• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 22 subscribers
  • Views 368 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

LEM Event and Log Correlation

acgarcia1

Do you have any steps or procedures that would help me accomplish the following:

1. What are the steps or procedures on how to use' the event correlation' ,like, I need to know the relationships of any number of events with some identifiable patterns - relationships between events.

2. What are the steps to collect logs from Cisco Iron Port S Series web filter? Is there any plugin to install or a tool where I can activate logging on this machine and what are the steps or procedures?
  • 0

    Hello again, Aaron.



    1. What are the steps or procedures on how to use' the event correlation' ,like, I need to know the relationships of any number of events with some identifiable patterns - relationships between events.



    Event correlation is at the heart of what the LEM product does; it's used in filters, rules, searches, and reports. If you'd like to just browse the data on your database and see if anything "sticks out," nDepth is probably your best bet.

    To execute an nDepth search from the LEM Console Monitor view:

    1. Select an Alert or any field within an Alert from the Monitor view.
    2. Click the Explore menu on the Alert Grid title bar (next to Pause), and then select nDepth.

    This sort of search will show you everything within the timeframe you specify (the default is 10 minutes) related to the event or value you selected. For more information about the basics of using nDepth, check out this video: Navigating the nDepth View of Your Log & Event Manager Console.

    Alternately, if you have a specific event or group of events in mind and you want to track their occurrence in real time, a filter is what you're looking for. The following KB article provides a brief overview of how to quickly create a filter for a specific event, and it's got a video embedded in it to walk you through a more detailed example if you're interested: Quickly Creating a Filter for a Specific Alert Type



    2. What are the steps to collect logs from Cisco Iron Port S Series web filter? Is there any plugin to install or a tool where I can activate logging on this machine and what are the steps or procedures?



    We don't have a tool for this product in our published Supported Data Sources list, so I'll have to refer this question to Product Management.

    Thanks for continuing to visit us on thwack! It's great to see more LEM traffic here.

  • 0 in reply to phil3

    Hi Phil,

     

    Thanks again for your usual assistance. I overlooked the part that the client has Iron Port in their net infra. It only came up on the later part of the POC.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.