Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Log & Event Manager (LEM) > How To configure a Windows Sysmon connector on a LEM appliance

How To configure a Windows Sysmon connector on a LEM appliance

Updated December 5, 2017

Overview

This article describes how to configure the Windows Sysmon connector and set up your LEM Web Console to communicate with the connector. 

Environment

  • LEM 6.3.1 and higher

Steps

To set up the connector:

  1. Add a registry key.
  2. Create a new connector on the LEM appliance

Add a registry key

  1. Log in to the node or agent machine and open the registry editor (Regedit.exe).
  2. Navigate to:
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
  3. Right-click EventLog > New Key.
  4. Enter the following name for the new key:
    Microsoft-Windows-Sysmon/Operational
    sysmonreg.jpg

Create a new connector on the LEM appliance

  1. On your LEM appliance, log in to the LEM Web Console or Air Console.
  2. Select Manage > Nodes.
    manage-nodes.png
  3. In the Nodes screen, select the Windows Node that requires a connector.
  4. Click gear.png next to the node and select Connectors. 
  5. In the search box, search for:
    Sysmon
  6. Select the connector.
  7. Click gear.png and select New.
  8. Select the new connector.
  9. Click gear.png next to the connector and click Start. 

 

 

 

Last modified

Tags

Classifications

Public