I am trying to configure a filter to identify logon events that occur outside of business hours. I followed the below article on configuring Time of Day Sets, but LEM is capturing all of the login events and ignoring that I say "Do not include Business Hours." Has anybody else had this issue or found a way to fix this?
Solved! Go to Solution.
I'm able to reproduce the issue in my lab, so you may have found a bug. I'll do some investigation and report back to you.
Apologies for the delay in getting back to you. Filtering based on Time of Day Sets was an issue in the Flash console, however it been fixes as part of the Events Console. Could you try viewing the filter in the HTML5 Events Console and confirm if your 'non-business hours' filter is working ok?
In order to access the HTML5 interface you can browse directly to 'http://<your-lem-ip>/webui' or via the 'Visit LEM Events Console' link on the top right of the Flash console.
This is an issue for me too, within the HTML5 console, almost a year from the original post. Has it been fixed yet?
When building the filter using [userlogon.detectiontime (does not contain) business hours time-of-day-set], the engine ignores it. When doing the filter in ndepth, the line gets flagged red as "invalid search". I don't understand why it is not working. And in lieu of that, is there another way of building the filter to view logon attempts outside of business hours?
Yo tenía tu mismo problema y lo logre solucionar creando el filtro en la consola HTML pero adicional tuve que borrar todos los grupo de time-of-day-set que yo había creado, cree de nuevo el grupo time-of-day-set y esta funcionando. Me encontré con esta nota en la guía de configuración, espero sea de tu ayuda.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.