Extended Events and marking the above request as implemented, is this an indication that MSSQL Auditor will not be supported anymore ? The most common events I need tracking are the ones related to: * admin actions from SQL Server Mgmt Studio,…
-
I have the same exact issue. It is quite surprising that a simple regex like *$* is not parsed by LEM. I am trying to build a Files Deleted nDepth filter, and while I have narrowed it pretty well by using the SolarWinds FIM connector, it is infuriating when you see temporary open files that have ~$ characters at start of…
-
Thank you, Although I installed MSSQL Auditor and selected its template as default in SQL Profiler 2012, I still don't receive any of SQL statements/scripts when they're executed from DBA. Are there any particular events within Solarwinds MSSQL profiler template, that needs selecting in order to collect admin logs and…
-
I encountered the same problem recently on a new server which runs on Windows Server 2016 and MSSQL 2017. It seems like MSSQL Auditor still does not support MSSQL 2017, which is surprising, given how long it is around MS SQL Auditor for MS SQL 2017
-
Can you expand on this please ? I would like to know how to deal with the SIDs list that you refer to.
-
I see under the Customer Portal, there are few 6.6.0 Beta versions. What are the features being worked on this version, are there any plans so in near future a stable 6.6.0 is released ?
-
Are there plans to release next versions like 6.6, or maybe there's already work being done on major release of LEM 7. Also in 6.5 release notes SolarWinds Log & Event Manager (LEM) 6.5 Release Notes - SolarWinds Worldwide, LLC. Help and Support, there's a reference to 6.5 hotfix 1, but there's no link to it or a product…
-
I ended up using this logon script and the tips in this KB article Run the LEM Local Agent Installer non-interactively - SolarWinds Worldwide, LLC. Help and Support The good thing is that by combining those you also get to update the agents on the nodes. @echo off :CheckOS IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE…
-
How do you configure the LEM manager IP/hostname during this silent batch script deployment ?
-
Yes I installed the new connectors and then enabled the new SQL Audit connector (SQLAudit.xml connector file) in few of our DB nodes. All the events under the new connector (Tool Alias) are coming as UnmatchedData from the InternalNewToolData event. I also opened a support ticket #00380287 to look on this. Edit: to add to…
