6 Replies Latest reply on Apr 21, 2016 3:12 PM by curtisi

    Reporting on LEM

    omar789

      We are using Solarwinds LEM 6.1.0 and need some help with reports. I need to find out all the drives, folder, files accessed by a user.

       

      Please could you advise how the conditions and groups in nDepth should be.

        • Re: Reporting on LEM
          pebcakproblemsolver

          Assuming you have FIM activate, it is pretty easy.
          Just use FileRead.SourceAccount = abc@def.com

          • Re: Reporting on LEM
            Steven Klassen

            Hi omar789 - I can't think of a way to do that offhand without FIM being enabled in probably an unreasonable number of places. Do you have any other SolarWinds products like Server & Application Monitor by chance?

            • Re: Reporting on LEM
              omar789

              What is FIM and how can I find if I have FIM enabled.

               

              Sorry, kind of new to this.

              • Re: Reporting on LEM
                curtisi

                Log and Event Manager can collect File Auditing information a couple ways.

                 

                One, it can collect native file auditing info from the OS.  This would require that you have the LEM Agent on the interesting servers/workstations, and that you have file auditing configured in Windows, Linux, MacOS, etc.  In Windows, this means that you've gone into the Security dialogue for a location and set the audit policy:

                 

                2016-04-21 14_06_44-Advanced Security Settings for LEMDemo.png

                Second, you can have File Integrity Monitoring do this, but FIM is only available for Windows devices and requires that the LEM Agent be installed on the interesting servers.  It looks like links to FIM docs have been provided by others, but I can add this video:

                 

                 

                In either case, LEM is going to get data from the OS or from FIM and normalize it, meaning that events will be sorted into the LEM's predefined categories like FileRead, FileWrite, FileCreate, FileDelete, etc.  You can search for all these different events separately, or you can use the pre-defined Event Group that ships with LEM to get them all in one go.