Install a LEM Agent and configure the appropriate connectors to monitor domain events on your network along with local events on the servers themselves. Use the procedures below to configure a SolarWinds LEM Agent on a single Windows domain controller.
The following table provides the installation requirements for the LEM Agent:
Software/Hardware Requirements
Operating System AIX, Linux, Solaris, Windows Vista, Windows 7, Win- dows 8, Windows Server 2000, Windows Server 2003, Windows Server 2008
CPU Speed 450 MHz Pentium III or equivalent
Chapter 5: Leveraging LEM
Software/Hardware Requirements
Hard Drive Space 1 GB Environment Vari-
ables
The ability to install all software with administrator rights
Installing a LEM Agent on a single Windows domain controller:
1. Download the SolarWinds LEM Agent installer for Windows.
a. If you are a licensed LEM customer, download the installer from the SolarWinds customer portal.
b. If you are an evaluation LEM customer, see .
2. Extract the contents of the installer ZIP file to a local or network location. 3. Run Setup.exe.
4. Click Next to start the installation wizard.
5. Accept the End User License Agreement and click Next.
6. Enter the hostname of your LEM Manager in the Manager Name field and click Next. Do not change the default port values.
7. Confirm the Manager Communication settings and click Next.
8. Specify whether to install USB-Defender with the LEM Agent and click Next. The installer includes USB-Defender by default. To omit this from the installation, clear the Install USB-Defender checkbox.
Note: Install USB-Defender on every system. USB-Defender never
detaches a USB device unless you have explicitly enabled a rule to do so. By default, USB-Defender simply generates events related to USB mass storage devices attached to your LEM Agents
9. Confirm the settings on the Pre-Installation Summary and click Install. 10. Once the installer finishes, click Next to start the LEM Agent service. 11. Inspect the Agent Log for any errors and click Next.
The SolarWinds LEM Agent continues running on your computer until you uninstall or manually stop it. It begins sending events to your SolarWinds LEM Manager immediately.
Configuring additional connectors on your SolarWinds LEM Agent:
1. Open your SolarWinds LEM Console and log into your SolarWinds LEM Manager as an administrator.
2. Click the Manage tab, and then click Nodes.
3. Locate the LEM Agent in the list. Use the Refine Results pane on the left if necessary.
4. Click the gear button next to the LEM Agent (left), and then click Connectors.
5. Locate the connector you want to configure in the list. Use the Refine Results pane on the left if necessary.
6. Click the gear button next to the connector (left), and then click New. 7. Modify the connector if necessary and then click Save.
8. Click the gear button next to the new instance of the connector , indicated by an icon in the Status column, and then click Start. 9. Click Close to close the Connector Configuration window.
10. Configure the following additional connectors on your Windows domain controllers, as applicable.
l Windows Directory Service Log l Windows DNS Server Log l Windows DHCP Server version
Using Connector Profiles to Maintain and Monitor Multiple Domain Controller Agents
Use Connector Profiles to maintain and monitor multiple domain controllers in the LEM Console. Connector Profiles allows you to configure and modify connector settings at the profile level, and they also provide a group by which you can filter your event traffic coming into your SolarWinds LEM Console from your
SolarWinds LEM Agents. Use the procedures below to create a Connector Profile based on a single SolarWinds LEM Agent and a corresponding filter to monitor
Chapter 5: Leveraging LEM
activity on the computers in that profile.
Note: Microsoft changed the way Windows computers log security events with their latest operating system releases. For that reason, SolarWinds LEM Agents on computers running Windows Server 2008, Windows Vista, or Windows 7 require different connectors than those Agents on computers running older operating systems. If you are running both old and new versions of these
Windows operating systems in your environment, create a Connector Profile for each operating system.
Creating a Connector Profile based on a single SolarWinds LEM Agent:
1. Install the SolarWinds LEM Agent software on all of the computers you want to end up in your new Connector Profile.
2. Configure a single SolarWinds LEM Agent to serve as the template for your Connector Profile.
3. In the LEM Console, select the Build tab, and then click Groups.
4. Click the button in the upper right, and then click Connector Profile. 5. Enter a Name and Description for the Connector Profile.
6. Select the recently configured SolarWinds LEM Agent from the Template list.
7. Click Save.
8. Locate your new Connector Profile in the Groups list. Use the Refine Results pane on the left if necessary.
9. Click the gear button next to your Connector Profile (left), and then click Edit.
10. Locate the SolarWinds LEM Agents you want to add to your Connector Profile in the Available Agents pane, and click the arrow next to them to add them to the Contained Agents pane.
11. If you are finished adding SolarWinds LEM Agents to your Connector Profile, click Save.
Creating a filter for all activity from the computers in a Connector Profile:
1. Open the SolarWinds LEM Console and log into the SolarWinds LEM Manager as an administrator or auditor.
2. Click Monitor.
3. Click the button on the Filters pane (left), and then click New Filter. 4. Enter a Name and Description for the filter.
5. Click Event Groups on the components list (left). 6. Click Any Event.
7. In the Fields: Any Event list below, click and drag DetectionIP into the Conditions box (right).
8. Click Connector Profiles on the components list (left).
9. Click and drag your Connector Profile into the Conditions box (right), replacing the Text Constant field, which is denoted by a pencil icon. 10. Click Save.