TrustRadius
SolarWinds LEM is security information and event management (SIEM) software.If you have SIEM requirements then SolarWinds LEM will come to the rescue!As an organization with many types of hardware/software, we needed something to gather logging output using industry standards. We already use SolarWinds for network monitoring so SolarWinds Log & Event Manager (LEM) seemed to fit the bill. We had a vendor assist with the initial installation and configuration. Then it was just a matter of the various teams (Network/MS Server/VM/Unix) to configure their nodes to point to LEM so the data collection could commence.,SolarWinds LEM has not bogged down with the amount of logging data we throw at it. This is comforting because we can rest assure that we can continue to add new nodes to it. The SolarWinds LEM platform is very stable. The main part is the collector appliance and the second part is the reporting server which you can generate either custom or canned reports for regulatory compliance certification. When configuring the collectors, you are able to customize the gathering of data to make sure you are getting exactly what you need.,While the initial setup was straightforward, customizations to reports can be a little daunting. Luckily SolarWinds has videos available on steps to proceed and their tech support reps are very helpful too. The frequency of version updates is few and far between. This may be a good thing and should be expected since it is a set it and forget it kind of virtual appliance. It would be helpful if SolarWinds LEM had Wizards built-in that could assist in adding new types of devices. At times, I've had to go with trial and error until SolarWinds LEM would actually start collecting data from a particular one-off node.,8,SolarWinds LEM has made a positive impact on our organization because we are now able to demonstrate to auditors that we are compliant with the various regulations such as PCI, HIPAA, etc. The license renewal costs are reasonable and fall within our budget every year. Much less than if we were to incur fines of being out of compliance. We were able to save money by deploying the system into our VM infrastructure and not have to spend money on physical appliances/servers.,,SolarWinds Network Performance Monitor, Foglight, Cisco Prime LAN Management SolutionSolarWinds Log & Event Manager fills gaps in Windows/AD monitoringWe use LEM for two main purposes. First, to replace an obsolete Cisco MARS appliance that captured a couple of days' worth of packets from our firewalls for forensic purposes. Second, to provide notification to staff of AD events such as account lockouts and administrator logins. Users are strictly within the infrastructure team of the IT department.,Able to ingest full Syslog output from three enterprise firewalls. Able to detect and alert on specific Active Directory events.,The interface for creating alerts is onerous. It is necessary to dig out the exact event ID of anything you want to alert on. Early versions required a separate server to host a FastBit database, but that requirement has been eliminated with the latest release; SQL is now required.,10,We did not have to purchase Cisco's successor to MARS, that is a large ROI. We did not have the ability to know when users locked their accounts by bad password attempts, now we know before they call us.,,Tivoli Storage Manager, Solarwinds Storage Resource Monitor, Solarwinds Web Performance MonitorSolarwinds - great product with a few small flaws.SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.,We use the client on register systems as event forwarders and log collection. It enables us to verify the access security to high value workstations and register systems. It provides a repository storage for log files so that they do not solely exist on workstations. It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.,Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem. Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability. The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.,7,This is a little outside of my level of involvement to answer adeptly. That being said I do know that it has been instrumental in allowing our organization to implement a central storage for log files and it's something we have wanted to implement for a long time.,KACE Endpoint Systems Management ApplianceSolarWinds LEM, it'll get the job done if you're willing to get your hands dirty.We are currently using Solarwinds LEM to pull logs from about 150 servers. We have also worked to get logs pulled from some barracuda load balancers and also a barracuda message archiver. We have alerting set on account lockouts and some other security events. LEM has helped notify us of account attacks and has also been valuable to reviewing both application and security logging when we need to cross reference servers or look at historical data.,LEM's console interface works well to narrow down all the logs into a view able format. You can customize alerting triggers off of any event conditions. the logging agent is relatively small and easy to deploy.,In order to navigate the console smoothly and set alerting in place, you need to go through their training. All your configuration is done by hand. There are no built in analytics or alerting to help you. I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out. The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.,6,It has helped to give us an insight into our accounts and has been valuable to alert us to attacks. It has been valuable to manually correlate logs after there have been incidents and server issues. For the price, it has not given us any preventative analytics. Some of our alerting is based off of events that caused problems after the fact, so not really helpful at the time.,AlienVault USM and Splunk Enterprise,Microsoft Exchange, Skype for Business, SolarWinds Server & Application Monitor, VMware vCenter ServerLEM pulls event data from across our networkOur IT department uses SolarWinds Log & Event Manager (LEM) to monitor events across our network. LEM consolidates security alerts from our firewalls as well as OS event alerts from servers. Application generated errors are passed on to our development team.,LEM is able to pull from a variety of different information sources without requiring a lot of configuration changes to get the data flowing. LEM assists in limiting the amount of data required for the business need without requiring a full dump (ie SNMP from all sources).,LEM does require tweaking in order to get each data source configured. The event data comes into LEM easily, but the kind of data needs to be identified or custom classifications set up to organize the resulting alerts meaningfully.,9,LEM has not made a positive impact on ROI. Instead it has provide required information (compliance requirement) and useful data for ensuring security and other standards are maintained.
Unspecified
SolarWinds Log & Event Manager
42 Ratings
Score 7.9 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

SolarWinds Log & Event Manager Reviews

SolarWinds Log & Event Manager
42 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101
Show Filters 
Hide Filters 
Filter 42 vetted SolarWinds Log & Event Manager reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-6 of 6)

  Vendors can't alter or remove reviews. Here's why.
Roger Mialkowski profile photo
February 04, 2019

SolarWinds Log & Event Manager Review: "If you have SIEM requirements then SolarWinds LEM will come to the rescue!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
As an organization with many types of hardware/software, we needed something to gather logging output using industry standards. We already use SolarWinds for network monitoring so SolarWinds Log & Event Manager (LEM) seemed to fit the bill. We had a vendor assist with the initial installation and configuration. Then it was just a matter of the various teams (Network/MS Server/VM/Unix) to configure their nodes to point to LEM so the data collection could commence.
  • SolarWinds LEM has not bogged down with the amount of logging data we throw at it. This is comforting because we can rest assure that we can continue to add new nodes to it.
  • The SolarWinds LEM platform is very stable. The main part is the collector appliance and the second part is the reporting server which you can generate either custom or canned reports for regulatory compliance certification.
  • When configuring the collectors, you are able to customize the gathering of data to make sure you are getting exactly what you need.
  • While the initial setup was straightforward, customizations to reports can be a little daunting. Luckily SolarWinds has videos available on steps to proceed and their tech support reps are very helpful too.
  • The frequency of version updates is few and far between. This may be a good thing and should be expected since it is a set it and forget it kind of virtual appliance.
  • It would be helpful if SolarWinds LEM had Wizards built-in that could assist in adding new types of devices. At times, I've had to go with trial and error until SolarWinds LEM would actually start collecting data from a particular one-off node.
SolarWinds Log & Event Manager is very well suited in a heterogeneous enterprise setting (multiple locations/campuses) where you would have various brands/manufacturers of devices represented. While it doesn't require a full-time admin, it does take a little time to add/update/remove nodes in, configure data collection settings, and generate custom reports. Because of this, it may not be a perfect fit for a small to medium-sized business due to the initial investment of time and cost.
Read Roger Mialkowski's full review
Scott Reese profile photo
January 15, 2019

Review: "SolarWinds Log & Event Manager fills gaps in Windows/AD monitoring"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use LEM for two main purposes. First, to replace an obsolete Cisco MARS appliance that captured a couple of days' worth of packets from our firewalls for forensic purposes. Second, to provide notification to staff of AD events such as account lockouts and administrator logins. Users are strictly within the infrastructure team of the IT department.
  • Able to ingest full Syslog output from three enterprise firewalls.
  • Able to detect and alert on specific Active Directory events.
  • The interface for creating alerts is onerous. It is necessary to dig out the exact event ID of anything you want to alert on.
  • Early versions required a separate server to host a FastBit database, but that requirement has been eliminated with the latest release; SQL is now required.
Filtering, detection, and notification of Windows and AD events is LEM's strong point, though it's tricky to build the filters. It's not necessarily designed for forensic firewall packet capture but it can be used for that purpose.
Read Scott Reese's full review
Joseph Crook profile photo
March 01, 2018

SolarWinds Log & Event Manager Review: "Solarwinds - great product with a few small flaws."

Score 7 out of 10
Vetted Review
Verified User
Review Source
SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.
  • We use the client on register systems as event forwarders and log collection.
  • It enables us to verify the access security to high value workstations and register systems.
  • It provides a repository storage for log files so that they do not solely exist on workstations.
  • It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.
  • Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem.
  • Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability.
  • The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.
For medium to large scale business that incorporate high-value resources and need a central log repository I think SolarWinds is fantastic. It may be overkill for smaller businesses however.
Read Joseph Crook's full review
No photo available
November 07, 2017

SolarWinds Log & Event Manager Review: "SolarWinds LEM, it'll get the job done if you're willing to get your hands dirty."

Score 6 out of 10
Vetted Review
Verified User
Review Source
We are currently using Solarwinds LEM to pull logs from about 150 servers. We have also worked to get logs pulled from some barracuda load balancers and also a barracuda message archiver. We have alerting set on account lockouts and some other security events. LEM has helped notify us of account attacks and has also been valuable to reviewing both application and security logging when we need to cross reference servers or look at historical data.
  • LEM's console interface works well to narrow down all the logs into a view able format.
  • You can customize alerting triggers off of any event conditions.
  • the logging agent is relatively small and easy to deploy.
  • In order to navigate the console smoothly and set alerting in place, you need to go through their training.
  • All your configuration is done by hand. There are no built in analytics or alerting to help you.
  • I've found the reporting, real time and otherwise, to be slow and unruly. There are some updates and work a rounds that we have applied to help optimize the process, but if you try to pull to many logs, or over too long a period of time it will often time out.
  • The logging and reporting is dependent on the server automatically determining the type of server and logs it is getting. If it doesn't properly tag the logs, then they are essentially gone, lost, unsearchable. There is no good way to manually tell the server to classify the logs, which makes the process either difficult or impossible at times.
It will get your logs collected and sortable. If you are mostly doing Windows servers or workstations, then it can be a good solution. You will have to be willing to learn the software and manually create all the alerting and reporting, but once you have it set up the way you want, it should work. If you are looking at a log collection solution that has any of its own smarts and analytics, you'll want to look elsewhere. If you want out of the box reporting and alerting, look elsewhere.
Read this authenticated review
No photo available
March 21, 2017

SolarWinds Log & Event Manager Review: "LEM pulls event data from across our network"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Our IT department uses SolarWinds Log & Event Manager (LEM) to monitor events across our network. LEM consolidates security alerts from our firewalls as well as OS event alerts from servers. Application generated errors are passed on to our development team.
  • LEM is able to pull from a variety of different information sources without requiring a lot of configuration changes to get the data flowing.
  • LEM assists in limiting the amount of data required for the business need without requiring a full dump (ie SNMP from all sources).
  • LEM does require tweaking in order to get each data source configured. The event data comes into LEM easily, but the kind of data needs to be identified or custom classifications set up to organize the resulting alerts meaningfully.
LEM is valuable for pulling from many sources and consolidating resulting events into reports and alerts. LEM is not well suited to users not used to working with and parsing raw information.
Read this authenticated review
No photo available
February 16, 2016

SolarWinds Log & Event Manager Review: "LEMme tell you about Solarwinds LEM!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Solarwinds Log and Event Manager (LEM) as our SIEM to correlate all of our various log data coming from servers, network equipment and security appliances to create meaningful alerts and, in some cases, automatically take action. LEM gives important insight for our IT staff into the activity the occurs on our network. It can be used for troubleshooting communication issues, quickly identifying policies that are blocking legitimate traffic, or to identify anomalies in network traffic that need to be investigated. It also sends email notifications when certain events are detected, allowing us to have eyes on even when we are away.
  • Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
  • Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
  • User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
  • No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
  • Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.
SolarWinds Log & Event Manager (LEM) is a SIEM that is very well suited for environments where you have a small team managing your technology and need a powerful tool that is easy to set up and requires little maintenance and care to continue doing it's job. In the time that we have had LEM deployed, it has been very solid and has required very little intervention to resolve issues. It comes pre-packaged with some great correlations to get up and running right out of the box as soon as log sources are pointed at it. If you need a SIEM and either don't have the expertise in house, or don't want to spend the resources for professional services, this may be a good fit. There are only a handful of situations where we have run into LEM's limitations when trying to setup functionality or correlations. Otherwise, it is an excellent SIEM that offers some great features.
Read this authenticated review

SolarWinds Log & Event Manager Scorecard Summary

Feature Scorecard Summary

Centralized event and log data collection (6)
8.8
Correlation (3)
8.9
Event and log normalization (6)
8.3
Deployment flexibility (6)
6.5
Integration with Identity and Access Management Tools (4)
6.1
Custom dashboards and views (6)
4.3
Host and network-based intrusion detection (3)
7.2

About SolarWinds Log & Event Manager

SolarWinds LEM is security information and event management (SIEM) software.

SolarWinds Log & Event Manager Competitors

SolarWinds Log & Event Manager Technical Details

Operating Systems: Unspecified
Mobile Application:No