Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM Quick Start and Deployment Guide > LEM product terminology

LEM product terminology

Table of contents
No headers
Created by Caroline Juszczak, last modified by Caroline Juszczak on Jul 26, 2016

Views: 30 Votes: 0 Revisions: 1

The following terms define the components used in Log & Event Manager.

Agent: A software application that collects and normalizes log data before it is sent to the LEM Manager.

Alert: LEM containers used to display events and messages from LEM-monitored devices.

Complexity of configured rules: Complex conditions involving multiple types of events, thresholds, and longer time frames require more resources than rules with simple conditions.

Connector: A software component that converts raw events collected from a network device into normalized events. Connectors can reside on device agents or the LEM appliance.

Desktop Console: An application powered by Adobe Air Runtime that monitors your LEM Appliance in place of the LEM Console.

Event: An unaltered message from a LEM-managed device.

Events per second or Events per day: The total number of distinct events received by the LEM appliance per second or per day (generally per second is considered an average). For example, the environment with 865 nodes can generate approximately 50 million events per day (or about 550 events per second).

Hypervisor: A software application that runs a virtual appliance on a Windows-based server, such as VMware® vSphere® and Microsoft® Hyper-V®.

LEM Manager: The deployed virtual appliance that captures syslog data from local network devices. The LEM Manager includes a syslog server, optimized database, web server, correlation engine, and a hardened Linux operating system.

Network device: A log source (such as a firewall, router, switch, or third-party software) that sends log messages to the LEM Manager.

Nodes. Systems and devices that send data to your LEM appliance, such as servers, workstations, network devices, and security devices. For example, an environment with 10 routers, 50 switches, 300 servers, five firewalls, and 500 workstations sending data your LEM appliance is equivalent to 865 nodes.

Normalized vs. original log (raw) storage: By default, all sizing details assume the Log & Event Manager default normalized data store is the only enabled store. If original log message storage is enabled, increase your resources accordingly.

Reports Console: A standalone application that schedules and runs preconfigured reports against your LEM database data. The console is a separate installation on your desktop or laptop system.

Rules: A LEM appliance component that provides automated actions based on specific alert correlations.

Rules triggered per day or Rules triggered per second. The total number of correlation rules that meet all criteria and are triggered per second or per day (generally per second is considered an average). For example, an environment can have 15 different correlation rules configured that fire approximately once every hour, or approximately 360 rules triggered per day.

Syslog server: A software application (such as Kiwi Syslog Server) that collects syslog messages and SNMP traps from network devices (such as firewalls, routers, and switches).

Virtual Appliance: A virtual image of a Linux-based physical computer that collects and processes log and event information. You can deploy the virtual appliance using VMware vSphere or Microsoft Hyper-V client.

Web Console (or LEM Console): Provides a browser-based method to monitor your LEM Appliance. The console is organized into five functional areas called views. These views organize and present different information about the components that comprise the LEM system.

The OPS Center view provides a graphical representation of your log data in the LEM Console. It includes several widgets that help you identify problem areas and trends in your network. The Monitor view displays events in real time as they occur in your network. The Explore view provides tools for investigating events and related details. The Build view creates user components that process data on the LEM Manager. The Manage view manages properties for appliances and nodes.

 

 
Last modified
11:30, 26 Jul 2016

Tags

This page has no custom tags.

Classifications

Public