Navigate the LEM Console
The LEM Console is a browser-based interface for monitoring your LEM appliance. The console is organized into functional areas called views. Views organize and present different information about the components that comprise the LEM system. The LEM Console provides the following views:
- Ops Center: Provides a graphical representation of your log data. It includes several widgets that help you identify problem areas and show trends in your network. You can select additional widgets from the widget library or add custom widgets that reflect your log activity.
- Monitor: Displays events in real time in your network. You can view the details of a specific event or focus on specific types of events. This view also includes several widgets to help you identify trends or anomalies that occur in your network.
- Explore: Provides tools for investigating events and related details. Select nDepth to search or view event data or log messages. Select Utilities to view additional utilities.
- Build: Create user components that process data on the LEM Manager. Select Groups to build and manage groups. Select Rules to build and manage policy rules. Select Users to add and manage console users.
- Manage: Manages properties for appliances and nodes. Select Appliances to add and manage appliances. Select Nodes to manage agents, and to view syslog devices & agents.
- Analyze: Provides an overview of the Reports feature that extracts and presents data from the database. You must install this feature separately.
This section provides an overview of the most commonly used LEM Console views.
To verify that your devices are configured to send events to LEM, go to the Node Details view.
- Log in to the LEM Console, and then navigate to Manage > Nodes.
- Double-click the node.
The Node Details view appears.
|1||All Events||Shows events collected from the node. If you do not see events as expected, troubleshoot the connection.|
|2||Node Details||Provides information about the selected node.|
|3||List pane||Lists the connectors assigned to the node.|
Explore the Monitor view
Use the Monitor view to investigate events monitored by LEM.
Events are messages created from agent, manager, and network device log entries. These log entries are processed (or normalized) to extract information and display the data in a common table format instead of the often convoluted format you see in the source data. The normalized events are either syslog data read directly by connectors in LEM, or events sent from the agent to the manager for processing. At the manager, the events are processed against your rules, sent to your database for archiving, and sent to the LEM Console for monitoring.
The Monitor view only shows up to 1000 events. This does not mean that LEM is only processing 1000 events. This limit has been established for browser performance reasons. To see all events, switch to the nDepth search view.
The Monitor view contains the following widgets: All Events, Filters, Event Details, Widget, and Filter Notifications.
|1||All Events||The Events grid displays the events that occur for your selected filter, as well as every event logged to each manager. The title bar displays the filter name you selected in the Filters pane.|
|2||Filters||The Filters pane stores all filters you can apply to the console event messages. All filters are stored in groups. To add a filter to the events grid, click a filter group, and click the plus sign above to add a new filter. The events grid title changes to the name of the event and the grid refreshes and displays the incoming events allowed by the filter conditions.|
|3||Event Details||The Event Details pane displays specific information about the last event you selected in the Events grid. When you click an event, the event is highlighted in the Event Details pane, along with supporting information. To view the event details for a specific event, select the event in the event stream and review the results in the Event Details pane.|
|4||Widget||The Widget pane displays the widgets associated with the filter currently applied to the events grid. Widgets automatically refresh themselves to reflect changes in events grid filtering. You can view the widgets associated with this filter by clicking the drop-down menu and selecting an option.|
|5||Filter Notifications||The Filter Notifications tab summarizes the event activity from each of your active notification filters that use blink, pop up, or sound notifications. Click a filter name in this tab to view the events associated with the targeted filter.|
Explore the nDepth search view
nDepth is a search engine that locates all event data or the original log messages that pass through a particular manager.
Use nDepth to:
- Search normalized event data or the original log messages.
- Explore log messages that are stored on a separate nDepth appliance.
- View, explore, and search significant event activity. nDepth summarizes event activity with simple visual tools that you can use to easily select and investigate areas of interest.
- Use existing filter criteria from the Monitor view to create similar searches.
- Create custom widgets for the nDepth Dashboard.
- Conduct custom searches. You can also create complex searches with the Search Builder.
- Export your findings to PDF or CSV format.
- Use the Explore menu to investigate nDepth search results with other explorers.
- Use the Respond menu to take action on any of your findings.
To display the nDepth view, navigate to Explore > nDepth.
|1||History||Displays recent nDepth search results.|
|2||Saved Searches||Displays saved nDepth search results.|
|3||List pane||Displays categorized lists of events, event groups, event variables, and additional options you can use to create conditions for your filters.|
|4||Search bar||Searches all event data or the original log messages that pass through LEM. Switch to select Drag & Drop or Text Search mode.|
|5||Respond||Displays a list of corrective actions you can execute when an event occurs, such as shutting down a workstation or blocking an IP address.|
|6||Explore||Displays several utilities you can use to research an event, including Whois, Traceroute, and NSlookup.|
|7||Time||A drop-down list to select the time range for your search.|
|8||Play||Executes the selected search.|
Displays the number of events or log messages reported within the selected search time range.
Displays the search results in all available widgets. You can change this view by clicking a widget in the nDepth toolbar.
The icon indicates you are exploring event data. The icon indicates you are exploring log messages.
|11||nDepth Toolbar||Organizes log data into categories to identify activity in your network. Click a selection to display the category below the histogram.|
|Previous: Add a syslog device to LEM||Next up: Beyond Getting Started|