Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > Log and Event Manager Getting Started Guide > Determine which logs to monitor in LEM

Determine which logs to monitor in LEM

Table of contents
No headers
LEM Getting Started Home

Updated: December 15, 2017

Before you begin monitoring logs with Log & Event Manager, SolarWinds recommends that you decide which logs to monitor. You should avoid an everything, all at once approach as it is easy to become overwhelmed when you send all log data to LEM. This section outlines strategies you can use to determine which logs to monitor.

  • Identify your goals by listing what you want to accomplish with your log data. Consider the business drivers that require you to monitor logs. If you have a compliance-related goal, you could focus on your data center and monitor security events. If your goal is to monitor logs for outages, you could verify that your servers are sending logs, and that you are receiving events from Microsoft Windows® Event Logs.
  • Identify the systems that have the log data you want to monitor: If your goal is to monitor logs so you are PCI-compliant, identify the systems and network devices that are in scope for compliance. For each identified system and network device, identify which specific logs are in scope, and the level of logging, if applicable.
  • Begin with what you know: Another strategy for determining which logs to monitor is to begin with what you know so that you can avoid learning about LEM and your logs at the same time. Monitor the logs with which you are familiar, and scale from there. For example, if you are most familiar with your Windows security, application, and system event logs, begin monitoring those logs first in LEM. LEM also provides connectors to read many other different types of logs, as well.

Use the following table to identify the types of logs to collect based on your needs:

If You Need To Track... Collect These Kinds Of Logs

User/Groups: Windows security logs

Systems: Windows system and application logs

Application-specific logs

Network devices (firewalls, routers, switches, etc): syslogs

Authentication failures and successes

Windows security logs

Application-specific logs

Authentication logs on other platforms

Internal and external unexpected network activity

Proxy server logs

Network device logs (syslog)

Service and system activity

Windows systems logs

Application logs


Core operating system logs

Application logs


Previous: How to get started Next up: Install and configure LEM
Last modified