The SEM Agent is installed on workstations, servers, and other network devices. It collects and normalizes log data in real time before it is sent to the SEM Manager. By default, it also collects security data such as Windows Application, Windows System, and Windows Security event logs, and transmits that data over TCP to the SEM Manager.
The SEM Agent has a small footprint on the device and prevents log tampering during data collection and transmission. You can also use the SEM Agent with devices that support syslog. The Agent transmits syslog messages over TCP to the SEM Manager. TCP is preferred over UDP because TCP ensures messages arrive intact.
The SEM Agent provides the following benefits:
- Captures events in real time.
- Encrypts and compresses the data for efficient and secure transmission to the SEM Manager.
- Buffers the events locally if you lose network connectivity to the SEM Manager.