Skip to main content
SolarWinds Security Event Manager (SEM)

SolarWinds Security Event Manager (SEM)


What is SolarWinds Security Event Manager (SEM)?

SolarWinds LEM is security information and event management (SIEM) software.

Read more
Recent Reviews

TrustRadius Insights

Easy Configuration Process: Many users have expressed their positive experiences with the configuration process of SolarWinds, noting that …
Continue reading
Read all reviews


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 7 features
  • Centralized event and log data collection (17)
  • Deployment flexibility (17)
  • Event and log normalization/management (17)
  • Custom dashboards and workspaces (16)
Return to navigation


View all pricing

What is SolarWinds Security Event Manager (SEM)?

SolarWinds LEM is security information and event management (SIEM) software.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visit…


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

37 people also want pricing

Alternatives Pricing

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

What is Sumo Logic?

Sumo Logic is a log management offering from the San Francisco based company of the same name.

Return to navigation


Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

Avg 7.8
Return to navigation

Product Details

What is SolarWinds Security Event Manager (SEM)?

SolarWinds Security Event Manager (previously know as Log & Event Manager) is presented by the vendor as a powerful and award-winning SIEM. It is an on-prem deployed tool that collects, consolidates, and analyzes logs and events from firewalls, IDS/IPS devices and applications, switches, routers, servers, operating system logs, and other applications.

The main applications are threat detection, automated incident analysis and response, and compliance reporting for IT infrastructure.

SolarWinds Security Event Manager (SEM) Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces

SolarWinds Security Event Manager (SEM) Screenshots

Screenshot of Screenshot of Screenshot of Screenshot of

SolarWinds Security Event Manager (SEM) Video

Security Event Manager - Overview

SolarWinds Security Event Manager (SEM) Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo

SolarWinds Security Event Manager (SEM) Downloadables

Frequently Asked Questions

SolarWinds LEM is security information and event management (SIEM) software.

Splunk Enterprise Security (ES), LogRhythm NextGen SIEM Platform, and ManageEngine EventLog Analyzer are common alternatives for SolarWinds Security Event Manager (SEM).

Reviewers rate Host and network-based intrusion detection highest, with a score of 10.

The most common users of SolarWinds Security Event Manager (SEM) are from Mid-sized Companies (51-1,000 employees).
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Attribute Ratings


(1-25 of 45)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
We use SEM (formally LEM) to log changes that are made in our switching environment and who made them. SEM also logs all changes in our active directory environment. We log any and all account changes such as account renames, account deletions, account creations, and again who made those changes. SEM logs our servers, who logs into them, and any changes that are made to the server. We receive emails immediately when any of the above mention processes take place. It is nice to see these changes especially when it is evenings and weekends while we are not in the office. If changes are made while we are not working, we know to follow up with the person whose account made the changes to see if they are legit or not.
  • Logging network account changes and who is making them
  • Collecting data. Lots of data.
  • Easy to use dashboard
  • Access control
  • Behavioral analytics
SEM is well suited for smaller companies looking to log events and usage. We really use it a lot to see what network accounts are changed and who changed them and who is logging into what servers and when they are doing it. We watch these things for suspicious logins and suspicious activity on servers. SEM helps us to see what switches have had changes made to them and who made the change as well as the time/date.
Score 8 out of 10
Vetted Review
Verified User
We use SEM to collect and analyze events from servers and routers. We can find the issues, like incorrect user logon and most port visit on router from SEM reports.
  • quickly find top logon failure user, which is suspect of malware infection
  • easily find most visited port on the routers to find possible attack
  • SEM traffic type sort report is useful tool to control unnecessary network usage
  • wish SEM could update by itself
SEM is a good software to collect all the events and be a platform to have a view of the whole network status, instead of connecting to each server, find a clue from thousands of events. SEM also keeps a history of events and save space on each server, avoiding server defective while free space is consumed by huge event log files.
Kendal Goodrich | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
We use SEM on a daily basis in our environment as per our built-out rules. We are notified of certain security events as they happen. Aside from that, we access SEM to run queries on an as-needed basis. With this we have a monitor running in the background keeping an eye on the events we want to monitor.
  • Runs without issue
  • Logs extensive detail
  • The user interface to be more user friendly
  • The query builder is tedious to use
We have had scenarios in the past where a user account gets locked out continuously. As it turned out they recently changed their password but were apparently logged in elsewhere under their old password. The problem came in trying to determine where they were logged in from. With LEM we were able to query for the lockout event to determine where the failed login attempts were coming from. Once known, the account was logged out of the machine and the lockout events quit occurring.
Score 8 out of 10
Vetted Review
Verified User
I use SolarWinds Event Manager to provide visibility and insight into network activity/use. We use SEM to address regulatory needs such as knowledge f network events and monitoring of peripheral devices. SEM also tracks what devices are attached to the agency's network, making it possible to detect rogue devices that may pop up.
  • Make sense of syslog entries from a variety of sources
  • Tarck USB device usage
  • Track login attempts, successes and failures
  • Easier custom reporting
  • Automate alerts when certain thresholds are met
  • Easier rule writing
SEM does exactly what it's supposed to do, and then some. I'm using it to aggregate logs from a number of disparate devices, and it does this very well. I also take advantage of the USB monitoring agent. In general, it's competent and relatively easy to set up and maintain. I wish I had more time to delve into customizing both the dashboards and the reports/alerts that come from it.
Score 9 out of 10
Vetted Review
Verified User
We use SEM as our primary logging solution for all network infrastructure devices (switches, routers, WLCs, etc). The software allows us to track changes, identify issues, and it helps us stay compliant with insurance requirements. Particularly useful is the ability to send e-mail notifications when a critical event has occurred.
  • Logging network devices and servers
  • Searching Historical Events
  • Notifications and custom rules
  • Sometimes get duplicate log entries for the same event
  • There is a moderate learning curve for setup and maintenance
There are numerous SIEM solutions out there, all of which offer similar features. SEM does have a slight learning curve to get set up and working but is not unreasonable. For us, SolarWinds SEM strikes the perfect balance between cost and functionality. We re-evaluate our logging needs every year and SEM continues to meet the requirements of our business.
Score 9 out of 10
Vetted Review
Verified User
SolarWinds Security Event Manager (SEM) is our dedicated syslog for network devices, providing a higher set of features, search capabilities and filters than the basic syslog section in the Network Performance Module (npm). The built-in dashboards and ability to look at events in various categories prove particularly useful in troubleshooting scenarios.
  • Categorizing of events in different buckets: Security, IT Operations, Change Management, Authentication, Endpoint Monitoring, Compliance.
  • Intuitive configuration via Wizards, with meaningful examples and interactive help.
  • The ability to create rules and set up actions for select events, using predefined templates.
  • Better integration with npm, rather than being a standalone product.
SolarWinds Security Event Manager (SEM) would definitely prove itself as a valuable tool in any network administrator's portfolio, surpassing the syslog capabilities built into the SolarWinds Performance Manager. The ability to check both historical and live logs and have the events categorized, as well as the option to apply multiple filters to narrow down searches to the relevant information are of great use in troubleshooting scenarios or forensic tasks.

Score 8 out of 10
Vetted Review
Verified User
Main SIEM All feeds to this
  • easy to configure
  • easy to update
  • pretty good support
  • easy to learn
  • more built in decoders for events
  • easier integration with endpoints that are not main stream
  • better cloud integrations
SEM is scalable and would fit most installations. May need more than one if you have a large installation
Score 8 out of 10
Vetted Review
Verified User
We use it as an internal SIEM tool and we also train others how to use it.
  • Process Syslog/trap and event messages
  • Provides an easily understood dashboard
  • easily processes events from agent and non-agent devices
  • Reporting uses Crystal Reports which is very limited and not intuitive
  • Process for building custom filters needs more in-context help tools
PCI and DISA STIG monitoring and compliance are a strong point for SEM. There are a fair number of out-of-the-box filters for both. Developing a monitoring approach which is entirely custom and not bound to a particular regulatory framework is cumbersome due to the limited assistance with filter and rule construction.
Score 10 out of 10
Vetted Review
Verified User
We have a group of servers that reside in Microsoft Azure as well as on-premise. SEM allows us to centrally manage these servers for both security risks as well as general events that we may otherwise miss. With the SEM technology, we are able to spend more time where it is needed and rely on SEM to notify us of any potential issues or threats.
  • Steady monitor of server activity.
  • Notifications for events logged which we have alerts set for.
  • Ease of use.
  • I believe it is currently doing everything it needs to for my needs.
This is basically the same as last question.
Score 8 out of 10
Vetted Review
Verified User
This tool is very beneficial for securing our network environment and systems from any defects in our companies. This tool is our main SIEM solution. We are using SEM as a log collection and event generated on our server farms (local and DMZ). And also we are using real-time monitoring for some specific events defined by our security team.
  • Log collection
  • User-friendly and Easy dashboards
  • Queries seeped (according to our size)
  • log data parsing is good. if you upgrade some systems, most likely SEM will recognize it
  • Agent installations are easy but there are some meaningless steps
  • Can be add an advanced reporting process or module
Solar winds can be installed quickly in the production environment and can collect data. Log data collection is the first and most important step for cyber-security and forensic investigation. The tool gives the best services for monitoring our whole network environment with great features.
Score 6 out of 10
Vetted Review
Verified User
Utilize SEM for log aggregation purposes on network devices. The primary scope of your use case is to log, monitor, and investigate for technical problems.
  • Log collection.
  • Graphical representation of collected logs.
  • Rules to trigger and send emails for quick identification and monitoring.
  • File Integrity Monitoring
  • Better UI to search and track logs
  • Connectors compatibility issues
We have been actively tracking repeated logins on VPN connections and other organization-critical systems to meet compliance and mitigate false positives. Significantly reduces time to identify root cause and troubleshoot problems.
Score 8 out of 10
Vetted Review
Verified User
The windows installer had issues installing remotely, so we ended up using PowerShell to script the install, with no real reason from Support. At this point, we are just looking for excessive logins for the external-facing server.
  • If any account is Enable/Disable, we get an email.
  • If any account is locked out, we get an email.
  • As nodes are decommissioned, to be able to export just that one server's data.
We don't use it fully as it could be, but since we're downsizing 80% smaller by June, won't be enabling existing reports/emails.
Score 10 out of 10
Vetted Review
Verified User
At the university I work we use SolarWinds Security Event Manager. It is used to collect logs from firewalls, routers, switches, wireless controllers, NPS servers, and Domain Controllers. We then use this data to analyze and generate required reports on any incidents. Having all the info in one location makes analyzing events far simpler.
  • Customizable event filters
  • Awesome user interface
  • Easy to configure connectors
  • Needs better integration with SolarWinds NPM. This is the only Solarwinds product we use that isn't integrated.
  • It needs a more lightweight client.
Solarwinds SEM is great for generating reports for investigation purposes. Once you set up the connectors you can walk away and the product runs without needing maintenance. It was however pretty difficult to create the reports and alerts when now starting out and it can be very intimidating for new users.
Score 10 out of 10
Vetted Review
Verified User
I use SEM to Centralize log collection for my domain controllers, file servers, NPS servers, and Firewalls. Using SEM we are able to have all logs in one place and use that data to generate necessary reports. Products work great and once it was set up there was not any need to go back into the configuration.
  • Collect logs.
  • Generate reports.
  • Great user interface.
  • I would like the client to be more lightweight.
  • I would like a mobile app.
SolarWinds Security Event Manager is well suited to generate reports on a user so that the user can be audited. We also use LEM to determine who made changes to Active Directory when needed. SEM also sends alert emails when certain accounts are used as well as failed logon attempts for administrative accounts.
Score 10 out of 10
Vetted Review
Verified User
SolarWinds Security Event Manager (SEM) was included in the short list of SIEM solutions for our SOC solution. SolarWinds Security Event Manager (SEM) dashboard was comprehensive and the UI was intuitive and easy to customize. The 'out-of-the-box setup was easy and hit the floor running with minimal configuration when paired with SolarWinds Network Performance Monitor or Server and Application Monitor.
  • SOC Dashboard
  • Compliance Reporting
  • Node Health
  • User Logon Events Dashboard
  • Poor Performance for 10,000+ elements
  • Poor Performance for real-time dashboard when over 10K nodes
  • Poor database performance for extra large global enterprise
SolarWinds SEM is well suited for a medium to large enterprise with continental datacenters or a few datacenters peppered around the globe. SolarWinds is a thorough and complete IT Operations Monitoring, Alerting, and Capacity planning solution with excellent ROI and arguably the fastest tool to get up and running with a great ROI usually within the first year. SolarWinds modules allow for the deployment of a specific IT Domain solution or a complete end-to-end IT Operations center tool for Application, Server, Network, Security, etc.
Score 1 out of 10
Vetted Review
Verified User
We are using Solarwinds (SEM) for event monitoring and responding to [an] event. This is used to monitor [events] across the business. We want to use the SEM to address so many problems but Solarwind's customer service has not been great as they don't even try to [put] themselves in customer's shoes. [They] allow customers to deal with issues themselves, providing little or no support to help customers.
  • It gives you [the] ability to see logs in one central location
  • Inbuilt rules and filters
  • How to build custom [rules] for individual purposes (e.g. rules for Admin users on critical systems, log on, log off, brute force, scanning)
  • Customer support should be timely and available
  • Videos to onboarding systems should be made ( e.g, websites, servers, wireless access point, active directories, firewalls, Domain controls, etc)
  • Hard to achieve unwanted logs
  • Updates for SEM users should be made available (New features and usability)
  • No user-friendly support
  • No health check of the SEM by Solarwinds
  • Support needs to improve
  • Videos to be sent to users on how to create custom rules to fit individual purposes
  • Training on each feature of the SEM tool should be made available in a specific location on SolarWinds website
  • Best practice videos and use cases should be made available
The SEM tool [seems] very difficult to use due to lack of support from SolarWinds customer support. No up-to-date documentation on how to onboard, no videos on best practices, no use case videos[, and] bad customer service.
Score 8 out of 10
Vetted Review
Verified User
SolarWinds SEM is currently being used to aggregate all our event logs for our secure on-premises systems into one place for auditing and security purposes. It allows for easier review of security logs and allows for alerting to be created for certain events avoiding a regular manual review of these events.
  • Allows alerts to be generated
  • Slots into pre-existing Orion system
  • Easy to set up and configure
  • Online documentation for setup was not great and at points misleading.
If you have an extremely large server estate SolarWinds SEM may not be the best solution as it does not have an agent-less collection method.
Score 7 out of 10
Vetted Review
Verified User
SolarWinds Security Event Manager is utilized by the Information Technology department. Individuals on multiple IT teams have email alerts set up to notify them about events that require action. Additionally, the Security Event Manager is also utilized when there is a need to look at the logs to identify the root cause of a problem. For example, user account lockouts at a time the user wasn't in the office. It addresses multiple business problems by letting us know when something requires our attention.
  • Easy to utilize--the rules are straightforward and pre-configured. You just have to customize them to fit your environment.
  • Great customer service, which is incredibly useful when you want help with better utilizing the SEM.
  • Easy and clear filters when looking for specific information without your environment.
  • The SEM can be rather slow--an increase in CPU and RAM appeared to fix this problem fairly easily though.
  • The SEM has lately required reboots for us fairly often. This is something we are currently working with support to resolve.
  • The SEM could release additional graphic options to help better display data to management.
The SolarWinds Security Event Manager is great for people who want to be able to either view logs or set up emails for certain actionable events. However, it would be less helpful in a situation where you want your SEM to be taking action on specific items. There are some actions that can be taken by the SEM, but they constitute a rather short list in comparison to other SEM tools.
December 09, 2020

SEM is a good product

Score 8 out of 10
Vetted Review
Verified User
We use SolarWinds security event manager to help provide insight to all of our logs across our organization. It provides a single pane of glass to this information. We’ve had great success and using the dashboards and some of the automated process is that we can put in place.
  • Insight to suspicious events.
  • Automated response to common issues.
  • Reports.
  • Interface.
  • Reporting.
  • Notifications.
The tool provides a single pane of glass to all of our products. It is nice to have the logs parse together in a single place. The interface itself has a lot to be desired. The product has been built over the top of other products and you can tell.
Score 8 out of 10
Vetted Review
Verified User
The Solarwinds SEM is used for our client for 24/7 incident monitoring and reporting. The primary use is for account events, such as lockouts, disablement, and enablement to both user and computer accounts. It really works well in correlation and helps to stick with the audit and compliance. With a user-friendly web interface and automation modules, SolarWinds is an overall excellent cost-effective SIEM product if the intention is just to monitor for security incidents by manually created correlation rules.
  • Has a nice user-friendly interface. Some SIEM can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
  • The logging agent in the source device is really simple to deploy and integrate.
  • Monitoring and reporting the account disablement with detail to whoever disabled an account for audit and compliance.
  • Some logs are not parsed well, happen to depend on the external log parser tool.
  • The update method needs to be made even simpler, auto update would be better.
  • The email alert features with SolarWinds will send a large number of emails if the number of alerts email. The duplication of email alerting needs to be reduced.
The Solarwinds SEM will get your logs collected and analyzable, especially for Windows servers or workstations, it can be a good solution. Alerting and reporting need to be done manually, but once you have it set up the way you want, it will work solidly. If you are looking at a log collection solution that has any of its own smarts and analytics, Solarwind doesn't have such machine learning features, maybe in the future. If you want out of the box reporting and alerting, that won't happen. They need to create and fine-tune the rules more.
Joseph Crook | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
SolarWinds has been implemented across our network as a systems management platform for server, applications and high value workstations. I assisted it's implementation with the systems that I administer across the region. It allows us to track the health of critical services and to quickly identify and address problems as they occur.
  • We use the client on register systems as event forwarders and log collection.
  • It enables us to verify the access security to high value workstations and register systems.
  • It provides a repository storage for log files so that they do not solely exist on workstations.
  • It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.
  • Within the scope of my role I have noticed that the client can be problematic during system startup - some of the register systems we use are older and have lower resolution screens. When the client loads it pops up on screen but completely out of scale (to clarify, it may open a window that is 14x14 inches on a screen that only displays 10x10 inches. This is more frustration than a functional problem.
  • Automated rollout would be useful but it is outside of my scope in my job to even know if it already has automated install capability.
  • The GUI itself is a little clunky and there is somewhat of a learning curve - training is provided to clients however a friendlier interface would be helpful.
For medium to large scale business that incorporate high-value resources and need a central log repository I think SolarWinds is fantastic. It may be overkill for smaller businesses however.
Score 9 out of 10
Vetted Review
Verified User
We're using SEM on various networks that need to comply with 800-53 security controls under RMF. We have many security technical implementation guides me must follow with many requirements that need to be followed.
  • Easy to install virtual appliance
  • Out of the box configuration that works with little modification
  • Price isn't based on events it's based on monitored nodes
  • It may not scale to millions of nodes
  • Searches way back in time take a little longer due to compression
  • Not many Cons really!
SEM is appropriate for all but the absolute largest networks. It works great for smaller, medium, and even some decent sized networks. Having options for all kinds of data to easily be ingested and have the events normalized out of the box is great. The price is really right when compared to other products. Some competitors are priced by number of events and in a locked down environment; this means millions of events so price climbs fast on these other products. Agents are easily deployed and can be used in images. The number of event connectors for ingesting data is large and built into the product and constantly updated. Updates are easy.
Score 10 out of 10
Vetted Review
Verified User
SolarWinds Security Event Manager is used to collect, review, and analyze system logs from servers, workstations, and network devices. Used by one department, it solves the problem of having to go through long log files trying to find and make sense of an event. It also helps with reporting for compliance purposes.
  • Graphs showing important events
  • First-time setup and addition of new devices is easy and organized
  • Performance is excellent
  • Reporting could allow for more customization
  • Better integration with other products of SolarWinds line
  • More alert options
SolarWinds Security Event Manager is best suited for environments with many devices that need to be secured and are high availability, where any down time needs to be resolved quickly and the cause of a failure needs to be investigated and determined with good degree of precision. It's also suited for environments that need to be kept in compliance according to several standards. Many standards and policies require the keeping and review of logs for several years back.
Score 8 out of 10
Vetted Review
Verified User
We use Solar Winds Security Event Manager (SEM) across our entire organization. It enables our company to monitor and manage events and provide reporting required for PCI and ISO compliance initiatives.
  • Brings together security events from multiple system sources.
  • Allows IT to review and manage security related events.
  • Provides convenient filters/views allowing us to narrow down the data we want to see.
  • Some improvements in user documentation could be helpful.
SolarWinds Security Event Manager (SEM) works well for a company our size, and we think it will enable us to grow without having to change out the system. We've also implemented Solar Winds Service Desk.
Score 8 out of 10
Vetted Review
It is being used by the outsider IT company who does Level2 and Level3 support. We use it to audit network device logs with it (Palo Alto Firewalls and Juniper switches). Also we use it to audit Active Directory logons. It is easier to keep these logs in a single place.
  • Customizable dashboards, where you can see everything you want.
  • Easy to set-up connectors.
  • Fully customizable event filters.
  • Unable to set up some legacy equipment (Zyxel switches).
  • Not an easy to product to learn from scratches.
A good product for a single pane of glass auditing various products.
Not a product you can set up properly in 1 hour and needs long hours of reading to get used to.
Return to navigation