Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > About the LEM console

About the LEM console

Updated: September 15, 2017

Use the console to manage and monitor LEM. This documentation topic applies to both the desktop console and the web console.

To open the LEM console, see Log in to the LEM web console or Log in to the LEM desktop console for steps.

The LEM console displays normalized information about the events on your monitored devices in real time. The items in this section address how to use the LEM console to view, respond to, and search for these events on a day-to-day basis. Unless otherwise stated, the functionality described in this section is identical between the web and desktop consoles.

Click the video File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1330-Troubleshoot_alerts_in_the_LEM_console/button_videocamera_18x12.png icon for a video tour of the LEM console.

Console Views

The console is organized into functional areas called views. These views organize and present different information about the components that comprise the LEM system.

The views are located in the toolbar. You can access six top-level views in the console.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1170-About_the_LEM_console/toolbarviews.png

  • Ops Center provides a graphical representation of your log data. It includes several widgets that help you identify problem areas and show trends in your network. You can select additional widgets from the widget library or add custom widgets that reflect your log activity.
  • Monitor displays events in real time as they occur in your network. You can view the details of a specific event or focus on specific types of events. This view also includes several widgets to help you identify trends or anomalies that occur in your network.
  • Explore provides tools for investigating events and related details.
    • Select nDepth to search or view event data or log messages.
    • Select Utilities to view additional utilities, such as Whois and NSlookup.
  • Build creates user components that process data on the LEM Manager.
    • Select Groups to build and manage groups.
    • Select Rules to build and manage policy rules.
    • Select Users to add and manage console users.
  • Manage manages properties for appliances and nodes.
    • Select Appliances to add and manage appliances.
    • Select Nodes to add and manage Agents.
  • Analyze is a placeholder for future improvements.

Grids

Grids are used throughout the console. Using Grids, you can perform common tasks such as selecting rows and grid cells, resizing grid columns, rearranging grid columns, and sorting a grid by columns.

Rearrange grid columns

Rearrange the grid column order to meet your needs. The columns remain in your set order until you exit the console. When you reopen the console, the columns return to their default order.

To rearrange a grid column, click and drag the column header to a new position.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1170-About_the_LEM_console/rearrangegridcolumn1.jpg

Sort a grid by columns

Sort grid data in each view by clicking the column headers. Each column can be sorted in ascending or descending order.

To sort a grid by one column, click the selected column header. The ▲ indicates sorting in ascending order (from A to Z). The ▼ indicates sorting in descending order (from Z to A).

In the Monitor view, you can sort a grid by multiple columns by pressing the Ctrl key and clicking each column header. The sorting order number is displayed next to ▲ or ▼ in each selected column.

Before you sort the Monitor view event grid, click Pause to stop the incoming event traffic. Click Resume to start the incoming event traffic.

LEM console grid column and data field descriptions

The following table explains the meaning of each grid column or data field that can appear in various alert grids, event grids, and information panes throughout the Console. The actual columns and fields that are shown vary according to the alert, view, or grid you are working with. But the meaning of these fields remains the same, regardless of where you see them.

For convenience, the fields are listed in alphabetical order.

Grid column or field Description

EventName

The name of the event.

ConnectionName

The name of the dial-up or VPN connection.

ConnectionStatus

The current status of the dial-up or VPN connection.

DestinationMachine

The destination IP address of the network traffic.

DestinationPort

The destination port number of the network traffic.

DetectionIP

The source network node for the alert data. This is usually a Manager or an Agent and is the same as the InsertionIP field. It can also be a network device, such as firewall or an intrusion detection system that may be sending log files over a remote logging protocol.

DetectionTime

The time the network node generated the data. This is usually the same as the InsertionTime field, but they can differ when the Agent or Manager is reading historical data, or if a network device has an incorrect time setting.

EventInfo

A short summary of the alert details. Additional details appear in the following fields, but EventInfo provides enough information to view a “snapshot” of the alert information.

ExtraneousInfo

Additional information relevant to the alert, but not reflected in other fields. This can include information useful for correlating or summarizing alert information in addition to the EventInfo field.

Host

The node the log message came from (the LEM or Agent that collected the message for forwarding to nDepth).

HostFromData

The originating network device (if different than the node) that the message came from. Normally, Host and HostFromData are the same, but in the case of a remote logging device (such as a firewall) this field reports the original remote device's address.

InferenceRule

The name of the correlation that caused this alert. The InferenceRule field will generally be blank, but in cases where the alert was related to a rule, it displays the rule name.

InsertionIP

The Manager or Agent that first created the alert. This is the source that first read the log data from a file or other source.

InsertionTime

The time the Manager or Agent first created the alert. This time indicates when the data was read from a log file or other source.

IPAddress

The IP address associated with the alert. This is a composite field, drawn from several different alert fields. It shows all the IP addresses that appear in alert data.

Manager

The name of the Manager that received the alert. For data generated from an Agent, this is the Manager the Agent is connected to.

Order

In the Event explorer’s event grid, the Order field indicates when each event occurred:

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1250-Utilities_view_in_the_LEM_console/icon-beforeevent.pngindicates the event occurred before the central event shown in the event map.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1250-Utilities_view_in_the_LEM_console/icon-centralevent.pngindicates the event occurred during (as part of) the central event shown in the event map.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1250-Utilities_view_in_the_LEM_console/icon-afterevent.pngindicates the event occurred after the central event shown in the event map.

Protocol

Displays the protocol associated with this alert (TCP or UDP).

ProviderSID

A unique identifier for the original data. Generally, the ProviderSID field includes information that can be used in researching information on the alert in the originating network device vendor's documentation.

SourceMachine

The IP address the network traffic is coming from.

SourcePort

The port number the network traffic is coming from.

ConnectorAlias

The Alias Name entered when configuring the connector on the Manager or Agent.

ConnectorId

The actual connector that generated the log message.

ConnectorType

Connector category for the connector that generated the log message.

Username

The user name associated with the alert. This is a composite field, drawn from several different alert fields. It shows all the places that user names appear in alert data.

Last modified

Tags

Classifications

Public