Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at customersuccess@solarwinds.com

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > LEM Rule for when users connect to a specific website

LEM Rule for when users connect to a specific website

Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 817 Votes: 1 Revisions: 4

Overview

This article provides information about the LEM Rules when a user connects to a specific website.

Environment

All versions of LEM

Information

Perform an nDepth query for the following criteria:

WebTrafficAudit.URL CONTAINS /ENTER_URL_HERE/

 

If this returns the expected results, build a new rule and set the correlation to the same as the above. Specify a correlation time and appropriate action.

For more a more further detailed procedure, click HERE.

 

To check the WebTrafficAudit: 

Go to ResourceAudit > NetworkAudit > ApplicationTrafficAudit > WebTrafficAudit.

 

WebTrafficAudit alerts reflect application-layer data related to web services. Included in WebTrafficAudit are client and server web events from web servers, web applications, content filter related events, and other web services.

WebTrafficAudit alerts generally indicate normal traffic, however, alerts of this type could also be symptoms of inappropriate web usage, potential abuse of web services, or other abnormal traffic.

 

 

Last modified
20:14, 22 Jun 2016

Tags

Classifications

Public