Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > Unable to receive port scan events from Windows agents

Unable to receive port scan events from Windows agents

Created by Jason Dee, last modified by MindTouch on Jun 23, 2016

Views: 818 Votes: 0 Revisions: 4

Overview

This article provides information when you are receiving port scan events and alerts from your firewall, but nothing from the Windows agents.

 

Environment

  • All LEM versions
  • Windows agents without active firewall logs

 

Cause 

The issue is caused when network traffic events cannot be logged to the standard Windows Application, Security, and System event logs.

 

Resolution

By default, the agents cannot report any sort of network traffic. The agents only log readers or parsers and only monitor three main Windows events logs:

  • Application
  • Security
  • System

The information above is not part of Windows logs.

 

However, if the workstations had the Windows Firewall enabled and it was logging, you could configure your agents to read that log file as well.

 

You can open up Windows Firewall on any of the hosts in question and go to Monitoring to see their logging settings. If they are logging and you see data in the firewall log file, try adding a Windows Firewall connector to that agent to see if you get the events you want. 

You can add a Windows Firewall connector by going to Manage > Nodes, click on the gear icon for that agent, and go to Connectors. Just find Windows Firewall in the list, click its gear, click New, click Save, click the gear on the new row, and click Start.

 

 

 

 

Last modified

Tags

Classifications

Public