Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Log & Event Manager (LEM) > How-To View All Admin Activity in Log & Event Manager - Video

How-To View All Admin Activity in Log & Event Manager - Video

Updated

Overview

This video will show you how to view all admin activity using LEM's nDepth Search interface.

 

 

 

Environment

  • Log & Event Manager

Related Resources

Video Transcription

Let's get started!

  1. Open a browser and login to your LEM web console.
  2. Click on the "Explore" button and select "nDepth" from the drop-down menu to be taken to the search interface.
  3. Click on the small toggle switch next to the search bar and drag it down. The switch allows you to change from drag-n-drop mode to text based searching.
  4. Within the search bar, type in the admin's username then either select a time period from the drop-down or click the custom range option. For this example, let's select "last week."
  5. Now click the blue "Play" button to begin the search.
  6. Pay attention to the "Refine Fields" category below the search bar as it will provide a summary of every event that contains the word "Administrator." You can also expand these additional bolded sections to see details like usernames and IP addresses.
  7. Under the Event Name section there are several events that took place like software installs, account changes, failed logons and policy modifications.
  8. To drill down into specific details double-click on the events you wish to view. For example, let's click on "Software Installs" which will be added to the search bar. Now click the "Search" button again.
  9. To view the results of your search, click on the "Results" icon in this bottom row of options.
  10. To backtrack and drill down into further details go to the search history and click one of the previous searches. Now you can double-click on another item, hit the "Search" button again and view the results.
  11. While this example is focused on reviewing administrative activity you can use the same process to initiate a search on other keywords like IP addresses, user names, and log messages. In many cases a simple key word search will surface events of interest that may have gone unnoticed.

Visit the Success Center for more information on using Log & Event Manager. https://support.solarwinds.com/Succe..._Manager_(LEM)

 

 

Last modified
14:16, 18 Aug 2016

Tags

Classifications

Public