Submit a ticketCall us

WebinarUpcoming Webinar: Should I Move My Database to the Cloud?

So you’ve been running an on-premises SQL Server® for a while now. Maybe you’ve moved it from bare metal to a VM, and have seen some positive benefits. But, do you want to see more? If you said “YES!”, then this session is for you, as James Serra will review the many benefits that can be gained by moving your on-prem SQL Server to an Azure® VM (IaaS). He’ll also talk about the many hybrid approaches, so you can gradually move to the cloud. If you are interested in cost savings, additional features, ease of use, quick scaling, improved reliability, and ending the days of upgrading hardware, this is the session for you.

Register now.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager (LEM) Documentation > Log and Event Manager Getting Started Guide > Verify that events are being sent to LEM

Verify that events are being sent to LEM

Table of contents
No headers
LEM Getting Started Home

Updated: December 15, 2017

After you configure your device to send events to LEM, use the check logs tool to verify that LEM is receiving the data. You can access the LEM command line via VMware® vSphere® or Microsoft HyperV® Manager virtualization consoles. You can also use an SSH tool to verify that the raw syslog data is received by the LEM syslog server.

Raw syslog data is not yet parsed or normalized by LEM.

The following example shows how to use PuTTY to verify that LEM is receiving events.

  1. Open an SSH tool (such as PuTTY).
  2. Enter the IP address and port number (port 22) of the LEM virtual appliance.
  3. Log in with username cmc.

    If you using an evaluation copy of LEM, enter password as the password.

  4. Open the appliance menu and run the checklogs command.
  5. Determine which local facilities are receiving traffic.

    In the following example, local facility 4 has received 972 kilobytes of traffic while all other facilities are empty.

  6. Open the local facility to determine if it is receiving the logs you are expecting.

    In this example, local facility 4 is receiving traffic from the Cisco ASA firewall that was configured to send logs.


If you are not seeing the log data that you expect to see:


Previous: Configure the audit policy on your device to send events to LEM Next up: Configure an agent in LEM
Last modified