Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > LEM Administrator's Guide > Monitor view in the LEM console

Monitor view in the LEM console

Updated: September 15, 2017

Monitor view displays all monitored events on your network in real time. It include features to help you review and analyze current events on your network.

This topic provides page-level help for the Monitor view in the LEM console.

See also:

 

This screen capture shows the Monitor view in the LEM console:

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/monitor-view.png

 

Monitor view includes:

  • An All Events pane that displays a real-time event stream where you can apply event filters
  • An Events Details pane that displays details for any event you highlight in the event stream
  • A Widgets pane that displays a graphical representation of the current filter (if available)
  • Several default filters to refine the data you see in the event stream
  • A GUI filter editor called Creation to create and edit event filters

Raw (un-normalized) log messages do not appear in Monitor view, even if the nDepth log retention feature is enabled. Further, rules can only fire on normalized data and not on raw log data that is received.

The Filters pane

The Filters pane stores all filters you can apply to the console event messages.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/filterswindow.png

All filters are stored in groups. To add a filter to the events grid, click a filter group and then click a filter. The events grid title changes to the name of the event and the grid refreshes and displays the incoming events allowed by the filter conditions.

Click to create your own custom filters and filter groups. Click to edit, pause, resume, turn on, turn off, import, export, or delete filters.

The Filter Notifications pane

The Filter Notifications pane summarizes the event activity from your active notification filters that use blink, popup, or sound notifications. Click a filter name to view the events associated with the targeted filter.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/filternotifications.png

The Events grid

The Events grid displays the events that occur for your selected filter. This grid displays each event that occurs for your selected filter, as well as every event logged to each Manager. The title bar displays the filter name you selected in the Filters pane.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/eventsgrid2_575x179.png

As the Agents monitor each configured data source on your network, they send the events to each Manager. In turn, the event grid displays the events logged to each Manager that is connected to the console. By default, incoming events always appear at the top of the grid, allowing the Monitor view to always display the most recent activity.

The toolbar includes additional options:

  • Respond. Click this option to respond to a particular event message. For example, you can choose to block an IP address, or restart or shut down machine that is the event activity source.
  • Explore. Click this option to select a particular event message or one of its specific data elements with an explorer. The selected cell (or string) determines the explorers you can choose.
  • Pause. Click this option to stop the event traffic reported by the filter. When finished, click Resume to continue.
  • Highlight Selected Row(s). Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1220-Managing_events_in_LEM_Monitor_view/highlightselectedrows_21x13.png to highlight rows in the Events grid with a selected color.
  • Settings. Click and select an option to mark messages as read or unread, remove messages, or copy event information.

The Widget pane

The Widget pane displays the widgets associated with the filter currently applied to the events grid. Widgets automatically refresh themselves to reflect changes in events grid filtering.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/widget-monitorview2_571x312.png

You can view the widgets associated with this filter by clicking the drop-down menu and selecting an option.

You can also:

  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1220-Managing_events_in_LEM_Monitor_view/icon-widgetconfig2_17x17.png to change the presentation format (such as pie chart, bar chart, and so on).
  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/plus_14x12.png to create a new widget.
  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/icon-widgetedit3_15x15.png to open Widget Builder and create a new widget.
  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/button-legend_15x15.png to display the widget legend.
  • Hover your mouse over a format item to view specific information.

Change the widget display for a selected filter

  1. In the LEM console, click Monitor.
  2. In the Filters pane, maximize a category and click the filter you want to modify.
  3. In the Widgets pane, click the drop-down menu and select the widget you want your filter to display.

The Event Details window

The Event Details pane displays specific information about the last event you selected in the Events grid. When you click an event, the event is highlighted in the Event Details pane, along with supporting information. To view the event details for a specific event, select the event in the event stream and review the results in the Event Details pane.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/eventdetails2_576x300.png

You can also:

  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/createfilter_16x16.png to create a filter for this event.
  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/updown2_13x14.png to view the previous or next event.
  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/eventdescription.png to view the event description.
  • Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/eventdescriptiondetails.png to return to the event details.

The window fields vary according to your selected event type. For example, network-oriented events display IP addresses and ports in the window. Account-oriented events display account names and domains. The window may also include a severity level.

Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/button-updown_13x13.png or the up and down arrow keys to select the previous or next event in the events grid.

Event Description window

The Event Description window displays a description of your selected event in the events grid.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/eventdescription2_376x267.png

Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/button-alertinfo_20x14.png to review the event description.

Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/eventselectorbutton_19x14.png to return to the Event Details window.

Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/button-updown_13x13.png to select the previous or next event and event description in the events grid.

Event Severity Levels

Each event is assigned a number indicating its severity. The following table explains each severity level.

Level

Name

Description

0

Debug

Detailed event information used for debugging by SolarWinds engineers.

1

System Error

Part of the system is unusable.

2

Informational

SolarWinds informational messages only.

3

Normal Audit

Normal behavior, but could be part of a signature attack.

4

Normal Notice

Normal behavior that you should monitor.

5

Suspicious

Normal behavior under most circumstances, but should be investigated.

6

Threatening

Investigation and action is required.

7

Critical

Immediate action is required.

The "Create a Filter From This Event" button

Click File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/button-addfilter_16x15.png in the Event Details or Event Description windows to create a new filter that captures the currently selected event type. When completed, the Monitor view opens with the new filter open in the events grid. The new filter appears in the Filters pane under the last selected filter. If required, you can edit the filter so it captures specific events. See Manage LEM filters: Add, edit, view, and more for help.

The Respond menu

The Respond drop-down menu in Monitor view provides a list of actions you can execute for a specific event message.

Each Respond command opens the Respond form. This form includes data from the field you selected and options for customizing the action—similar to configuring the active response for a rule in the Rule Creation.

The Respond menu is context-sensitive. The event type or cell currently selected in the event grid determines which responses you can choose.

Select an event response

In the Respond form, you can use the default field information to complete the form.

  1. In Monitor view, locate an event in the event grid and click Pause.
  2. Select the event in the grid.
  3. Click Respond and select an action.

    The drop-down menu contains a list of commonly-used actions. If your action does not appear in the list, select All Actions.

  4. In the Respond form, click the Action drop-down menu and verify the action to your selected event.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/respond-menu2_271x145.png

  5. Complete any remaining fields in the form.
  6. Click OK to execute the action.
  7. Click Resume to receive new events in the event grid.

Select an event response using drag-and-drop text

In the Respond form, you can drag and drop information from the Event and Information fields into the configuration fields to complete the form. Use this method to add content to a blank configuration field or replace the content of an existing configuration field

  1. In Monitor view, locate an event in the event grid and click Pause.
  2. Select the event in the grid.
  3. Click Respond and select an action.

    The drop-down menu contains a list of commonly-used actions. If your action does not appear in the list, select All Actions.

  4. In the Respond form, click the Action drop-down menu and verify the action to your selected event.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/respond-menu2_271x145.png

  5. In the Respond form’s event information grid, scroll to locate the field that contains the data element needed to configure the action.
  6. Click and drag an event field into the appropriate action configuration field.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/respond-menu3_272x348.png

  7. Complete any remaining fields as required.
  8. Click OK to execute the action.
  9. Click Resume to receive new events in the event grid.

The Explore menu

See Utilities view in the LEM console .

Notifications

The Notifications tab at the bottom of the Monitor view page summarizes the event activity from each of your active notification filters that use blink, popup, or sound notifications. Click a filter name in this tab to view the events associated with the targeted filter.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Administrator's_Guide/LEM_Administrator's_Guide/1200-Monitor_view_in_the_LEM_console/notifications.png

Nodes

The Nodes tab at the bottom of the Monitor view page opens the Nodes screen in Manage view, allowing you to connect or disconnect from a Manager, add a Manager Agent, and configure rules, policies, and network security connectors that apply to each Manager

Appliances

The Appliance tab at the bottom of the Monitor view page opens the Appliance screen in Manage view to add, configure, and maintain each virtual appliance associated with and monitored by the LEM system.

Appliances is used here as a generic term that includes Managers, as well as database, logging, network, and nDepth servers.

Last modified

Tags

Classifications

Public