Documentation forSecurity Event Manager

Simple deployment

A simple deployment uses one central syslog server to collect log data from your network devices in a local network. In this deployment, network devices use TCP or UDP to send syslog data to the SEM Manager's syslog server, whereas SEM Agents running on workstations and servers just use TCP to push log data to the SEM Manager.

The syslog server receives logs on port 514 and saves the data in the SEM Manager /var/log file partition. The log file names vary based on the target facility configured on the network device.

The SEM Manager relies on routers, firewalls, and switches to transmit syslog messages to the syslog server running on the SEM Manager. For a list of all ports required to communicate with SEM, see the Port requirements for all SolarWinds products.