Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > Forward events from LEM

Forward events from LEM

Table of contents

Updated March 2, 2017

Overview

You may have a requirement to collect log data in multiple destinations (syslog servers or SIEM devices), which means there may be a need to forward the log data.

This article discusses that request and ways to achieve that need.

Environment

All LEM versions

Detail

LEM is an SIEM (Security Information and Event Manager), utilizing a syslog server (syslog-ng), but designed as a logging endpoint solution. Numerous network devices can syslog directly to more than one syslog server or endpoint solution, but many can only send to one destination.

 

LEM can receive log data from a Windows/Linux/Unix computer, provided a LEM Agent has been installed on that computer. LEM cannot forward agent data or SNMP trap data, but it can forward syslog data.

 

We hope to have the end-user configurations in a future version of LEM that can forward syslog data. In the meantime, Solarwinds support can assist with the syslog-ng configurations to forward the collected syslog data. The forwarded syslog data will only be sent in syslog-ng protocol on port 514, just as it was received, unmodified. Additional resources on LEM will need to be reserved to accommodate the additional workload.

While Kiwi Syslog can be utilized to forward syslog data, this requires Kiwi Syslog to be installed on a Windows server. LEM can read the forwarded syslog data from Kiwi or another 3rd party syslog server, provided the syslog-ng protocol is used to send over port 514 to LEM. Solarwinds support can also assist with configuring the Kiwi Syslog.

 

If you have additional questions on this please open a case with Support.

See also Export or forward data from the LEM database for related information.

 

Last modified

Tags

Classifications

Public