Unraveling the Mysteries of Log & Event Management: Advanced Training

•

1 j'aime•625 vues

For more information on LEM, visit: http://www.solarwinds.com/log-event-manager.aspx Watch this webcast: http://www.solarwinds.com/resources/webcasts/advanced-training-unraveling-the-mysteries-of-log-and-event-management.html This session will explore some best practices for monitoring your network and demonstrate how SolarWinds LEM can assist in discovering, reporting, and taking action against inappropriate activities, potential threats and malicious events. Maintaining insight into our networks and keeping them secure is a fulltime responsibility. Not only can it be difficult to determine what we should be looking for, but when we see it, what can we do about it? Furthermore, how can we do it 24/7/365? SolarWinds Log and Event Manager provides an extremely powerful and flexible solution to those problems and more! Join Sales Engineer Chris Jeffreys and Trainer Gerry “Skeeter” Pond in unraveling the mysteries of log and event management and show you how to use this powerful tool, even when you’re finally getting a few moments of well-deserved sleep. • Best Practices as to What/Where to Look • Capturing Network Activities and Events – Filters • One-Stop Monitoring – Creating an effective LEM dashboard • On-The-Fly Analysis – Event Explorer and nDepth • Taking Action against Potential Threats – Active and Reactive • Reporting – Scheduled and Ad-Hoc

Technologie Business

Unraveling the Mysteries of Log
and Event Management
with SolarWinds LEM
FEBRUARY 16, 2012

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

Unraveling the Mysteries . . .
Hosts:
Gerry Pond – Education & Certification Specialist
Chris Jeffreys – Sales Engineer

Producer:
Catherine Jackson

Are you Certified?
Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

Agenda

 Introductions & Housekeeping

 Best Practices - What and Where to Look

 Capturing Network Activities and Events – Filters

 One-Stop Monitoring – Creating an effective LEM Dashboard

 On-The-Fly Analysis – Event Explorer and nDepth

 Taking Action against Potential Threats – Active and Reactive

 Reporting – Scheduled and Ad Hoc

 Summary and Q&A

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

Housekeeping
 Today’s content will range from discussion to
demonstration
 We only have an hour

 Ask questions!!!
 Don’t be afraid to ask deeper questions
 Don’t wait until the end – ask away

 Today’s session is being recorded
 Recorded session on SolarWinds.com
 Slides available on slideshare.com
Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

What to Look for and Where
 Change Management
 Domain Controllers (DC’s)
 Change Management Filter
 What changes are being made? – Alert Name/EventInfo
 Who’s making those changes? – SourceAccount
 Are those changes authorized? – Internal Policy

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

What to Look for and Where (continued)

 Company Policy Violations
 Playing games on company time/equipment

 Installing unauthorized software
 Individual agents – Process Auditing

 Accessing inappropriate websites
 Proxy server – WebTraffic

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

What to Look for and Where (continued)
 Accessing Sensitive Files
 Specific file server(s)
 FileAuditing

** Data is obtained from logs – LEM does not audit the files themselves **

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

What to Look for and Where (continued)
 USB Activities
 Servers, Critical Agents, Agents
 Any alert where ProviderSID = “ *USB* ”

Copyright © iStockPhoto

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

What to Look for and Where (continued)
 Unusual spikes in network traffic
 Firewall/Proxy Servers
 TCP/UDT/WebTrafficAudit alerts

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

One-Stop Monitoring
 Filters, filters and more filters
 OPS Center Dashboard

Reporting
 Reports Console
 Scheduled reports (including “batch reports)

 Ad Hoc reports

 nDepth
 Export Result Details as a *.csv

 Export *.pdf document of all data and graphs

Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

End of Presentation

Thank you for attending!
To learn more or to download free 30-day
trials of SolarWinds products visit:

www.SolarWinds.com

For Log & Event Manager Support:

Open a ticket via your customer portal
or
call toll-free: 866-668-6064

P.S. Remember to renew your maintenance!!!
Copyright © 2011, SolarWinds Worldwide, LLC. All rights reserved.

Contenu connexe

Plus de SolarWinds

Government Webinar: Alerting and Reporting in the Age of Observability

SolarWinds

Government and Education Webinar: Full Stack Observability

SolarWinds

Government and Education Webinar: Public Sector Cybersecurity Survey - What I...

SolarWinds

Becoming Secure By Design: Questions You Should Ask Your Software Vendors

SolarWinds

Government and Education Webinar: Real-Time Mission, CIO, and Command Dashboards

SolarWinds

Government and Education Webinar: Simplify Your Database Performance Manageme...

SolarWinds

During this interactive webinar, our presenter discussed how to leverage major Orion® Platform alert features and use lessons learned and best practices to provide actionable information for events around your organization. Attendees learned about: Using enhanced node status and dependencies Defining thresholds or baselines Categorizing and filtering with custom properties and groups Leveraging advanced alerting features to improve alert detail and reduce noise Ensuring persistent issues generate or escalate alerts and alarms Integrating with chat, ticketing, APIs, and/or SMS and providing detailed poll data Alert actions for network devices, servers, or services on failure

Government and Education Webinar: SolarWinds Orion Platform: Audit and Stream...

SolarWinds

During this interactive webinar, our presenter discussed how automation can improve support levels and maximize your resources. He also reviewed how SolarWinds® IT operations management (ITOM) solutions can help with alerts, configuration management, capacity planning, and cyberthreat response and prevention. Attendees learned about: Alerts—leverage intelligent alerting to notify the appropriate staff members and use thresholds to trigger alerts Configuration management—for networks, back up and standardize configs and automate repetitive tasks during upgrades; for systems, establish baselines and get notified of changes Capacity planning—monitor system capacity and get notified when trends indicate shortages will occur; get virtualization recommendations based on data from your environment Threat response—establish conditions for active responses to automatically make changes to deter active cyberthreats

Government and Education Webinar: Leverage Automation to Improve IT Operations

SolarWinds

Government and Education Webinar: Improving Application Performance

SolarWinds

During this interactive webinar, our presenter discussed how to leverage IT tools to improve operations management and support for on-site and remote workers. Attendees learned about: • Improving network monitoring with ipMonitor® and configuration management with Kiwi CatTools® • Centralizing and simplifying log message management across network devices and servers • Monitoring logs with Kiwi Syslog® Server • Utilizing IT service management tools like SolarWinds Web Help Desk® or SolarWinds Service Desk to improve resolution rates and provide self-service • Leveraging Dameware® tools to support users and manage systems remotely

Government and Education: IT Tools to Support Your Hybrid Workforce

SolarWinds

Government and Education Webinar: There's More Than One Way to Monitor SQL Da...

SolarWinds

Attendees spent the day with SolarWinds learning how to get the most out of our network, systems, database, compliance and security products, and IT support tools. We discussed how we responded to the recent security incident, and how we’re moving forward with our Secure by Design approach. Our system engineers dove into the technical details, reviewed new products and features, and demonstrated configuration and integration points. Presentation topics included technical updates on the following: - Network management products and scaling the Orion® Platform - Systems and database monitoring products - Security and compliance products - SolarWinds ITSM and support tools

SolarWinds Government and Education Webinar: Virtual Technology Briefing 08.0...

SolarWinds

Government and Education Webinar: Zero-Trust Panel Discussion

SolarWinds

View this webinar to learn about the SolarWinds® Orion® Assistance Program (OAP) and how to take advantage of the program. OAP provides upgrade and hotfix assistance to SolarWinds customers under active maintenance who were/are running one of the Orion Platform versions affected by SUNBURST or SUPERNOVA. Learn more details about the program, best practices and advice on lessons learned from Monalytic’s experience supporting over 100 government customers with this program, and how to get support through the program.

Government and Education: Leveraging The SolarWinds Orion Assistance Program ...

SolarWinds

Government and Education Webinar: SQL Server—Advanced Performance Tuning

SolarWinds

In this webinar, we discussed how to recover IP addresses on your network, whether abandoned, static, or reserved. During this interactive webinar, attendees learned about: Gain a more complete view of your network and find abandoned IP addresses Obtain accurate, current information about the IP addresses in use on your network Easily change the address status from “Used” to “Available” Receive alerts when DHCP address pools exceed utilization thresholds

Government and Education Webinar: Recovering IP Addresses on Your Network

SolarWinds

In this webinar, we discussed optimized monitoring with an enterprise-grade host monitor. We also reviewed how to use monitor performance on hybrid systems, optimize host resource usage, leverage templates, and understand the relationships. During this interactive webinar, attendees learned about: Leveraging details about application health to achieve visibility into key performance metrics Using analytics dashboard to compare different types of data side-by-side Monitoring VMs running on a host and make sure resources are allocated properly Leveraging capacity forecast charts and metrics to identify when server resources will reach warning and critical thresholds Using application monitor templates to speed up troubleshooting and focus on what to fix Getting visibility across your systems environment, from applications to servers, virtualized infrastructure, databases, and storage system

Government and Education Webinar: Optimize Performance With Advanced Host Mon...

SolarWinds

In this webinar, we discussed how SolarWinds® solutions can help you overcome remote work IT challenges. During this interactive webinar, attendees learned about: Improve network monitoring, configuration, and VPN management with SolarWinds Network Performance Monitor (NPM) and SolarWinds Network Configuration Manager (NCM) Monitor the server and application performance of your collaboration systems with SolarWinds Server & Application Monitor (SAM) Utilize configuration management to efficiently deploy upgrades and improve compliance with NCM Support users and systems remotely with tools such as SolarWinds Dameware® Remote Support (DRS) and SolarWinds Dameware Remote Everywhere (DRE) Improve IT request management, ticket tracking, and asset management with tools like SolarWinds Web Help Desk® and SolarWinds Service Desk Automate provisioning and permissions management with SolarWinds Access Rights Manager™ (ARM) Locate users and devices on your network with SolarWinds User Device Tracker (UDT)

Government and Education Webinar: Conquering Remote Work IT Challenges

SolarWinds

In this webinar, we discussed how SolarWinds can help you streamline this process across your databases and prioritize issues so you can be a more efficient SQL Server professional. During this interactive webinar, attendees learned: • How to identify missing indexes • What you can to do improve the quality and performance of your indexes • The types of indexes in SQL Server and how they can benefit different types of workloads • Viewing index operations within execution plans

Government and Education Webinar: SQL Server—Indexing for Performance

SolarWinds

In this webinar, we discussed how SolarWinds® solutions for Azure® monitoring provide end-to-end visibility for your applications running on private, public, and hybrid clouds. We also reviewed our Azure Gov Cloud deployment options and best practices. During this interactive webinar, attendees learned about: Rightsizing and optimizing your virtual machines to get them ready for Azure and managing sprawl control with SolarWinds Virtualization Manager (VMAN) Leveraging over 1,200 application, server, and Azure infrastructure monitoring templates with SolarWinds Server & Application Monitor (SAM) Monitoring your Azure Services, Azure App Service, and custom applications using transaction tracing, code profiling, and exception tracking with SolarWinds AppOptics™, a software as a service (SaaS) product Testing end-user experience from inside the organization and outside the firewall with SolarWinds Web Performance Monitor (WPM) Ensuring your databases are performing optimally through cross-platform database performance optimization and tuning with SolarWinds Database Performance Analyzer (DPA) SolarWinds availability on Azure Gov Cloud and how deployment works

Government Webinar: Monitoring Azure and Deploying SolarWinds on Azure Govern...

SolarWinds

Plus de SolarWinds (20)