Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > Log and Event Manager Getting Started Guide > How to get started with SolarWinds Log and Event Manager

How to get started with SolarWinds Log and Event Manager

LEM Getting Started Home

Updated: December 15, 2017

SolarWinds Log & Event Manager (LEM) is a state-of-the-art security information and event management (SIEM) virtual appliance that adds value to existing security products and increases efficiencies in administering, managing and monitoring security policies and safeguards on your network.

LEM provides access to log data for forensic and troubleshooting purposes, and tools to help you manage log data proactively. LEM leverages collected logs, analyzes them in real-time, and notifies you of a problem before it causes further damage.

For example, advanced persistent threats can come from a combination of network events such as software installations, authentication events, and inbound and outbound network traffic. Log files contain all information about those events. The LEM correlation engine identifies those advanced persistent threat behaviors, and notifies you of any anomalies.

Who should use this guide?

This guide is intended for SolarWinds customers or prospects who have purchased or want to evaluate SolarWinds LEM.

If you are not yet a customer, and are interested in evaluating SolarWinds LEM, you can download the product, fully-functional for 30 days. After the evaluation period, you can convert your evaluation license to a production license by obtaining and applying a license key.

The purpose of this guide is to familiarize you with the most commonly used features of SolarWinds LEM that are of interest to SolarWinds customers.

Checklist to get started with SolarWinds LEM

Complete the following tasks to get started with SolarWinds LEM:

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png

Determine which logs to monitor in LEM

Before you begin working with LEM, decide which logs you want to monitor. If you monitor too many logs at first, working in the LEM Console can be overwhelming. If you monitor too few (or no) logs, then LEM provides little to no value.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png Install and configure LEM

This topic guides you in installing LEM.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png

Configure the audit policy on your device to send events to LEM

Only events that you have configured to be sent to LEM are visible in the LEM console.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png

Verify that events are being sent to LEM

Learn how to use the LEM Contego Management Console (CMC) to verify that syslog event data is being sent to LEM.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png

Configure an agent in LEM

Learn how to add your first Microsoft Windows® computer to LEM.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png

Add a syslog device to LEM

Learn how to add a Cisco® Adaptive Security Appliance (ASA) firewall to LEM.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png

Navigate the LEM console

After LEM is receiving log data, use the LEM console to search, view, and filter the data.

File:Success_Center/Reusable_content_-_InfoDev/LEM_Getting_Started_Guide/Log_and_Event_Manager_Getting_Started_Guide/0010-How_to_get_started_with_SolarWinds_Log__Event_Manager/checkbox-completed.png

Beyond getting started with LEM

Learn about all the other resources available to you as you to expand your use of SolarWinds LEM.

 

Next Up: Determine which logs to monitor

Last modified

Tags

Classifications

Public