Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM Quick Start and Deployment Guide > Collect log data > Set up your agent nodes > View monitored events

View monitored events

Created by Caroline Juszczak, last modified by Caroline Juszczak on Aug 05, 2016

Views: 39 Votes: 0 Revisions: 3

After your LEM agents are installed on your monitored nodes, you can view all monitored events in the All Events grid located in the Monitor view. This view provides real-time monitoring of all normalized LEM events.

In the Monitor view, you can:

  • View all monitored events
  • View event details
  • View the event description
  • Create an event filter
  • Test an event

To view all monitored events:

  1. Open the LEM Console.
  2. Click Monitor.
  3. In the Filters pane, click Overview and select All Events.

    All monitored events display in the All Events grid. The DetectionIP column lists the device IP address or hostname that sent the event.

    Click Pause in the toolbar to stop the event stream.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_all_events_grid2_526x126.png

View event details

The Event Details pane lists the descriptions and details for each event. After you view the event details, you can create a filter that displays all events with the same name in the grid. Use this feature to monitor similar events that may lead to a problem.

When you select an event in the grid, the event details display in the Event Details window. You can view information about the event to help you decide if this is a malicious event that requires an event filter for further investigation.

  1. In the All Events toolbar, click Pause to stop the incoming events.
  2. Select an event in the All Events grid.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_all_events_grid3_504x141.png

  3. View the event details in the Event Details pane.

    File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_all_events_grid4.png

View the event description

The event description provides an in-depth description of each event and how they can impact your corporate network.

File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_event_description2_539x117.png

Click File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_event_details_info_icon.png to display the Event Description view. You can use this information to decide whether to set up a filter for this event for further investigation. Click File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_event_description3.png to return to the Event Details view.

Create an event filter

If an event displays in the All Events grid that requires additional research, you can create an event filter that displays all similar events in the grid. This process can help you decide if an event requires additional maintenance or security measures to support your corporate IT policy.

File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_event_filter_grid_542x166.png

To monitor identical event names (for example, MachineLogon), select the name in the Event Details pane and click File:Success_Center/Reusable_content_-_InfoDev/LEM/LEMQuickStart/0D0/020/040/lem_qsg_event_filter_icon.png to create a filter. LEM filters all incoming events and displays only the filtered event in the grid.

To return to viewing all events, click the Overview drop-down menu in the Filters pane and select All Events.

Test an event

After you configure your syslog and agent nodes, you can generate a test event to ensure the event displays in the All Events grid. This process helps you verify that your LEM deployment is functioning properly

To generate an example event, restart a Windows service that does not impact a running application (such as Print Spooler). The event will appear in the All Events grid.

 
Last modified
09:28, 5 Aug 2016

Tags

This page has no custom tags.

Classifications

Public