Submit a ticketCall us

AnnouncementsFace your biggest database issues head-on

Our new eCourse helps you navigate SQL Server performance blocks by teaching you how to recognize and deal with the three DBA Disruptors: Performance Hog, Blame Shifter, and Query Blocker. Register today to learn how to defend your environment and fend off menacing disruptions.

Register for your free eCourse.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Forward events from LEM

Forward events from LEM

Table of contents

Updated March 2, 2017


You may have a requirement to collect log data in multiple destinations (syslog servers or SIEM devices), which means there may be a need to forward the log data.

This article discusses that request and ways to achieve that need.


All LEM versions


LEM is an SIEM (Security Information and Event Manager), utilizing a syslog server (syslog-ng), but designed as a logging endpoint solution. Numerous network devices can syslog directly to more than one syslog server or endpoint solution, but many can only send to one destination.


LEM can receive log data from a Windows/Linux/Unix computer, provided a LEM Agent has been installed on that computer. LEM cannot forward agent data or SNMP trap data.


We hope to have the end-user configurations in a future version of LEM that can forward syslog data. 

While Kiwi Syslog can be utilized to forward syslog data, this requires Kiwi Syslog to be installed on a Windows server. LEM can read the forwarded syslog data from Kiwi or another 3rd party syslog server, provided the syslog-ng protocol is used to send over port 514 to LEM. Solarwinds support can also assist with configuring the Kiwi Syslog.


If you have additional questions on this please open a case with Support.

See also Export or forward data from the LEM database for related information.


Last modified