Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Difference between a LEM Connector and a LEM Agent

Difference between a LEM Connector and a LEM Agent

Created by Craig O’ Neill, last modified by James Moore on Aug 16, 2018

Views: 3,877 Votes: 2 Revisions: 15


This article provides a high-level explanation of the difference between a LEM Agent and a LEM Connector.

  • Agent: Client side - active, encrypted, sending service
  • Connector: LEM server side - passive, receiving translator


  • LEM 5.7 and later


Note: Refer to the LEM Admin Guide for more detailed information and requirements.


  • The LEM Agent collects and normalizes log events, and then sends them to the LEM Manager.
    (Normalized events are translated into human readable format. LEM Manager provides monitoring, correlation, and reporting services, and long-term storage.) 
  • The Agent provides Alert Correlation that allows you to compare log files from a variety of sources to identify patterns that may indicate networking issues, external threats, and insider abuse.
  • The LEM Agent provides additional visibility at the local level for events on workstations and member servers that otherwise might be missed. Software installations and log on failures are just two examples.
  • The Agent runs as a stand-alone service that has its own configuration files, scripts, and so on.
  • The LEM Agent uses Secure Socket Layer/Transport Layer Security (SSL/TLS).
    (SSL/TLS is a bandwidth-friendly encryption and compression technology that provides a secure communication channel to the LEM Manager. Its impact on the network is very small.)


  • The LEM connector collects and normalizes Syslog events. (Normalized events are translated into human readable format.)
  • The host system, OS, or sending device is responsible for sending Syslog event data.
  • If the host device has not been configured to send data using its own Syslog service/daemon, then the LEM connector cannot normalize data.



Last modified