Review of SolarWinds Log & Event Manager
Evaluate SolarWinds' LEM (Log & Event Manager)
There are three aspects to LEM
As we'll see, both the management and the resultant corrective actions rely on LEM's clever analysis of logs that already exist on your servers and routers.
SolarWinds LEM Evaluation
The most difficult task of my review is to convey the power of processing data, yet at the same time, explain the simplicity of operating the GUI. Regarding the logs, LEM doesn't re-invent the mib structure of SNMP, or the flow control of syslog, it simply reads existing logs on your server and router. Working with the correlation rule builder is straightforward, but only because programmers have created hundreds of routines, which work away in the background analyzing the logs.
a) Identifying Pure Server and Network Problems
You can configure Log & Event Management so that you (or other key personnel) can receive instant alerts if important events occur, meanwhile, LEM's correlation rule builder could have been programmed to take corrective action in real-time. Once you have the problem under control, you can track the history in the logs and thus find the event that caused the glitch. It's also worthwhile adjusting, or creating new rules to improve the response if such events were to occur again.
b) Enforcing Security Through Log & Event Management
Moving on to malware, what I find is that even if I keep my anti-virus definitions up-to-date, sooner or later a new virus seems to emerge from no-where. It's great to have the peace of mind that not only will LEM alert me if there is an attack, but also I can also use LEM's correlation rule builder to take counter-measures against typical actions of viruses, and best of all I can isolate the source and thus stop the virus spreading on the network.
c) Compliance with Industry Standards
In the case of LEM, Thwack has collected 300 out-of-the box templates to cater for any compliance test you I could imagine. A simple example is Authentication - who is logging on where and when.
In my role as server consultant company managers often ask me how they would know if there was a rogue techie in their IT department? I say just ask your top IT geek for the change management log. I tell managers you don't have to understand it, or even read it, but just asking for the log sends the message that you may just spot any security breach, or you might call in not me, but a dedicated security consultant who would find it!
LEM encourages managers to improve on my advice by setting up compliance reports themselves, and publishing at least some of results so that everyone in the organization knows the standards expected. Download your free trial of the SolarWinds Log & Event Manager.
Here is an intereesting way to review SolarWinds' LEM software:
The key point is all the data is already out there on your network. All you need is for the log event manager to deploy agents, which collect syslog information from routers, read anti-virus programs, and trawl the operating system's numerous logs. LEM's skill lies in using hundreds of rules to analyze all this data in real-time. Its mission is to correlate events, for example abnormal traffic at a router is related to errors in a log at the server. As for the rules, you can rely on the built-in logic, or better still, amend the defaults and thus develop tailored responses to actual situations on your network.
More than just analyzing and presenting data, LEM is empowered to take corrective action; for instance, it can restart services, or isolate machines affected with viruses. I also like the way you can set rules to disable USB ports if an unauthorized user tries to copy data to a memory stick.
However, I think that the killer reason why people will trial, then buy LEM, is for its compliance capability. It's not just financial companies that need to abide by industry rules, most companies need to comply with a standard such as CISP or FERPA. If, like me, you find this security fulfilment a drudge, then you will breathe a sigh of relief to have LEM take care of business, to check the logs, compare with criteria, then provide a detailed compliance report.
Hidden Benefits of Log & Event Management
To my way of thinking, by doing the analysis with a thoroughness that only automation can achieve, LEM frees you to tackle the interesting part, setting the criteria for alerts, and my favourite, configuring actions based on events. For example, through analysis of the logs LEM can detect which application users are launching. Then you can configure actions to block their games of poker, 'Civilization' or 'World of Warcraft'. It's up to you set the tone and force of the corresponding message which tells the user to stop playing and get back to work! But it's not all being Mr Nasty, you can also be Mr Nice and help them if they are locked out, or restart their legitimate apps automatically if they hang. See also Alert Central review.
The litmus test for my evaluation of the Log & Event Management app is will it install effortlessly? It is my belief that all programs should be as easy to install as Microsoft Office - and LEM passes this test with flying colours. I am obsessed with smooth setups because, if a program installs easily, then it's my experience that it will be stable and behave predictably.
Guy says that all software instillations should be intuitive. In the case of LEM, it's testament to the care of the SolarWinds engineers and programmers that you can install LEM, and get it running, without any knowledge of SQL databases or Crystal reports. And the only knowledge of VMware you need is that you have got a licensed copy! OK, you must also have 8GB of RAM and 2 processors. The reason that beginners find it easy to get LEM up and running is because Wizards will guide them through the menus.
Getting Started Once LEM is Installed
For More Information on Installing LEM, Review this SolarWinds Video:
Computer and Network Performance
In addition to providing the Log & Event Manager, SolarWinds have an Orion suite of applications, most notably the Network Performance Monitor (NPM). The difference between these two apps is that LEM is concerned with monitoring the logs, then providing alerts and corrective action. Whereas NPM provides a dashboard with readings for factors such as CPU load (say 25%), capacity utilization (e.g. 67%) or network latency (350ms). It's often only by comparing two tools that you get true understanding of what each can achieve, evaluate the Network Performance Monitor (NPM).
Summary: Review of SolarWinds Log & Event Management
There are three important tasks that LEM can help you achieve, IT compliance, computer security, and network management. Providing you already have VMware installed LEM is straightforward thanks to the point and click wizards.
Once LEM is up and running take the time to check the library of filters which correlate the data recorded in your various logs. Finally, combine business with pleasure and configure automatic outcomes for a given combination of events as reported by the logs.
Free and 30-day Trial Virtual Machine Software
My recommendations for additional handy utilities. Many of these downloads are free, while others are fully-functional, but time limited. SolarWinds are happy to provide you with a free specialist tool, which is ideal for testing, and then supply a more comprehensive suite for larger organizations. To let you into a secret, for small networks, the free tool is all you'll ever need.