Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Vista Alert detected with NT Security Connector

Vista Alert detected with NT Security Connector

Created by Randall Harwood, last modified by Tim Rush on Sep 26, 2017

Views: 921 Votes: 1 Revisions: 6


The wrong connector is being used to read the Windows security event log, and LEM is not saving the Windows security events to the database.
This article provides brief information and steps to resolve the issue when the LEM GUI-console displays "Vista Alerts are detected with NT Security Connector" alerts under Monitor tab > 'Internal Events'.


All LEM versions 


The issue is caused when the Agent is installed on Windows Vista and newer computers, and the incorrect 'older' Security Event log connector is selected (only used for Windows 2000, XP, 2003).
This could also happen if configuring a Connector Profile (under Build > Groups), and selecting the incorrect connector for the security event log. All computers listed under the profile would be affected, and produce the error.
LEM connector name for newer Windows operating systems is "Vista Security".


1. Identify the Detection Ip of the Machine that is providing the alert.

2. Go to Manage > Nodes.

3. Select the Gear to the LEFT of the target Machine.

4. After selecting the Gear, choose Connectors.

5. Select the configured box. You should see the Windows NT/2000/XP Security Log connector running.
     (or uncheck 'configured', then search for 'security log'. "Vista Security" is used for Windows 7/8/10/2008/2012/2016, and "Windows NT/2000/XP Security Log" is used for 2000/XP/2003.)

6. Stop the Connector.

7. Delete the Connector.

8. Uncheck Configured.

9. Search for Windows 7/2008/Vista Security Log.

10. Select the gear next to the Windows 7/2008/Vista Security Log.

11. Choose New.

12. Start the Windows 7/2008/Vista Security Log connector.


You should no longer see Vista Alert Detected with NT Security Connector alerts under LEM Internal Events.




Last modified