5 Replies Latest reply on Jul 1, 2013 6:14 PM by antioch

    Problems setting up rules

    antioch

      Hello all, I'm using the trial version of log and event manager, but I seem to have a significant issue setting up rules. Currently I have the log and event manager agent setup on 1 node and linked to my domain controller. I can view reports just fine, for instance I can use ndepth to view the logs of a machine, view running processes, etc. The problem comes from when I attempt to setup rules, for example to test out rules what I attempted to do was have LEM detect the mspaint process was running, then popup a message just saying test. when I monitor the rule, when I go to monitor and check rules activity no rules have fired. I have turned the rule on pressed activate rules before testing, and the rules is not in test mode. When I check ndepth after this it does pickup the process was running and the time is correct on the execute, the rule just fails to execute for some reason. I have tried a number of different rule setups with the same result, I have even wiped the virtual appliance and started over. Any ideas?

        • Re: Problems setting up rules
          antioch

          This is solved, sort of. I can now get rules to execute properly, what seems to be the issues now is that whenever I logoff (without shutting down) and log back in, the lem agent software stops talking back to the host. I tried the steps outlined by solarwinds to stop the process, delete the spop file then restart, but the problem is still occurring. the only way I can fix it is by ending the process from task manager, stopping the service in services, then running the .exe file. but as soon as I logoff it does it all over. out of curiosity I installed the agent software to another node to replicate the issue, and it does the same thing. is this a known issue with the client?