Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Set a rule in the Response Time Window for more than 24 hours

Set a rule in the Response Time Window for more than 24 hours

Table of contents
Created by Ezgi Muderrisoglu, last modified by MindTouch on Jun 23, 2016

Views: 30 Votes: 0 Revisions: 4

Overview

This article provides information about the Response Time value of 24 hours in the correlation section of the rule builder and if you can set it to more than 24 hours.

Example: Agents that are disconnected for more than 24 hours, that connect back to the LEM Manager after this timeframe, do not trigger any rules within LEM.

Environment

LEM version 6.2

Detail

Agents that are disconnected for more than 24 hours, that connect back to the LEM Manager after this timeframe, do not trigger any rules within LEM. The reason being is  because the events that the agent sends back to the LEM Manager are older than the set 24 hour real-time limit in the rules.

 

Unfortunately, it is not possible to extend for more than 24 hours as it is the current limit.

Note: Having a response time value set to 24 hours can also cause performance issues, as the longer the rule is waiting for the conditions in a rule to be met, the more logs are gathered taking up more space.  We would recommend keeping the Response Time value to a lower amount then 24 hours.

 

Contact SolarWinds Technical Support for more information.

 

Last modified
20:20, 22 Jun 2016

Tags

Classifications

Public