• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 22 subscribers
  • Views 1214 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Non-Business Hours Filter Not Actually Filtering

techguru

I am trying to configure a filter to identify logon events that occur outside of business hours. I followed the below article on configuring Time of Day Sets, but LEM is capturing all of the login events and ignoring that I say "Do not include Business Hours." Has anybody else had this issue or found a way to fix this?

Configure Time of Day Sets in LEM - SolarWinds Worldwide, LLC. Help and Support

  • 0

    I'm able to reproduce the issue in my lab, so you may have found a bug. I'll do some investigation and report back to you.

  • 0

    Apologies for the delay in getting back to you. Filtering based on Time of Day Sets was an issue in the Flash console, however it been fixes as part of the Events Console. Could you try viewing the filter in the HTML5 Events Console and confirm if your 'non-business hours' filter is working ok?

    In order to access the HTML5 interface you can browse directly to 'http://<your-lem-ip>/webui' or via the 'Visit LEM Events Console' link on the top right of the Flash console.

  • 0 in reply to jhynds

    This is an issue for me too, within the HTML5 console, almost a year from the original post.  Has it been fixed yet?

  • 0 in reply to jhynds

    When building the filter using [userlogon.detectiontime (does not contain) business hours time-of-day-set], the engine ignores it.  When doing the filter in ndepth, the line gets flagged red as "invalid search".  I don't understand why it is not working.  And in lieu of that, is there another way of building the filter to view logon attempts outside of business hours?

  • 0 in reply to ikchang

    Hola @ikchang

    Yo tenía tu mismo problema y lo logre solucionar creando el filtro en la consola HTML pero adicional tuve que borrar todos los grupo de time-of-day-set que yo había creado, cree de nuevo el grupo time-of-day-set y esta funcionando. Me encontré con esta nota en la guía de configuración, espero sea de tu ayuda.

    pastedImage_0.png

         ref: Configure Time of Day Sets in SEM

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.