Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > What happens to incoming log data when LEM is down?

What happens to incoming log data when LEM is down?

Table of contents

Updated May 2, 2017


This article describes what happens to log data when the LEM appliance is not accessible on the network.


All LEM versions


For all agent nodes (Windows, Linux, Unix, AIX, Macintosh systems) where an agent has been installed, the data is queued up within the agent folder while LEM is unreachable, and then sent to LEM over a secure TCP connection when it is back up. 

For syslog nodes (routers, switches, and firewalls, and possibly Unix or Linux devices without an agent), the data is sent over UDP on port 514 and will be lost if it is unable to reach LEM.


For SNMP data, LEM only uses a listening service, and trap traffic received from these devices uses port 161 or 162 (monitoring LEM on port 161 is not used in versions earlier than 6.3.x).

Review the following articles for further information about the communications between network nodes and LEM:


Last modified