Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > How to Create a Filter to Display FIM Data

How to Create a Filter to Display FIM Data

Table of contents
Created by Erica Gill, last modified by MindTouch on Jun 23, 2016

Views: 1,188 Votes: 0 Revisions: 4

Overview

This article describes how to build a filter to display data collected by FIM events.

Environment

  • LEM 6.1
  • LEM 6.2

Steps

  1. In the LEM Console, go to Monitor.
  2. Click the + icon on the upper left hand corner of the screen to add a New Filter.
  3. In the Filter Configuration window, add a filter name and using drag and drop across the appropriate filters to the Condition pane.
    • For example, to filter for read events from a FIM connector for one particular file on one particular server use:
      • FileRead.DetectionIP =<IPAddressofMonitoredHost>
      • FileRead.ToolAlias=<ConnectorName>
      • FileRead.FileName=<FullPathofFile>
    • For example,
      • FileRead.DetectionIP =10.10.4.125
      • FileRead.ToolAlias=FIM File and Directory
      • FileRead.FileName=G:\SolarWinds\Area51\RestrictedFile.txt

Note: When working with filters an iterative approach, building a general filter and then narrowing down the filter based on the events filter can be the best way to narrow down to very specific events.

Last modified

Tags

Classifications

Public