Get started with SolarWinds Log & Event Manager

SolarWinds Log & Event Manager (LEM) is a security information and event management (SIEM) virtual appliance that adds value to existing security products and increases efficiencies in administering, managing, and monitoring security policies and safeguards on your network.

LEM provides access to log data for forensic and troubleshooting purposes, and tools to help you manage log data. LEM leverages collected logs, analyzes them in real time, and notifies you of a problem before it causes further damage.

For example, advanced persistent threats can come from a combination of network events such as software installations, authentication events, and inbound and outbound network traffic. Log files contain all information about these events. The LEM correlation engine identifies advanced threat activity, and then notifies you of any anomalies.

Who should use this guide?

This guide is for SolarWinds customers or prospects who have purchased or want to evaluate SolarWinds LEM.

If you are interested in evaluating SolarWinds LEM, you can download the product, fully-functional for 30 days. After the evaluation period, you can convert your evaluation license to a production license by obtaining and applying a license key.

The purpose of this guide is to familiarize you with commonly used features of SolarWinds LEM that will allow you to begin detecting suspicious activity, mitigate security threats, achieve auditable compliance, and maintain continuous security.


Checklist to get started with SolarWinds LEM

Complete the following tasks to get started with SolarWinds LEM:

Determine which logs to monitor in LEM

Before you begin, decide which logs you want to monitor. If you monitor too many logs, working in the LEM Console can be overwhelming.

Install, configure and log in to the LEM Console.

These procedures guide you in installing LEM.

Configure the audit policy on your device to send events to LEM

Only events that you have designated to be sent to LEM are visible in the LEM Console.

Verify that events are being sent to LEM

Learn how to use the LEM Contego Management Console (CMC) to verify that syslog event data is being sent to LEM.

Configure an agent in LEM

Learn how to add your first Microsoft Windows computer to LEM.

Add a syslog device to LEM

Learn how to add a Cisco® Adaptive Security Appliance (ASA) firewall to LEM.

Navigate the LEM Console

After LEM is receiving log data, use the LEM Console to search, view, and filter the data.

Beyond getting started with LEM

Learn about all the other resources available to you as you to expand your use of SolarWinds LEM.


Next Up: Determine which logs to monitor