Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Understanding syslog in LEM

Understanding syslog in LEM

Table of contents
Created by Tim Rush, last modified by Ann Guidry on Sep 18, 2018

Views: 2,772 Votes: 0 Revisions: 12


General information about syslog in LEM.


All LEM deployments


Although LEM can receive SNMP traps on port 162, syslog is far more common.
LEM utilizes Syslog-ng as the syslog server, receiving data from network devices over UDP port 514.

UDP protocol is common for syslog because of the speed and efficiency.


As of release 6.4 LEM does not support encrypted Syslog data, We do have plans to add support for this in future version. Please register your voice by logging a support ticket with Solarwinds Support.

Maybe the easiest way to think of syslog in LEM, is to focus on the syslog area of the LEM as the destination.
Even though we use syslog terms like 'local facilities', there is a collection of files (flat files) to collect the syslog data.
So the sending device defines where to send the syslog: destination IP, UDP/TCP port number, and destination filename.
To receive log data sent by the network devices, the LEM GUI-console allows configuring a connector to read the defined syslog file.

Think of the connector as an interpreter to read the data, and a connector must be configured for every type of data received by the LEM.

Then  the interpreter separates the data into fields, without changing the data.
This process allows Rules to fire upon this data, and allows the data to be inserted into tables in the database.
The GUI-console nDepth search, or the Reports application, performs data retrieval.

If unsure where the data is being sent, Solarwinds support can assist in finding the data, but the vendor administrators guide or vendor support will be the definitive answer for some issues.

Syslog can write to the following files on the LEM (but other files may be possible):




Here are a few web links that will also help.


Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.


Last modified