cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

LEM filter issue

Note: The conditions for the default firewall filter read, Any Alert.ToolAlias = *Firewall*, where the asterisks serve as wildcard characters. If the alias defined in Step 5 does not contain the word firewall, the default filter will not work until it has been edited to match the alias you defined.

Please can any one help me to understand above Note for creating the filter ?

I am waiting for your response

0 Kudos
10 Replies
Level 15

Backing up what evanr said:

In the case of Cisco Firewalls, the default Tool Alias is Cisco PIX and IOS.  If you have all your Firewalls logging to Local7, you may want to change that to "Cisco Firewalls."  Then data would match the default filter.

2014-04-04 06_45_27-SolarWinds Log and Event Manager Console.png

I've also seen people use this on Nodes (or more specifically, Connector Profiles) where they change the default Windows Connector Aliases to something like "DC Application Log" and "DC System Log" and then they can create a filter for Domain Controller Events.  The Tool Aliases can be pretty handy that way.

0 Kudos

What will i put in the notification option ?

I did not get below statement please can you explain me clearly ?

"In the case of Cisco Firewalls, the default Tool Alias is Cisco PIX and IOS.  If you have all your Firewalls logging to Local7, you may want to change that to "Cisco Firewalls."  Then data would match the default filter.?

I've also seen people use this on Nodes (or more specifically, Connector Profiles) where they change the default Windows Connector Aliases to something like "DC Application Log" and "DC System Log" and then they can create a filter for Domain Controller Events.  The Tool Aliases can be pretty handy that way."

0 Kudos

As long as the word "Firewalls" appears in the Tool Alias, data from that tool will match the default filter in the Monitor tab.  The default name for Cisco IOS connectors is "Cisco PIX and IOS" so it won't match the Firewalls filter unless you change the name to include the word "Firewalls," ie "Cisco Firewalls"

0 Kudos

Can you help me to create the filter rule ?

0 Kudos

What is the tool alias of the connector reading your firewall logs?

0 Kudos

I have created the Alias of the connector  "switch".

0 Kudos

I have attached a filter that would return events from that Alias.

0 Kudos

How do i add this file in my LEM filter ?

Can you explain how did you create this filter ?

0 Kudos

Might I suggest that you spend some time with our video training on the LEM?

https://www.youtube.com/playlist?list=PL7E0C96A8AA76F1D2

This video specifically covers creating Filters:

And there's this KB:

http://knowledgebase.solarwinds.com/kb/questions/3380/Creating+Filters+for+Real-time+Monitoring+in+Y...

To import the filter I created, click the gear and then pick "Import" and navigate to the FIlter file you downloaded.

2014-04-07 08_10_24-SolarWinds Log and Event Manager Console.png

Level 12

Your aliases are set in your connector.

Capture.JPG

Since my alias is "ASA".  I would use this when creating my filter.

Capture2.JPG

0 Kudos