Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Get started adding systems and devices to LEM

Get started adding systems and devices to LEM

Updated: September 15, 2017

This topic documents how to add Agent devices (servers, domain controllers, and workstations), and non-Agent devices (firewalls, router, and switches) to LEM.

There are two ways to configure computers and devices on your network to send log events to LEM:

  • To add servers, domain controllers, and workstations, install a LEM Agent.
  • To add firewalls, routers, or switches, configure your devices to send log events directly to the LEM VM using syslog or SNMP traps. After configuring your device to log to LEM, configure the appropriate connectors directly on the LEM Manager.

Click the video File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1330-Troubleshoot_alerts_in_the_LEM_console/button_videocamera_18x12.png icon to view a tutorial about adding devices to LEM.

 

About the LEM Agent

Install the LEM Agent on servers, domain controllers, and workstations to monitor local events on the systems in your network. The LEM Agent is a stand-alone service that collects and normalizes log data on the remote system before it is sent to the LEM Manager for processing.

See "Install LEM Agents to protect servers, domain controllers, and workstations" in the LEM Installation Guide for installation steps.

LEM Agents can:

  • Capture events in real-time.
  • Encrypt and compress the data for efficient and secure transmission to the LEM Manager.
  • Buffer the events locally if the Agent loses network connectivity to the LEM Manager.

In addition to monitoring local events, the Agent provides event alerting on workstations and servers. It is also required for some active responses, including logging off a user, shutting down a computer, and detaching a USB device. You can trigger actions manually from the LEM console using the Respond menu, or you can create rules to take specific actions automatically.

Install the LEM Agent on computers that allow third-party software, including servers, domain controllers, and workstations. On Windows, the LEM Agent captures log information from sources such as Windows Event Logs, a variety of database logs, and local anti-virus logs.

SolarWinds recommends installing the LEM Agent if you have the option. If installing the LEM Agent is not feasible, send log events directly to LEM.

About sending log events directly to LEM

Configure non-Agent devices, such as firewalls, routers, or switches, to send log events directly to the LEM Manager using syslog or SNMP traps. Then, configure the appropriate device connector on the LEM Manager using the LEM console. For a complete list of supported devices, see the "Comprehensive Data Source Support for All Your Logs & Events" page:
http://www.solarwinds.com/products/log-management/comprehensive-data-source-support.aspx.

See Add syslog and Agent nodes to LEM for more information about configuring devices that do not allow third-party software.

Last modified

Tags

Classifications

Public