Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Log & Event Manager (LEM) > Log and Event Manager Getting Started Guide > Verify that events are being sent to LEM

Verify that events are being sent to LEM

Table of contents
No headers
LEM Getting Started Home

Updated: December 15, 2017

After you configure your device to send events to LEM, use the check logs tool to verify that LEM is receiving the data. You can access the LEM command line via VMware® vSphere® or Microsoft HyperV® Manager virtualization consoles. You can also use an SSH tool to verify that the raw syslog data is received by the LEM syslog server.

Raw syslog data is not yet parsed or normalized by LEM.

The following example shows how to use PuTTY to verify that LEM is receiving events.

  1. Open an SSH tool (such as PuTTY).
  2. Enter the IP address and port number (port 22) of the LEM virtual appliance.
  3. Log in with username cmc.

    If you using an evaluation copy of LEM, enter password as the password.

  4. Open the appliance menu and run the checklogs command.
  5. Determine which local facilities are receiving traffic.

    In the following example, local facility 4 has received 972 kilobytes of traffic while all other facilities are empty.

  6. Open the local facility to determine if it is receiving the logs you are expecting.

    In this example, local facility 4 is receiving traffic from the Cisco ASA firewall that was configured to send logs.


If you are not seeing the log data that you expect to see:


Previous: Configure the audit policy on your device to send events to LEM Next up: Configure an agent in LEM
Last modified