Submit a ticketCall us
Home > Success Center > Log & Event Manager (LEM) > Log and Event Manager Getting Started Guide > Configure an agent in LEM

Configure an agent in LEM

Table of contents
No headers
LEM Getting Started Home

Updated: December 15, 2017

For non-network devices, you can install a LEM Agent on workstations and servers to collect and normalize log data before it is sent to LEM. The LEM Agent also collects security data from each device (such as Windows event logs, database logs, and local antivirus logs) and transmits this data to the LEM device. The LEM Agent has a small footprint on the device and prevents log tampering during data collection and transmission.

The LEM Agent provides the following benefits:

  • Captures events in real-time
  • Encrypts and compresses the data for efficient and secure transmission to the LEM Manager
  • Buffers the events locally if you lose network connectivity to the LEM Manager

LEM provides access to the most frequently installed agents. See Additional LEM downloads for version 6.3 for a comprehensive list of LEM agents.

The following example shows how to install the Windows agent on a workstation.

  1. Review the LEM Agent pre-installation checklist.
  2. Log in to the LEM Console, and click Manage > Nodes.
  3. Click Add Node.
  4. On the Add Node Wizard, click the Agent Node radio button.
  5. Follow the on-screen instructions to install a LEM agent.

    Place the agent installation file (local installer or remote installer) on the local hard drive. Right-click the installation file and click Run as administrator. Even if you are a local admin or domain admin, the installer must have the correct permissions to install.

    As you install the agent, ensure that you enter the IP address of LEM in the Manager Host field.


  6. After you have installed the agent, on the Add Node Wizard, click Go To Manage > Nodes.
  7. Verify that the node displays in the interface and the Status is Connected.

    To verify that LEM is receiving agent data, see Explore the Node Details view.



Previous: Verify that events are being sent to LEM Next up: Add a syslog device to LEM
Last modified