1 of 1 people found this helpful
This sounds more like a configuration issue you're having on the machine itself.
I would recommend going over your auditing settings and filtering out what you do not need that way. Audit Policies and Best Practices for LEM - SolarWinds Worldwide, LLC. Help and Support
LEM as far as I am aware, does not block connections or (unless it is running out of space)drop events
Applying the auditing policy is not a viable option. In my case this should go through change management and different processes. Not easy.
Not blocking the connector but dropping and filtering out the unwanted events. Is that possible? Wishful thinking. :-)
I have always put a filtering server in place before the messages got to the LEM or to Orion. One solution would be to have the messages forwarded first to a Kiwi Syslog Server and then have filtering rules in the Kiwi server drop the
unneeded messages prior to sending them on to the LEM or Orion. Kiwi is very affordable and supports a decent message rate.