1 Reply Latest reply on Dec 22, 2015 11:09 AM by curtisi

    LEM Filters / Rules - Monitor for software installation

    cdgoodlettdme

      Hello,

       

      We are trying to configure a Filter (and later a Rule) in LEM (ver 6.1) that will alert when any software is installed on a Server/ Work station on which a LEM agent is installed. We are looking for some guidance on this. Thank you.

        • Re: LEM Filters / Rules - Monitor for software installation
          curtisi

          There's a Template rule for Windows Update Failure that you might want to look at.  The LEM normalizes a class of events as "SoftwareInstall" so looking for those events ought to show you installs.  This is contingent on those events being logged, however, which in Windows means "Using the MSI installer service."  If someone is using an app that doesn't need an install (Like PuTTy or Notepad++ with the right options selected) you won't see that as a "SoftwareInstall," and neither would you get 100% capture of software using other means of installation (like older legacy apps that don't know about MSI or registry changes).

           

          2015-12-22 10_09_09-SolarWinds Log & Event Manager.png