Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > LEM - Top 10 issues

LEM - Top 10 issues

Created by Tim Rush, last modified by Erin Stenzel on Feb 21, 2017

Views: 468 Votes: 1 Revisions: 14

Top 10 Issues in Log and Event Manager

 

 

An improperly configured LEM can cause performance issues, either as a result from the above or effectively causing the above.

 


Explore each of the potential root causes below to learn more about...

Getting past Windows SMB/CIFS mount errors

Increased network security access restricts some CIFS/SMB access, and forces new authentication.
Authentication like SMB signing, NTLM compatibility, Kerberos, and SMB hardening, and other restrictions make backups and upgrades require new access methods.

How to create, validate, and test Rule

Because of the way LEM can react to specific events real-time traffic and fire rules to cause a specified action, a greater level of caution is needed when configuring rules.

Setting up connectors in LEM to receive Syslog

LEM has over 500 different connectors to receive log data from most common network devices and logs on a computer with the agent installed. The syslog can be confusing for many, as log data is sent to a standard Syslog-NG application on the LEM. Avoid sending the wrong data to right connector, or the right data to the wrong connector.

Getting Agents to connect with the LEM

Agents are used to collect data on Windows, Linux and Unix computers in contrast to our competitors, because agents can handle a greater volume of traffic when the client computer requires it. Because of host firewalls, port restrictions and network routing, client computers are challenged to get access to the LEM.

How can I create and use my own CA certificate

LEM has it's own self-signed certificates, but if a higher level of security is needed, a CA signed certificate is required. Here are some articles that help describe the certificate process.

How do I install and configure the Reports Console

Reports Application is a separate application to meet auditing requirements, and provide detailed information about collected log data. Reports requires the additional installation of Crystal Reports 11 (runtime), and can also be configured to collect/transfer the data securely across the network.

Get nDepth searches and LEM reports to display desired results

Inserting data into the database can result if the LEM manager service is overwhelmed, the database service stops, or somehow corrupts the HSQL metadata.

Connecting the Web console to the LEM

Changes in browser security settings, use of proxy servers, and basic limitations in the volume of traffic that a browser can handle, will contribute to viewing the LEM GUI-console.

Performance issues caused by an improperly configured LEM

A properly configured LEM can handle up to 200 million events per day, or 2,000 EPS (events per second). Conversely, limiting the 'reservations' (appropriate CPU and RAM) will result in poor performance and instability.

Last modified
17:51, 21 Feb 2017

Tags

Classifications

Public