valkos

Hi jhynds on this comment: Our SQL Auditor is still fully supported, but we want to give customers some flexibility when monitoring SQL audit events The SolarWinds MSSQL Auditor does not support SQL Server 2016. This was a big issue that came up earlier. If you could add support for SQL Server 2016 in SolarWinds MSSQL…

There should definitely be a connector or a listener which can log the activities from web browsers. It should report basic information: * Event time * Hostname * Account * URL * Protocol * Browser version * Page size * Time on site (between site open and close)

jhynds since you're working on User Defined groups * User Defined Groups: Build and manage your User Defined Groups within the HTML5 UI. I hope that (despite lack of votes on the feature request below) you consider adding more fields to the Add User-Defined Group Element action. Currently we can only add a single element…

Solarwinds would be better of with ditching the whole Reports application and integrate reporting inside the Console UI. The UI is not intuitive and it has all kinds of problems. One of the biggest issues is when you run a complex/heavy report which can take hours to generate and only after that you can go in and filter…

It is whitelisted, because I can download the new releases, in fact I just downloaded the LEM agent yesterday from https://downloads.solarwinds.com/solarwinds/Release/LEM/*******.zip The connectors were manually downloaded few days ago via browser from following address…

After whitelisting the address in Umbrella, the connectors started downloading successfully again and I haven't had issue since. Do you have to reach to Umbrella of Cisco to whitelist our public IP in order to pull the Connector updates ? I have a similar error and when tracerouting that IP, I notice it times out after few…

I think there are no internal events which indicate the number of days that you're keeping, but for DB size you may use a simple filter like below If you want to track when DB goes beyond e.g. 85% then just update the above filter with ManagerMonitor Info: Disk usage of Logs/Data: 85%* I hope this helps

Are there requirements on what LEM version we need to have installed in order to participate ?

I hope there's an answer that someone can provide on this matter.

I had a similar problem and discussed it with support in regards to MSSQL events with special characters. They confirmed that special characters are not supported. It is really a bummer that they're replaced by symbols ??? where maybe they could be replaced with regular characters to have sort sort of semblance to original…

Thanks for posting this issue. It is important for us who were about to upgrade to 6.7.0 and if it's a bug, I hope it is resolved quickly by SolarWinds.

LEM only normalizes what is stored on the native log files. If full name does not show in original event, LEM has no way of interpreting it otherwise.

I had a similar problem, but ended up deploying the agent via GPO, you can enforce USB defender service with silent install and it is hassle free https://thwack.solarwinds.com/docs/DOC-190786#comment-310105 The great thing with this method is that it also allows you to upgrade the LEM agent through the same GPO too. Just…

Did you check the CMC logs to see if there's an error ? Are emails ever reaching your Exchange ? Maybe your Exchange admins have disabled SMTP un-auth emails (default Email Active Response connector settings) from being sent over the network. Also check triggered rule actions to see if an email active response tool was…

We started with SQL Extended events. The SQL logs are now stored in Windows Application logs, but there are several issues with managing these logs in SEM. 1. There are wayyyyy more logs coming in than when we used to get with MSSQL Auditor. This is because with MSSQL Auditor we were able to select the types of events and…

This is how I dealt with tracking which rule triggered an alert or an email. 1. Edit all the Email templates (around 30 of them in my case) and add a new field: $Rule (for extra emphasis, I also added which events were triggering the alerts too) 2. Edit all the active rules, and on the Actions section at the Send Email…

I am interested in it too, I've been using LEM for almost a year

This sounds like a useful rule Monitor a file an alert when a file has specific text, it's an error log file so i'm looking at events happening and then sending an email advising of that. (two different bits of data). Does this mean you have a rule which is able to actually look inside file contents ? Can you share the…

There are no log retention settings (yet). By default, once the log DB reaches 90%, the older logs get overwritten. So depending on the amount of logs you're receiving on LEM, it could be anywhere from few weeks to over a year. I believe LEM could improve the retention capabilities, by having some sort of categorization…

I enabled Nessus Messages connector and am now getting the same errors as OP C:\ProgramData\Tenable\Nessus\nessus\logs\nessusd.messages is the correct location of Nessus log files jhynds​ can you assist on this ?