Submit a ticketCall us

AnnouncementsFace your biggest database issues head-on

Our new eCourse helps you navigate SQL Server performance blocks by teaching you how to recognize and deal with the three DBA Disruptors: Performance Hog, Blame Shifter, and Query Blocker. Register today to learn how to defend your environment and fend off menacing disruptions.

Register for your free eCourse.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Discovery is consuming licenses

Discovery is consuming licenses

Table of contents


This article provides information about the auto-node discovery system detecting that PCs in your environment are sending logs directly to the LEM server. It indicates that new nodes are discovered and it automatically adds them to the active monitored nodes list.


LEM version 5.5 and later


Discovery happens if the IP address/host name of the log data is different than the IP address/host name of the agent. This is by design, as some users have collectors, and all of the original nodes need to be accounted for in the licensing count. If you are not doing that, there's probably an issue with a mismatch in the IP address the agent is reporting and the IP address the log is reporting.

If you find that there's something different about the machines (long host names or multiple IP addresses), the issue might be related to Symantec Endpoint logs. If you are forwarding, for example, Symantec Endpoint logs to LEM, LEM sees a different source IP (Symantec) and machines (Symantec Clients).

Given a scenario where you have a syslog server that is aggregating logs from various devices, and then forwards these logs to LEM, auto-node detection should pick up on this and assign a node to each of the devices forwarding logs to the syslog server.

In this scenario, some users choose to put an agent on a syslog server to aggregate that way rather than aggregate and forward syslogs.


Last modified