Submit a ticketCall us

Bridging the ITSM Divide
Integrated help desk and remote support software for faster resolution

Join us on Wednesday, November 29, 2017 at 11 a.m. CT, as we discuss the benefits of effectively integrating your help desk software with remote support solutions to help increase the efficiency of IT administration, improve communication, and decrease mean time to resolution (MTTR) for IT issues of all sizes. This directly impacts end-user satisfaction and your business’ bottom line. Register Now.

Home > Success Center > Log & Event Manager (LEM) > Log & Event Manager Installation Guide > LEM deployment examples

LEM deployment examples

Updated: August 30, 2017

This topic will help get you started planning your LEM architecture. The examples show different LEM deployment options.

In this topic:

Simple deployment example

The following deployment example uses one central syslog server to collect log data from your network devices in a local network. In this deployment, network devices use TCP or UDP to send syslog data to the LEM Manager's syslog server, whereas LEM Agents running on workstations and servers just use TCP to push log data to the LEM Manager.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Installation_Guide/LEM_Installation_Guide/0010-LEM_installation_overview/0020-LEM_deployment_examples/lem_architecture3_607x452.png

The syslog server receives logs on port 514 and saves the data in the LEM Manager /var/log file partition. Log file names vary based on the target facility configured on the network device.

The LEM Manager relies on routers, firewalls, and switches to transmit syslog messages to the syslog server running on the LEM Manager. If your log sources are located behind firewalls, see SolarWinds LEM port and firewall information to open the necessary ports. For a list of all ports required to communicate with LEM, see the SolarWinds Port Requirements for SolarWinds Products Guide.

Complex deployment example with multiple syslog servers

The following deployment example uses two syslog servers located in different cities. LEM can capture logs from multiple remote locations across wide area network (WAN) links. Because the LEM Agent includes built-in encryption, compression, and buffering capabilities, this can be done securely and efficiently.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Installation_Guide/LEM_Installation_Guide/0010-LEM_installation_overview/0020-LEM_deployment_examples/lem_architecture_advanced_595x345.png

Instead of using the syslog server built in to the LEM Manager component, this design calls for one syslog server per location. When using a detached syslog server, you need to install a LEM Agent on each detached server, and then enable the appropriate connectors on the LEM Agent. Following configuration, the LEM connectors normalize raw log messages into LEM events.

If you cannot add new logging hosts on your network devices due to restrictive change management processes, consider implementing this multi syslog server deployment example to leverage your existing syslog servers.

Complex deployment example with multiple LEM VMs

To increase performance, you can divide LEM's workload across multiple LEM VMs. Each VM can be configured to provide dedicated processing for tasks such as:

  • Management and event analysis
  • Database storage, search, and reporting
  • Log storage, search, and analysis
  • Log collection

Although multi-VM LEM installations are possible, 98% of all LEM deployments perform well as a single appliance that you can scale up by dedicating additional resources from the virtual host.

Each LEM VM can specialize and provide dedicated processing for one or more of the following:

  • Management and event analysis
  • Database storage, search, and reporting
  • nDepth log storage, search, and analysis
  • Log collection

The following diagram shows four LEM VM instances. One each for the LEM Manager, syslog collection, the normalized data store, and an optional original data store.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Installation_Guide/LEM_Installation_Guide/0010-LEM_installation_overview/0020-LEM_deployment_examples/mult-virt-app-stack_480x318.png

Deploying each LEM VM on separate hardware increases performance. You can also deploy multiple VMs on the same hardware host with minimal negative performance impacts.

LEM allows you to assign resources in different ways based on your organization's needs. For example, you can deploy two LEM Managers, each on a separate VM if your organization has logical divides in management and/or monitoring responsibilities.

File:Success_Center/Reusable_content_-_InfoDev/LEM/Log_and_Event_Manager_Installation_Guide/LEM_Installation_Guide/0010-LEM_installation_overview/0020-LEM_deployment_examples/indiv-virt-apps_456x330.png

In the above example a single LEM console provides a consolidated, real-time search and management view across two LEM VMs.

See also:

Last modified

Tags

Classifications

Public