Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > LEM Rule for when users connect to a specific website

LEM Rule for when users connect to a specific website

Created by Craig O’ Neill, last modified by MindTouch on Jun 23, 2016

Views: 971 Votes: 1 Revisions: 4

Overview

This article provides information about the LEM Rules when a user connects to a specific website.

Environment

All versions of LEM

Information

Perform an nDepth query for the following criteria:

WebTrafficAudit.URL CONTAINS /ENTER_URL_HERE/

 

If this returns the expected results, build a new rule and set the correlation to the same as the above. Specify a correlation time and appropriate action.

For more a more further detailed procedure, click HERE.

 

To check the WebTrafficAudit: 

Go to ResourceAudit > NetworkAudit > ApplicationTrafficAudit > WebTrafficAudit.

 

WebTrafficAudit alerts reflect application-layer data related to web services. Included in WebTrafficAudit are client and server web events from web servers, web applications, content filter related events, and other web services.

WebTrafficAudit alerts generally indicate normal traffic, however, alerts of this type could also be symptoms of inappropriate web usage, potential abuse of web services, or other abnormal traffic.

 

 

Last modified

Tags

Classifications

Public