1 of 1 people found this helpful
Okay, here we go:
1) This is probably going to be something to do with what auditing and logging you have the firewall set to collect, and what it does with that collection. The LEM collects logs passively, so if you're not sending the LEM user audit logs, it's not going to see them. You're probably going to have to check out Fortinet's docs to make sure your configuration is right for collecting and sending that information.
2) It sounds like you might benefit from checking out some of the LEM training materials, and seeing if that helps with the task at hand. There's a wealth of stuff here: Log & Event Manager (LEM) - Updated July 15, 2014. You may also want to check out the LEM video playlist on YouTube: Log & Event Manager (LEM) - YouTube, like this video on how to create rules:
My one pro-tip on rules would be this: never ever use the Any Alert Event Group on a rule. It'll chew up memory, and can crash the LEM.
3) Yes! You can get the Agent installers for Sun Solaris from the customer portal or from this link: SolarWinds Knowledge Base :: Additional LEM downloads for version 6.0
There should be a readme in that download on how to deploy the Agent.
4) Samples of rules are provided in the LEM console itself. Go to Build Rules, pick a category or Tag and look at the Rule Templates. These are provided as samples to help you get started with configuring the LEM.
thanks for the nice explanation about product. actually i am stuck with creating rules however able to create filters but when i am trying to create a rule from template say for "bad login attempts 2-3 within 30 seconds to my AD server" must be fired a rule with action email hat states a clear text that what is happend.
You may want to call into the help desk and open a ticket so we can setup a GoToMeeting and look at your request in some detail.
working rules now...enjoying with LEM.....