LEMme tell you about Solarwinds LEM!
February 16, 2016

LEMme tell you about Solarwinds LEM!

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with SolarWinds Log & Event Manager

We use Solarwinds Log and Event Manager (LEM) as our SIEM to correlate all of our various log data coming from servers, network equipment and security appliances to create meaningful alerts and, in some cases, automatically take action. LEM gives important insight for our IT staff into the activity the occurs on our network. It can be used for troubleshooting communication issues, quickly identifying policies that are blocking legitimate traffic, or to identify anomalies in network traffic that need to be investigated. It also sends email notifications when certain events are detected, allowing us to have eyes on even when we are away.
  • Incredibly easy to set up. It was deployed and had log sources pointed to it and performing basic correlations within a day.
  • Auto-response. The automated responses that are available after deploying the agent give you incredible control to respond to events on your network.
  • User-friendly interface. Some SIEMs can be daunting to learn how to use and get acclimated to, but LEM has an intuitive layout and is very easy to pick up and use.
  • No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
  • Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.
  • Faster turnaround when investigating access issues. LEM's search function allows you to quickly identify which ACL policy may be blocking a user's access - and as a result quickly resolve the issue.
  • Regulatory compliance. If you have regulatory compliance requirements for security monitoring, this product will likely check off a few boxes.
  • Stronger security posture. Not every company can afford a 24 hour Security Operations Center. Intelligent technology like LEM can help fill in those gaps to strengthen your security posture, and even allow for complex automated responses to threats during non-business hours.

In the past I have used Qradar, McAfee ESM, and RSA Security Analytics.


Compared to these products, LEM is by far the most user friendly and easiest to deploy. LEM's ability to automate response and remediation also seems a cut above these products. LEM also ranks up at the top in terms of reliability. Very rarely have we had to resolve issues that prevented LEM from doing it's job.


LEM is unfortunately lacking in the ability to create custom parsers like other SIEM solutions can. This means if LEM is unable to parse logs coming from a network appliance, you won't be able to view them until Solarwinds releases their official parser for that product. Complex correlations can also test the limits of LEM due to the way that logs are parsed into event type rather than log source type. Trying to correlate all of your IPS events in a complex correlation? This my prove to be difficult in LEM.

SolarWinds Log & Event Manager (LEM) is a SIEM that is very well suited for environments where you have a small team managing your technology and need a powerful tool that is easy to set up and requires little maintenance and care to continue doing it's job. In the time that we have had LEM deployed, it has been very solid and has required very little intervention to resolve issues. It comes pre-packaged with some great correlations to get up and running right out of the box as soon as log sources are pointed at it. If you need a SIEM and either don't have the expertise in house, or don't want to spend the resources for professional services, this may be a good fit. There are only a handful of situations where we have run into LEM's limitations when trying to setup functionality or correlations. Otherwise, it is an excellent SIEM that offers some great features.

SolarWinds Security Event Manager (SEM) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection