Unraveling the Mysteries of Log & Event Management: Advanced Training

1,105 views

Published on

For more information on LEM, visit: http://www.solarwinds.com/log-event-manager.aspx

Watch this webcast: http://www.solarwinds.com/resources/webcasts/advanced-training-unraveling-the-mysteries-of-log-and-event-management.html

This session will explore some best practices for monitoring your network and demonstrate how SolarWinds LEM can assist in discovering, reporting, and taking action against inappropriate activities, potential threats and malicious events.

Maintaining insight into our networks and keeping them secure is a fulltime responsibility. Not only can it be difficult to determine what we should be looking for, but when we see it, what can we do about it? Furthermore, how can we do it 24/7/365? SolarWinds Log and Event Manager provides an extremely powerful and flexible solution to those problems and more! Join Sales Engineer Chris Jeffreys and Trainer Gerry “Skeeter” Pond in unraveling the mysteries of log and event management and show you how to use this powerful tool, even when you’re finally getting a few moments of well-deserved sleep.
• Best Practices as to What/Where to Look
• Capturing Network Activities and Events – Filters
• One-Stop Monitoring – Creating an effective LEM dashboard
• On-The-Fly Analysis – Event Explorer and nDepth
• Taking Action against Potential Threats – Active and Reactive
• Reporting – Scheduled and Ad-Hoc

Published in: Technology, Business
2 Comments
0 Likes
Statistics
Notes
  • The Solarwinds Partner / Integrator we used was Tobias International. They are currently the only ones with a team focused on LEM. http://www.tobiassystems.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • We just need someone to deploy this for us. Anyone know of a good professional services organization who will help up deploy and integrate the with Cisco ASAs??
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
1,105
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
2
Likes
0
Embeds 0
No embeds

No notes for slide

Unraveling the Mysteries of Log & Event Management: Advanced Training

  1. 1. Unraveling the Mysteries of Log and Event Management with SolarWinds LEM FEBRUARY 16, 2012Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  2. 2. Unraveling the Mysteries . . .Hosts: Gerry Pond – Education & Certification Specialist Chris Jeffreys – Sales EngineerProducer: Catherine Jackson Are you Certified?Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  3. 3. Agenda Introductions & Housekeeping Best Practices - What and Where to Look Capturing Network Activities and Events – Filters One-Stop Monitoring – Creating an effective LEM Dashboard On-The-Fly Analysis – Event Explorer and nDepth Taking Action against Potential Threats – Active and Reactive Reporting – Scheduled and Ad Hoc Summary and Q&ACopyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  4. 4. Housekeeping  Today’s content will range from discussion to demonstration  We only have an hour  Ask questions!!!  Don’t be afraid to ask deeper questions  Don’t wait until the end – ask away  Today’s session is being recorded  Recorded session on SolarWinds.com  Slides available on slideshare.comCopyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  5. 5. What to Look for and Where  Change Management  Domain Controllers (DC’s)  Change Management Filter  What changes are being made? – Alert Name/EventInfo  Who’s making those changes? – SourceAccount  Are those changes authorized? – Internal PolicyCopyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  6. 6. What to Look for and Where (continued)  Company Policy Violations  Playing games on company time/equipment  Installing unauthorized software  Individual agents – Process Auditing  Accessing inappropriate websites  Proxy server – WebTrafficCopyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  7. 7. What to Look for and Where (continued)  Accessing Sensitive Files  Specific file server(s)  FileAuditing ** Data is obtained from logs – LEM does not audit the files themselves **Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  8. 8. What to Look for and Where (continued)  USB Activities  Servers, Critical Agents, Agents  Any alert where ProviderSID = “ *USB* ” Copyright © iStockPhotoCopyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  9. 9. What to Look for and Where (continued)  Unusual spikes in network traffic  Firewall/Proxy Servers  TCP/UDT/WebTrafficAudit alertsCopyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  10. 10. One-Stop Monitoring  Filters, filters and more filters  OPS Center Dashboard
  11. 11. Reporting  Reports Console  Scheduled reports (including “batch reports)  Ad Hoc reports  nDepth  Export Result Details as a *.csv  Export *.pdf document of all data and graphsCopyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.
  12. 12. End of PresentationThank you for attending!To learn more or to download free 30-daytrials of SolarWinds products visit:www.SolarWinds.comFor Log & Event Manager Support:Open a ticket via your customer portal or call toll-free: 866-668-6064P.S. Remember to renew your maintenance!!!Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

×