Documentation forSecurity Event Manager

Get started adding systems and devices to SEM

This section describes how to add agent devices (servers, domain controllers, and workstations), and non-agent devices (firewalls, router, and switches) to SEM.

There are two ways to configure computers and devices on your network to send log events to SEM:

  • To add servers, domain controllers, and workstations, install a SEM agent.
  • To add firewalls, routers, or switches, configure your devices to send log events directly to the SEM VM using syslog or SNMP traps. After configuring your device to log to SEM, configure the appropriate connectors directly on the SEM Manager.

About the SEM agent

Install the SEM agent on servers, domain controllers, and workstations to monitor local events on the systems in your network. The SEM agent is a stand-alone service that collects and normalizes log data on the remote system before it is sent to SEM for processing.

See Install the SEM agent in the SEM Installation and Upgrade Guide for installation steps.

SEM agents can:

  • Capture events in real time
  • Encrypt and compress the data for efficient and secure transmission to SEM
  • Buffer the events locally if the Agent loses network connectivity to SEM

In addition to monitoring local events, the agent provides event alerting on workstations and servers. It is also required for some active responses, including logging off a user, shutting down a computer, and detaching a USB device.

Install the SEM agent on computers that allow third-party software, including servers, domain controllers, and workstations. On Windows, the SEM agent captures log information from sources such as Windows Event Logs, a variety of database logs, and local anti-virus logs.

SolarWinds recommends installing the SEM agent if you have the option. If installing the SEM agent is not feasible, send log events directly to SEM.

About sending log events directly to SEM

Configure non-agent devices, such as firewalls, routers, or switches, to send log events directly to SEM using syslog or SNMP traps. When you are finished, configure the appropriate device connector using the SEM console.

See SEM connectors for a list of all supported devices.

See Add syslog and agent nodes to SEM for more information about configuring devices that do not allow third-party software.