About the LEM Agent

The LEM Agent is installed on workstations, servers, and other network devices. It collects and normalizes log data in real time before it is sent to the LEM Manager. It also collects security data such as Windows Event Logs, a variety of database logs, and local antivirus logs on each device and transmits that data over TCP to the LEM Manager. The LEM Agent has a small footprint on the device and prevents log tampering during data collection and transmission.

You can also use the LEM Agent with devices that support syslog. The Agent transmits syslog messages over TCP to the LEM Manager. TCP is preferred over UDP because TCP ensures messages arrive intact.

The LEM Agent provides the following benefits:

  • Captures events in real time.
  • Encrypts and compresses the data for efficient and secure transmission to the LEM Manager.
  • Buffers the events locally if you lose network connectivity to the LEM Manager.