Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM Quick Start and Deployment Guide > Plan your deployment > Best practices

Best practices

Created by Caroline Juszczak, last modified by Caroline Juszczak on Aug 01, 2016

Views: 205 Votes: 0 Revisions: 9

When you initiate your Log & Event Manager deployment, SolarWinds recommends applying the correct port requirements and fine tuning your installation to ensure peak performance.

Port requirements

See the SolarWinds Port Requirements for SolarWinds Products Guide for the current LEM port requirements.

Fine tuning

To minimize processor and memory resources, SolarWinds recommends reviewing your Log & Event Manager logging resources, fine-tuning your rules, and verifying that your virtual appliance is running properly.

Windows filtering platform (WFP) events are logged into Windows event logs when specified by auditing policies.

Tune your WFP events

Adjust your Windows filtering platform events and enable WFP logging only on nodes that require that level of auditing. Windows environments often have WFP logging enabled by default, which may not be required. See Disable Windows filtering platform alerts using Alert Distribution Policy article for more information.

Review your rule configurations

Ensure that your rules are not triggered too frequently, This can be caused by:

  • Low threshold settings. Consider increasing the threshold for rules that trigger due to network traffic.
  • Broadly-defined conditions. Define rules to apply only to specific user names, IP addresses, or systems. Consider whether a different set of rules with different conditions could serve two distinct areas of your environment.
  • Rules using event groups instead of a single event or subset of events. Rules that detect authentication or network traffic may trigger on additional events, but may only apply to a subset of those events.

Validate your virtual appliance reservations

Your virtual environment may include adequate system resource reservations, However, system requirements can change over time, new resource allocations can be applied, or temporary limitations can become permanent. For optimal performance, ensure that you reserve the required system resources in your virtual environment. Allocating resources during your deployment may result in intermittent resource access or system restarts to recognize your deployment.

 
Last modified
12:23, 1 Aug 2016

Tags

Classifications

Public