wolram

Hi jessaraea, Unfortunately what you have ran into is something that depends on the device. Sometimes the devices will change their id based on what port you connect them too and many times you have a device id that is the same wherever you plug it into. This is all dependent on the manufacture of the device. On some of…

Restarting is not something that is normally needed. Typically it has to do with reservations or something else that is happening. I would highly suggest you open up a support case to help find the actual cause. Also make sure you are on the latest version as well.

When you run the exe it is a self-extracting executable and will put the files on your desktop which includes the necessary files to deploy on vmware

Upon installation it connects to the manager and gets a certificate which is then associated with an id. If you are working on a DR type solution then you can copy the ContegoSPOP directory after it installs to the manager and that agent will get the same id and certificate. I would suggest trying it out and if you need…

We have not heard of anyone having an issue with the Local Agent Installer on Sever 2012. As an option you could try the Remote Agent Installer to install the agent to the Server 2012 file box.

That is most likely the case. Please open up a support case, so that this can be adjusted properly. Thanks.

The EventDsc.log only puts stuff in there when there are issues with it decoding the id of the user. * Stop Agent * Clear the EventDsc.log and create a EventDsc.ini file in the location where the EventDsc.dll is located typically under ContegoSPOP\someversion\lib\ or ContegoSPOP\lib folder (which you already found) * Add…

What are you trying to do? LEM purges data based on how much is taken up on the appliance. When it gets closer to full it deletes the partitions for the older data all at once. There is no mechanism to delete specific data from what is stored. If you are talking about syslog files then that is a different story. You can…

Hi, a In the upgrade guide it has a table on how to go from one version to another. You first need to go to 6.4 before you can go to 2019.4. Here is the upgrade guide https://documentation.solarwinds.com/archive/pdf/SEM/SEM-Upgrade-Guide.pdf https://documentation.solarwinds.com/archive/pdf/SEM/SEM-Upgrade-Guide.pdf Hope…

Reasons that no node may be found: * Is the procurve data already coming in?* Check which connectors you have configured on your appliance. Click on gear next to appliance and see if an HP Procurve is already connected * Check the logs to see if it is actually coming in on one of the local log files * Configure the…

Hi paul1gilbert Two things here: 1. You need to increase the size of the buffer that sends Cisco ISE to the LEM. I unfortunately do not have a handy screenshot from Cisco's console to show you (If you do this it would be great if you shared a screenshot). Make the buffer of what is sent via syslog as large as possible. The…

Sounds like somehow time is getting grabbed instead of the ip address. Make sure you have the latest version of connectors and if you do then I would open up a case with support in order to help get it resolved. They would need a sample of your raw logs where this is showing up to help adjust things properly.

HI fedchoice, The previous XXE fix that support was referring to as being fixed was DDIVRT-2015-55 SolarWinds Log and Event Manager Remote Command Execution - Digital Defense Inc. it may have been mistaken that when you reported the "Apache Flex BlazeDS XXE Injection" that it was the same one that was fixed instead of the…

Hi logs_united, Only specific sources are grabbed from the Application log. Since the events are Normalized we need a way to see what the event means to know where it should be mapped to for events. I would suggest contacting support and opening a case for coverage of the source you want to see turned into events.

How are you checking those systems? What is in the console is correct for the version. Most likely you are trying to check via registry entry. Right now when an agent updates via the manager it is not updating the registry entry. If you are using the agent installers to update then it should overwrite the registry entry to…

Have you opened up a support case? Unmatched data can happen because not everything has been seen. They can help get things moving for this event to be normalized. Assuming that is what you are saying about making it stop. If it is more about making the event itself stop then I would lookup on the Fortigate site the…

Hi tpmobley, If you do not find a connector listed to configure then it would be a New Connector Request. Contact support to file this feature request. Also I would highly recommend that you create a Thwack request for this as well to have other people indicate they are interested in this coverage as well. Having a Thwack…

First Netbotz. It may be logging in a different format than what was covered with APC InfraStruXure. Possibly a new connector request. I would contact support. Second Synology. Unmatched data means it is something we have not seen before and may or may not have the same format of what was in there. Various reason for this…