Documentation forSecurity Event Manager

About the SEM Agent

The SEM Agent is installed on workstations, servers, and other network devices. It collects and normalizes log data in real time before it is sent to the SEM Manager. It also collects security data such as Windows Event Logs, a variety of database logs, and local antivirus logs on each device and transmits that data over TCP to the SEM Manager. The SEM Agent has a small footprint on the device and prevents log tampering during data collection and transmission.

You can also use the SEM Agent with devices that support syslog. The Agent transmits syslog messages over TCP to the SEM Manager. TCP is preferred over UDP because TCP ensures messages arrive intact.

The SEM Agent provides the following benefits:

  • Captures events in real time.
  • Encrypts and compresses the data for efficient and secure transmission to the SEM Manager.
  • Buffers the events locally if you lose network connectivity to the SEM Manager.