Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM Quick Start and Deployment Guide > Plan your deployment > Best practices

Best practices

Created by Caroline Juszczak, last modified by Caroline Juszczak on Aug 01, 2016

Views: 287 Votes: 0 Revisions: 9

When you initiate your Log & Event Manager deployment, SolarWinds recommends applying the correct port requirements and fine tuning your installation to ensure peak performance.

Port requirements

See the SolarWinds Port Requirements for SolarWinds Products Guide for the current LEM port requirements.

Fine tuning

To minimize processor and memory resources, SolarWinds recommends reviewing your Log & Event Manager logging resources, fine-tuning your rules, and verifying that your virtual appliance is running properly.

Windows filtering platform (WFP) events are logged into Windows event logs when specified by auditing policies.

Tune your WFP events

Adjust your Windows filtering platform events and enable WFP logging only on nodes that require that level of auditing. Windows environments often have WFP logging enabled by default, which may not be required. See Disable Windows filtering platform alerts using Alert Distribution Policy article for more information.

Review your rule configurations

Ensure that your rules are not triggered too frequently, This can be caused by:

  • Low threshold settings. Consider increasing the threshold for rules that trigger due to network traffic.
  • Broadly-defined conditions. Define rules to apply only to specific user names, IP addresses, or systems. Consider whether a different set of rules with different conditions could serve two distinct areas of your environment.
  • Rules using event groups instead of a single event or subset of events. Rules that detect authentication or network traffic may trigger on additional events, but may only apply to a subset of those events.

Validate your virtual appliance reservations

Your virtual environment may include adequate system resource reservations, However, system requirements can change over time, new resource allocations can be applied, or temporary limitations can become permanent. For optimal performance, ensure that you reserve the required system resources in your virtual environment. Allocating resources during your deployment may result in intermittent resource access or system restarts to recognize your deployment.

Last modified
12:23, 1 Aug 2016