TrustRadius
SolarWinds LEM is security information and event management (SIEM) software.Solarwinds - great product with a few small flaws.SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.,We use the client on register systems as event forwarders and log collection. It enables us to verify the access security to high value workstations and register systems. It provides a repository storage for log files so that they do not solely exist on workstations. It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.,Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem. Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability. The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.,7,This is a little outside of my level of involvement to answer adeptly. That being said I do know that it has been instrumental in allowing our organization to implement a central storage for log files and it's something we have wanted to implement for a long time.,KACE Endpoint Systems Management ApplianceSolarWinds LEM, it'll get the job done if you're willing to get your hands dirty.We are currently using Solarwinds LEM to pull logs from about 150 servers. We have also worked to get logs pulled from some barracuda load balancers and also a barracuda message archiver. We have alerting set on account lockouts and some other security events. LEM has helped notify us of account attacks and has also been valuable to reviewing both application and security logging when we need to cross reference servers or look at historical data.,LEM's console interface works well to narrow down all the logs into a view able format. You can customize alerting triggers off of any event conditions. the logging agent is relatively small and easy to deploy.,In order to navigate the console smoothly and set alerting in place, you need to go through their training. All your configuration is done by hand. There are no built in analytics or alerting to help you. I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out. The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.,6,It has helped to give us an insight into our accounts and has been valuable to alert us to attacks. It has been valuable to manually correlate logs after there have been incidents and server issues. For the price, it has not given us any preventative analytics. Some of our alerting is based off of events that caused problems after the fact, so not really helpful at the time.,AlienVault USM and Splunk Enterprise,Microsoft Exchange, Skype for Business, SolarWinds Server & Application Monitor, VMware vCenter ServerLEM pulls event data from across our networkOur IT department uses SolarWinds Log & Event Manager (LEM) to monitor events across our network. LEM consolidates security alerts from our firewalls as well as OS event alerts from servers. Application generated errors are passed on to our development team.,LEM is able to pull from a variety of different information sources without requiring a lot of configuration changes to get the data flowing. LEM assists in limiting the amount of data required for the business need without requiring a full dump (ie SNMP from all sources).,LEM does require tweaking in order to get each data source configured. The event data comes into LEM easily, but the kind of data needs to be identified or custom classifications set up to organize the resulting alerts meaningfully.,9,LEM has not made a positive impact on ROI. Instead it has provide required information (compliance requirement) and useful data for ensuring security and other standards are maintained.LEMme tell you about Solarwinds LEM!We use Solarwinds Log and Event Manager (LEM) as our SIEM to correlate all of our various log data coming from servers, network equipment and security appliances to create meaningful alerts and, in some cases, automatically take action. LEM gives important insight for our IT staff into the activity the occurs on our network. It can be used for troubleshooting communication issues, quickly identifying policies that are blocking legitimate traffic, or to identify anomalies in network traffic that need to be investigated. It also sends email notifications when certain events are detected, allowing us to have eyes on even when we are away.,Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day. Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network. User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.,No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed. Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.,9,Faster turnaround when investigating access issues. LEM's search function allows you to quickly identify which ACL policy may be blocking a user's access - and as a result quickly resolve the issue. Regulatory compliance. If you have regulatory compliance requirements for security monitoring, this product will likely check off a few boxes. Stronger security posture. Not every company can afford a 24 hour Security Operations Center. Intelligent technology like LEM can help fill in those gaps to strengthen your security posture, and even allow for complex automated responses to threats during non-business hours.,IBM Security QRadar, McAfee Enterprise Security Manager and RSA Security Analytics,IBM Security QRadar, FireEye, McAfee Network Security Platform
Unspecified
SolarWinds Log & Event Manager
36 Ratings
Score 7.7 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

SolarWinds Log & Event Manager Reviews

SolarWinds Log & Event Manager
36 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.7 out of 101
Show Filters 
Hide Filters 
Filter 36 vetted SolarWinds Log & Event Manager reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-4 of 4)
  Vendors can't alter or remove reviews. Here's why.
Joseph Crook profile photo
March 01, 2018

SolarWinds Log & Event Manager Review: "Solarwinds - great product with a few small flaws."

Score 7 out of 10
Vetted Review
Verified User
Review Source
SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.
  • We use the client on register systems as event forwarders and log collection.
  • It enables us to verify the access security to high value workstations and register systems.
  • It provides a repository storage for log files so that they do not solely exist on workstations.
  • It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.
  • Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem.
  • Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability.
  • The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.
For medium to large scale business that incorporate high-value resources and need a central log repository I think SolarWinds is fantastic. It may be overkill for smaller businesses however.
Read Joseph Crook's full review
No photo available
November 07, 2017

SolarWinds Log & Event Manager Review: "SolarWinds LEM, it'll get the job done if you're willing to get your hands dirty."

Score 6 out of 10
Vetted Review
Verified User
Review Source
We are currently using Solarwinds LEM to pull logs from about 150 servers. We have also worked to get logs pulled from some barracuda load balancers and also a barracuda message archiver. We have alerting set on account lockouts and some other security events. LEM has helped notify us of account attacks and has also been valuable to reviewing both application and security logging when we need to cross reference servers or look at historical data.
  • LEM's console interface works well to narrow down all the logs into a view able format.
  • You can customize alerting triggers off of any event conditions.
  • the logging agent is relatively small and easy to deploy.
  • In order to navigate the console smoothly and set alerting in place, you need to go through their training.
  • All your configuration is done by hand. There are no built in analytics or alerting to help you.
  • I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out.
  • The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.
It will get your logs collected and sortable. If you are mostly doing Windows servers or workstations, then it can be a good solution. You will have to be willing to learn the software and manually create all the alerting and reporting, but once you have it set up the way you want, it should work. If you are looking at a log collection solution that has any of its own smarts and analytics, you'll want to look elsewhere. If you want out of the box reporting and alerting, look elsewhere.
Read this authenticated review
No photo available
March 21, 2017

SolarWinds Log & Event Manager Review: "LEM pulls event data from across our network"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Our IT department uses SolarWinds Log & Event Manager (LEM) to monitor events across our network. LEM consolidates security alerts from our firewalls as well as OS event alerts from servers. Application generated errors are passed on to our development team.
  • LEM is able to pull from a variety of different information sources without requiring a lot of configuration changes to get the data flowing.
  • LEM assists in limiting the amount of data required for the business need without requiring a full dump (ie SNMP from all sources).
  • LEM does require tweaking in order to get each data source configured. The event data comes into LEM easily, but the kind of data needs to be identified or custom classifications set up to organize the resulting alerts meaningfully.
LEM is valuable for pulling from many sources and consolidating resulting events into reports and alerts. LEM is not well suited to users not used to working with and parsing raw information.
Read this authenticated review
No photo available
February 16, 2016

SolarWinds Log & Event Manager Review: "LEMme tell you about Solarwinds LEM!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Solarwinds Log and Event Manager (LEM) as our SIEM to correlate all of our various log data coming from servers, network equipment and security appliances to create meaningful alerts and, in some cases, automatically take action. LEM gives important insight for our IT staff into the activity the occurs on our network. It can be used for troubleshooting communication issues, quickly identifying policies that are blocking legitimate traffic, or to identify anomalies in network traffic that need to be investigated. It also sends email notifications when certain events are detected, allowing us to have eyes on even when we are away.
  • Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
  • Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
  • User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
  • No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
  • Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.
SolarWinds Log & Event Manager (LEM) is a SIEM that is very well suited for environments where you have a small team managing your technology and need a powerful tool that is easy to set up and requires little maintenance and care to continue doing it's job. In the time that we have had LEM deployed, it has been very solid and has required very little intervention to resolve issues. It comes pre-packaged with some great correlations to get up and running right out of the box as soon as log sources are pointed at it. If you need a SIEM and either don't have the expertise in house, or don't want to spend the resources for professional services, this may be a good fit. There are only a handful of situations where we have run into LEM's limitations when trying to setup functionality or correlations. Otherwise, it is an excellent SIEM that offers some great features.
Read this authenticated review

SolarWinds Log & Event Manager Scorecard Summary

Feature Scorecard Summary

Centralized event and log data collection (4)
8.6
Correlation (2)
8.0
Event and log normalization (4)
7.7
Deployment flexibility (4)
5.2
Integration with Identity and Access Management Tools (3)
5.3
Custom dashboards and views (4)
4.7
Host and network-based intrusion detection (2)
7.0

About SolarWinds Log & Event Manager

SolarWinds LEM is security information and event management (SIEM) software.

SolarWinds Log & Event Manager Competitors

SolarWinds Log & Event Manager Technical Details

Operating Systems: Unspecified
Mobile Application:No