Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Additional LEM Configuration and Troubleshooting Information > Configure LEM to save raw log messages for nDepth search

Configure LEM to save raw log messages for nDepth search

SolarWinds LEM can save both the raw log data forwarded by LEM connectors, as well as the normalized data displayed in the LEM console. You can search the raw log data and the normalized data separately. This topic describes how to  store raw log data by configuring LEM manager and the applicable connectors. 

Preparing to save raw log messages

LEM stores raw log data in a separate database from the normalized data. This database typically resides on the same VM as LEM Manager and the alert database, but it can also reside on a separate dedicated LEM database or nDepth appliance. 

LEM requires the following hardware upgrades to save raw log messages: 

  • At least two additional CPUs 
  • 8-16 GB of RAM 
  • Double the typical storage requirements for your environment for the same retention period

Be aware of the following limitations regarding raw log messages:

  • Raw log data does not appear in the Monitor view. 
  • Rules fire on the normalized data, not the incoming raw  log data.
  • nDepth uses raw data (the original log). This is different from the nDepth Search that you access in the LEM console by choosing Explore > nDepth.

 

When configuring the  tool configuration forms on LEM manager and the agents, do not modify the Output, nDepth Host, or nDepth Port fields unless your LEM appliance is configured to receive and store original log data in its own database. These fields are reserved for implementations where the LEM appliance is configured to receive and store original log messages. If your LEM appliance is not configured appropriately, modifying these settings will cause all alert data to queue indefinitely, rather than being sent to the appropriate database. 

Configure LEM Manager to store original log files in their own database

Complete this procedure prior to configuring any connector to send log messages to your LEM appliance.

  1. Log in to your LEM appliance using your CMC credentials.
  2. At the cmc> prompt, enter manager.
  3. At the cmc::cmm# prompt, enter configurendepth and follow the prompts to configure your LEM Manager to use an nDepth server:
    1. Enter y at the Enable nDepth prompt.
    2. If you are prompted to run nDepth locally, enter y. This will configure a separate database on your LEM appliance to store original log files.
    3. If your LEM implementation consists of several appliances, follow the prompts to complete the process for your dedicated database or nDepth appliance. For additional information about this process, contact Support.
  4. At the cmc::cmm# prompt, enter exit and press Enter to return to the previous prompt.
  5. At the cmc> prompt, enter ndepth and press Enter.
  6. Start the Log Message Search and Storage service.

    At the cmc::nDepth# prompt, enter start and press Enter.

  7. Enter exit and press Enter to return to the previous prompt.
  8. Enter exit and press Enter to log out of your LEM appliance.

Configure the connectors to send original log data to your LEM appliance

  1. Click Manage > Nodes.
  2. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0F0/Button-Gear_16x13.png next to the connector and select Connectors.

    If the connector is configured, click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0F0/Button-Gear_16x13.png and select Stop, and then click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0F0/Button-Gear_16x13.png and select Edit.

    If the connector is not configured, create a new connector instance by clicking click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0F0/Button-Gear_16x13.png and selecting New.

  3. In the Connector Details pane, change the Output value to Alert, nDepth. Leave the nDepth Host and nDepth Port values alone unless otherwise instructed by Support.

    The Output values are defined as:

    • Alert: Sending data to the alert database
    • nDepth: Sending data to the RAW (original log) database
  4. Click Save.
  5. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/0F0/Button-Gear_16x13.png and select Start.
  6. Click Close to close the Connector Configuration window.
  7. Repeat these steps to configure additional connectors to send original log data to your LEM appliance.
Last modified
16:30, 27 Jan 2017

Tags

Classifications

Public