• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 22 subscribers
  • Views 1076 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Reports by user

rufat87

Hey guys, I need some help.

Once in a while I get to collect information on a specific user and his/her activity on the network. Since we now have LEM, it is one of the sources of the information I can use to accomplish that. I know how to perform all the granular tasks for this purpose in nDepth, by IP, by username and such, but I also would like to use Reports for this purpose as well. Is it possible to customize any of the report template tables or make one where I just set the criterion by IP or destination account/source/machine and a timeframe and get the fancy looking report ready?

I would really love to get some help making this happen.

  • 0

    Unfortunately, there's no functionality that allows you to customize the "out of box" reports. However, since you mentioned nDepth, why not use that? You can save your search (query) and then export the results which will include a number of different ways to represent your data visually. You can even schedule those queries to run although I haven't found the need for that feature quite yet.

  • 0

    I'm going to argue with qle‌: You can customize the out-of-the-box Reports in the Reports console.

    Say, for example, that you want authentication events for a specific user.

    1. Run Reports
    2. Run an Authentication report (I'm using Authentication - Log On/Off/Failure) for something like a ten minute span
    3. When it completes, click the Select Expert icon (a green funnel)
    4. When the box pops up, click "New" to add your first filter.  You'll be presented with a list of all the fields in the report.  For your example, I'd pick the AUTHAUDIT_1.DESTINATIONACCOUNT and add that.
    5. This'll take you back to the Select Expert box.  Pick the operator "Is Equal To" and in the box, type the username you want to search for.
    6. Your report may go blank if the user you want didn't occur in the last 10 minutes.  No sweat! Press F9 and you'll be prompted to change the time range.  Run the report.
    7. TA DA! A report for one user's authentication events.  You can hit Export and save it in the Crystal Reports format to keep a version of the report with your filters baked in for future use.

    The same sort of logic would apply to any report with user-names in it, though you may have to explore what fields contain what.

    See also: [VIDEO] Filtering and Exporting SolarWinds LEM Reports to Quickly Find Events of Interest

    You can also use Crystal Reports to customize the OOtB reports: SolarWinds Knowledge Base :: Creating a Custom Report for LEM 5.6 and newer

    I also cover something similar for FIM in this YouTube video: Solarwinds Log and Event Manager - Configuring FIM and Analyzing FIM Data - YouTube

  • 0 in reply to curtisi

    That's brilliant! Exactly what I was hoping to get!

  • 0

    Hi rufat87

    Another option would be to use something like LANGuardian to capture the user information\metadata from network traffic and then integrate this with your SolarWinds views. You can see an example of this at the link below

    http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=1&AccountID=guest

    There is also a search feature where you can put in an IP or username and get a view of what they are doing on your network. There is an example of this at the link below or I also included a link to a short video which shows the integration in action.

    http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=36&AccountID=guest

    There is a trial version of LANGuardian available if you wanted to test it out yourself

    Hope this helps

    Darragh

  • 0 in reply to curtisi

    Thanks for the v. useful guide, we have a LEM in a multi-domain environment and have been struggling to schedule custom reports for each domain.  Rather than use the "Is Equal To" operator I used the "Starts With" operator for filtering the report to pickup agent events for a particular domain.  After exporting the filtered report as Crystal Reports, i was then able to manually create a scheduled task to run the custom report as needed:

    1. Export filtered report to Crystal Reports format.

    2. Copy the schedule report INI file and manually update the relevant parameters including the name of the report to run and the export options.

    3. Create a basic task (in Task Scheduler) to run a schedule report using the custom report INI file.

    4. Sit back and enjoy.

    I've created a separate folder for all my custom reports sorted by each domain and creating separate scheduled tasks for each report, I may look at bunching daily/weekly reports for each domain into separate batch jobs to simplify scheduling.

    The above is a bit of a long-winded workaround, but without purchasing Crystal Reports XI R2 ($600) I don't see any other way for creating custom reports which has been a major headache with using LEM in a multi-domain environment (and without having to install a separate manager appliance for each domain).

    Thanks a lot!

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.