Get started adding systems and devices to SEM
This section describes how to add agent devices (servers, domain controllers, and workstations), and non-agent devices (firewalls, router, and switches) to SEM.
There are two ways to configure computers and devices on your network to send log events to SEM:
- To add servers, domain controllers, and workstations, install a SEM agent.
- To add firewalls, routers, or switches, configure your devices to send log events directly to the SEM VM using syslog or SNMP traps. After configuring your device to log to SEM, configure the appropriate connectors directly on the SEM Manager.
About the SEM agent
Install the SEM agent on servers, domain controllers, and workstations to monitor local events on the systems in your network. The SEM agent is a stand-alone service that collects and normalizes log data on the remote system before it is sent to SEM for processing.
See Install SEM agents to protect servers, domain controllers, and workstations in the SEM Installation Guide for installation steps.
SEM agents can:
- Capture events in real time
- Encrypt and compress the data for efficient and secure transmission to SEM
- Buffer the events locally if the Agent loses network connectivity to SEM
In addition to monitoring local events, the agent provides event alerting on workstations and servers. It is also required for some active responses, including logging off a user, shutting down a computer, and detaching a USB device.
Install the SEM agent on computers that allow third-party software, including servers, domain controllers, and workstations. On Windows, the SEM agent captures log information from sources such as Windows Event Logs, a variety of database logs, and local anti-virus logs.
SolarWinds recommends installing the SEM agent if you have the option. If installing the SEM agent is not feasible, send log events directly to SEM.
About sending log events directly to SEM
Configure non-agent devices, such as firewalls, routers, or switches, to send log events directly to SEM using syslog or SNMP traps. Then, configure the appropriate device connector using the SEM console. For a complete list of supported devices, see the SEM Connector List.
See Add syslog and Agent nodes to forward log and event data to SEM for more information about configuring devices that do not allow third-party software.