Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Log & Event Manager (LEM) > How to Configure Syslog Nodes in SolarWinds Log and Event Manager - Video

How to Configure Syslog Nodes in SolarWinds Log and Event Manager - Video

Updated 8-18-2016

Overview

During this session I will show you how to use the LEM agent to collect logs from servers and workstations. 

 

 

Environment

  • Log & Event Manager

Related Resources

Video Transcription

Before we get started make sure you have administrative access to the servers and workstations you plan to monitor. Windows based systems will require Domain or Local administrative privileges and Linux or Unix systems will require root level access.

Ok let's begin. In order to successfully collect log data from your servers and workstations you will need to deploy the LEM agent.

  1. To download the agent login to your web console, click on the MANAGE button like you see here and select NODES. 
  2. At the top left click on the Add Node button then select the Agent Node option. Now we can see several agent installers that we can download.
  3. Windows agent installation comes in 2 forms. Remote installation allows you to mass deploy the agent and local installation is an executable that you download and run directly on the system.
  4. I am going to select the remote installation for this demonstration. Click on the link and it will ask you where you wish store the installer. The download will be in zip format and is approximately 80Mb in size.
  5. Once the download is complete extract the contents. By default it should create a folder in the same location however you can extract the contents wherever you like.
  6. Now navigate to the extracted contents and locate the file named inremoteagent.exe and run it. Keep in mind that the installer will use your existing privileges and when you begin the install it may prompt for additional privileges in order to install the agent successfully.
  7. Click next on the installer dialog box then accept the License Agreement and click next again.
  8. The installer will now create a Temp folder to store the necessary files for use in remote installation. If the default file path is good then click next. If not, you can enter a custom path.
  9. Next you will be asked to enter a manager name. Any time you hear the term manager in reference to LEM it will be the hostname or IP address of your LEM Virtual Appliance. NOTE: If you have added a DNS entry for LEM use the ip address. If you have then you can use default hostname of swi-lem or the hostname you have assigned earlier.
  10. Click next and another box will appear asking if you want the installer to perform a network lookup or if you want to point it to a list of systems. The lookup option will perform a netbios discovery so if you have a highly segmented network it may not discover all of your systems. If you choose the file option just create a simple text file with hostnames or ip addresses listed line by line.
  11. In this case let's choose Get Hosts Automatically then click OK. As you can see a list of hostnames appear allowing me to select one or more systems. The Windows agent installer can be applied to both workstation and server nodes. Select your systems and click next.
  12. The next box displays the default install paths for the agent. By default the installer automatically detects the Windows OS version and whether its 32 or 64bit. In most cases you will just accept the defaults by clicking next however if you wish to use a different file path you can change it here.
  13. Now you will be asked if you want to include USB Defender with the install. USB Defender is an optional tool that allows you to monitor and respond to USB devices and USB file activity. If you are installing on a virtual machine uncheck this option however if it is physical system USB Defender can provide excellent visibility into USB activity.
  14. Click next and you will be taken to an install summary. If everything is good to go click INSTALL. The installer will complete one more setup process. click next to initiate the install. NOTE: If the agent installer does not have sufficient privileges to complete the install you will prompted to use a different account.
  15. Once the installs are complete you will see a summary of successful and failed installs. Click Next then Done to end the process.
  16. Now we need to verify the agent has connected to LEM. Go back to your LEM Web Console and click on Go to Manage Nodes at the bottom of the screen.
  17. Look in the list of connected nodes and you should see all of your systems displayed as green.

By default when you install agents on windows systems it will immediately send logs from the System, Security and Application event logs however you also have the ability to expand your log collection into much more.

Expanding log collection into more sources is accomplished by using the connector configuration within the agent.

  1. To access the connector configuration in the web console go to Manage Nodes.
  2. Locate the agent node you wish to configure, click the gear icon next to it and select Connectors.
  3. A box will appear with a full list of supported device and application connectors.
  4. You can view them by categore using the drop downs seen here or simply type a keyword in the search bar.
  5. For example, when I type in IIS it will take me to a list of IIS connectors.
  6. Click on the gear icon next to the connector to configure and enable it.
  7. Once you have finished just click the close button.

Visit the Success Center for more information on using Log & Event Manager. https://support.solarwinds.com/Succe..._Manager_(LEM)

 

 

Last modified

Tags

Classifications

Public