Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at customersuccess@solarwinds.com

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > Unable to receive port scan events from Windows agents

Unable to receive port scan events from Windows agents

Created by Jason Dee, last modified by MindTouch on Jun 23, 2016

Views: 676 Votes: 0 Revisions: 4

Overview

This article provides information when you are receiving port scan events and alerts from your firewall, but nothing from the Windows agents.

 

Environment

  • All LEM versions
  • Windows agents without active firewall logs

 

Cause 

The issue is caused when network traffic events cannot be logged to the standard Windows Application, Security, and System event logs.

 

Resolution

By default, the agents cannot report any sort of network traffic. The agents only log readers or parsers and only monitor three main Windows events logs:

  • Application
  • Security
  • System

The information above is not part of Windows logs.

 

However, if the workstations had the Windows Firewall enabled and it was logging, you could configure your agents to read that log file as well.

 

You can open up Windows Firewall on any of the hosts in question and go to Monitoring to see their logging settings. If they are logging and you see data in the firewall log file, try adding a Windows Firewall connector to that agent to see if you get the events you want. 

You can add a Windows Firewall connector by going to Manage > Nodes, click on the gear icon for that agent, and go to Connectors. Just find Windows Firewall in the list, click its gear, click New, click Save, click the gear on the new row, and click Start.

 

 

 

 

Last modified
20:24, 22 Jun 2016

Tags

Classifications

Public