Documentation forSecurity Event Manager

Configure an agent in SEM

For non-network devices, you can install the SEM agent on workstations and servers to collect and normalize log data before it is sent to SEM. The SEM Agent also collects security data from each device (such as Windows event logs, database logs, and local antivirus logs) and transmits this data to SEM. The SEM Agent has a small footprint on the device and prevents log tampering during data collection and transmission.

The SEM Agent provides the following benefits:

  • Captures events in real-time
  • Encrypts and compresses the data for efficient and secure transmission to SEM
  • Buffers the events locally if you lose network connectivity to SEM

SEM provides access to the most frequently installed agents. See Additional SEM downloads for in the SolarWinds Customer Portal for a comprehensive list of agents.

The following example describes how to install a Windows agent on a workstation.

  1. Review the SEM agent pre-installation checklist.
  2. Log in to the SEM Console, and then click Nodes > Nodes.
  3. Click Add agent node.
  4. Follow the on-screen instructions to install an agent.
    1. Place the agent installation file (local installer or remote installer) on the local hard drive.
    2. Right-click the installation file, and then select Run as administrator.
    3. In the Manager Host field, enter the SEM IP address.
  5. Verify that the node and the status is Connected.

    To verify that SEM is receiving agent data, go to Nodes > Nodes and select the Agent and Connected check boxes under Refine Results.