Documentation forSecurity Event Manager

Simple deployment example

The following deployment example uses one central syslog server to collect log data from your network devices in a local network. In this deployment, network devices use TCP or UDP to send syslog data to the SEM Manager's syslog server, whereas SEM Agents running on workstations and servers just use TCP to push log data to the SEM Manager.

The syslog server receives logs on port 514 and saves the data in the SEM Manager /var/log file partition. Log file names vary based on the target facility configured on the network device.

The SEM Manager relies on routers, firewalls, and switches to transmit syslog messages to the syslog server running on the SEM Manager. If your log sources are located behind firewalls, see SolarWinds SEM port and firewall information to open the necessary ports. For a list of all ports required to communicate with SEM, see the Port requirements for all SolarWinds products.