Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Archive > 2017October27 - Deletes > Viewing All Traffic from a Specific Device in the LEM Console

Viewing All Traffic from a Specific Device in the LEM Console

Created by Caroline Juszczak, last modified by Kevin.Swinson on Oct 27, 2017

Views: 20 Votes: 0 Revisions: 5

Each device configured to send log data to the SolarWinds LEM uses the Tools Alias field. Use this field in filters, rules and searches to monitor specific type of traffic from a specific network device. You can also use the DetectionIP event to monitor data from a specific device. For example, AnyAlert.DetectionIP=10.1.1.1.

Create a filter to capture device traffic

To view device traffic in the LEM console, create a filter that captures traffic from a specific device.

Use the same principles to create rules and searches with a similar purpose.

  1. Click the Monitor view in your LEM console.
  2. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/1A0/Button-Plus-Black2_15x12.png in the Filters pane and select New Filter.
  3. Select a condition from the Events or Event Group for your filter.

    Select Any Alert from the Events group to view all traffic from your device.

    Select Network Audit Alerts in the Event Groups to view all network from your device.

    Select WebTrafficAudit from the Events group to view web traffic from your device.

  4. In the Fields list under your selection, locate and drag ToolAlias and drag it into the Conditions box.
  5. In the Constant field in the Group box, enter the Tool Alias related to the device you want to track. Use asterisks (*) as wildcard characters to avoid entering the entire value.

    For example, the default Firewall filter uses similar logic. Its conditions read, Any Alert.ToolAlias = *firewall*. This assumes that the firewall connector was configured with a ToolAlias that includes firewall in the name.

  6. Click Save.
  7. If your filter does not generate events in the LEM console, verify that the Tool Alias value matches Tool Alias for your device.

Verify the alias value associated with the connector

The following procedure applies to devices configured to send logs to your LEM manager. Use a similar procedure to verify agent connectors when appropriate, applying it on the agent associated with the connector instead.

  1. Click Manage > Appliances in the LEM console.
  2. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/1A0/Button-Gear_17x14.png next to your LEM manager and select Connectors.
  3. Select the Configured check box.
  4. Select the connector instance you want to verify.

    Configured tool instances appear with a File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/1A0/Icon-Play.png in the Status column.

  5. Verify that the Alias field value is correct.
  6. (Optional) Change the tool alias.
    1. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/1A0/Button-Gear_17x14.png next to the connector and select Stop.
    2. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/1A0/Button-Gear_17x14.png next to the connector and select Edit.
    3. Edit the Alias field value, and then click Save.
    4. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/1A0/Button-Gear_17x14.png next to the connector and select Start.
  7. Click Close.
Last modified

Tags

Classifications

Public