Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Archive > 2017October25 - LEM Deletes > LEM product terminology

LEM product terminology

Table of contents
No headers
Created by Caroline Juszczak, last modified by Kevin.Swinson on Oct 25, 2017

Views: 49 Votes: 0 Revisions: 2

The following terms define the components used in Log & Event Manager.

Agent: A software application that collects and normalizes log data before it is sent to the LEM Manager.

Alert: LEM containers used to display events and messages from LEM-monitored devices.

Complexity of configured rules: Complex conditions involving multiple types of events, thresholds, and longer time frames require more resources than rules with simple conditions.

Connector: A software component that converts raw events collected from a network device into normalized events. Connectors can reside on device agents or the LEM appliance.

Desktop Console: An application powered by Adobe Air Runtime that monitors your LEM Appliance in place of the LEM Console.

Event: An unaltered message from a LEM-managed device.

Events per second or Events per day: The total number of distinct events received by the LEM appliance per second or per day (generally per second is considered an average). For example, the environment with 865 nodes can generate approximately 50 million events per day (or about 550 events per second).

Hypervisor: A software application that runs a virtual appliance on a Windows-based server, such as VMware® vSphere® and Microsoft® Hyper-V®.

LEM Manager: The deployed virtual appliance that captures syslog data from local network devices. The LEM Manager includes a syslog server, optimized database, web server, correlation engine, and a hardened Linux operating system.

Network device: A log source (such as a firewall, router, switch, or third-party software) that sends log messages to the LEM Manager.

Nodes. Systems and devices that send data to your LEM appliance, such as servers, workstations, network devices, and security devices. For example, an environment with 10 routers, 50 switches, 300 servers, five firewalls, and 500 workstations sending data your LEM appliance is equivalent to 865 nodes.

Normalized vs. original log (raw) storage: By default, all sizing details assume the Log & Event Manager default normalized data store is the only enabled store. If original log message storage is enabled, increase your resources accordingly.

Reports Console: A standalone application that schedules and runs preconfigured reports against your LEM database data. The console is a separate installation on your desktop or laptop system.

Rules: A LEM appliance component that provides automated actions based on specific alert correlations.

Rules triggered per day or Rules triggered per second. The total number of correlation rules that meet all criteria and are triggered per second or per day (generally per second is considered an average). For example, an environment can have 15 different correlation rules configured that fire approximately once every hour, or approximately 360 rules triggered per day.

Syslog server: A software application (such as Kiwi Syslog Server) that collects syslog messages and SNMP traps from network devices (such as firewalls, routers, and switches).

Virtual Appliance: A virtual image of a Linux-based physical computer that collects and processes log and event information. You can deploy the virtual appliance using VMware vSphere or Microsoft Hyper-V client.

Web Console (or LEM Console): Provides a browser-based method to monitor your LEM Appliance. The console is organized into five functional areas called views. These views organize and present different information about the components that comprise the LEM system.

The OPS Center view provides a graphical representation of your log data in the LEM Console. It includes several widgets that help you identify problem areas and trends in your network. The Monitor view displays events in real time as they occur in your network. The Explore view provides tools for investigating events and related details. The Build view creates user components that process data on the LEM Manager. The Manage view manages properties for appliances and nodes.


Last modified


This page has no custom tags.