Documentation forSecurity Event Manager

LEM 6.5 system requirements

Updated February 27, 2020

Use the following tables to plan your Log & Event Manager deployment to suit your network environment.

Server sizing is impacted by:

  • Number of nodes and network traffic. Consider event throughput and performance degradation when planning the size of your deployment. As the number of nodes and network traffic increase, the size of your deployment will need to grow with it. For example, if you are running a small deployment and begin to notice performance degradation at 300 nodes, move to a medium deployment.
  • Storing original (raw) log messages in addition to normalized log messages. If you will be storing original log messages, increase the CPU and memory resource requirements by 50%. See your hypervisor documentation for more information.

Sizing criteria

Use the following table to determine if a small, medium, or large deployment is best suited to supporting your environment.

Sizing Criteria Small Medium Large
Number of nodes

Fewer than 500 nodes in the following combinations:

  • 5 – 10 security devices
  • 10 – 250 network devices, including workstations
  • 30–150 servers

Between 300 and 2,000 nodes in the following combinations:

  • 10 – 25 security devices
  • 200 – 1,000 network devices, including workstations
  • 50 – 500 servers

More than 1,000 nodes in the following combinations:

  • 25 – 50 security devices
  • 250 – 1,000 network devices, including workstations
  • 500 – 1,000 servers
Events received per day 5M – 35M events 30M – 100M events

200M – 400M events

Note: The most successful large deployments receive up to 250M events per day.

Rules fired per day Up to 500 Up to 1,000 Up to 5,000

LEM VM hardware requirements

See "Allocate CPU and memory resources to the LEM VM" in the SEM Administrator Guide for information about how to manage LEM system resources.

Hardware on the VM host Small Medium Large
CPU

2 – 4 core processors at 2.0 GHz

6 – 10 core processors at 2.0 GHz

10 – 16 core processors at 2.0 GHz

If you will be storing original log messages in addition to normalized log messages, increase the CPU and memory resource requirements by 50%.

Memory 8 GB RAM 16 GB – 48 GB RAM 48 GB – 256 GB RAM
Hard drive storage 250GB, 15k hard drives (RAID 1/mirrored settings) 500GB, 15K hard drives (RAID 1/mirrored settings)

1TB, 15k hard drives (RAID 1/mirrored settings)

  • Installing LEM in a SAN is preferred.
  • High-speed hard drives (such as SSD drives) are required for high-end deployments.
  • Large deployments may require 1 to 2TB of storage, which you can reserve on VMware ESX(i) 4/5+ and Microsoft Hyper-V 2016 or 2012 R2.
Input/output operations per second (IOPS) 40 – 200 IOPS 200 – 400 IOPS 400 or more IOPS
NIC 1 GBE NIC 1 GBE NIC 1 GBE NIC

LEM software requirements

Software Requirements
Hypervisor (required on the VM host)

One of the following:

  • VMware vSphere ESX 4.0 or ESXi 4.0 and later
  • Microsoft Hyper-V Server 2016 or 2012 R2

Future LEM releases (6.5 and beyond) will not support ESX/ESXi versions older than 5.5.

Web browser (required on a remote computer to run the web console)

Current and later versions of the following:

  • Google® Chrome™ 66

  • Microsoft Internet Explorer® 11

    Note: The web console does not run on Internet Explorer 10 or older on Windows Server 2012.

  • Microsoft Edge 42

  • Mozilla Firefox® 60
Adobe Flash (browser plug-in required on a remote computer to run the web console) Adobe Flash Player 15
Optional software (required if you want to run the desktop console on a desktop computer)

Adobe Air Runtime

For more information, visit the "What is Adobe AIR?" page: http://www.adobe.com/products/air.html.

LEM Agent hardware and software requirements

Hardware and Software Requirements
Operation System (OS)

The LEM Agent is compatible with the following operating systems:

  • HPUX on Itanium

  • IBM AIX
  • Linux

  • Mac OS X 10.7 or later

  • Oracle® Solaris

  • Windows (10, 8, 7, Vista)

  • Windows Server (2016, 2012, 2008)

Future LEM releases (6.5 and beyond) will not support OS versions older than IBM AIX 7.1TL3 and 7.2TL1, Mac 10.11, and Oracle Solaris 10.

The requirements specified below are minimum requirements. Depending on your deployment, you may need additional resources to support increased log-traffic volume and data retention.

CPU 450 MHz Pentium III or equivalent
Memory 512 MB RAM
Hard Drive Space 1 GB
Other requirements

Administrative access to the device hosting the LEM Agent

The LEM Agent for Mac OS X requires Java Runtime Environment (JRE) 1.5 or later.

LEM reports application hardware and software requirements

Hardware and Software Requirements
Operation System (OS)

The LEM reports application is Windows only. The following Windows versions are supported:

  • Windows 10, 8.1, 7, Vista, and XP

  • Windows Server 2016, 2012, 2008, 2003

Future LEM releases (6.5 and beyond) will no longer support Windows 8.1, 7, Vista, and XP, or Windows Server 2008 and 2003.

Memory

512 MB RAM minimum.

SolarWinds recommends using a computer with 1 GB of RAM or more for optimal reports performance.

Other requirements Install the LEM reports application on a system that runs overnight. This is important because the daily and weekly start time for these reports is 1:00 AM and 3:00 AM, respectively.

LEM port requirements

If your logs are located behind firewalls, see SolarWinds LEM port and firewall requirements.

For a list of ports required to communicate with SolarWinds products, see Port requirements for all SolarWinds products.