SolarWinds Log & Event Manager fills gaps in Windows/AD monitoring
January 15, 2019

SolarWinds Log & Event Manager fills gaps in Windows/AD monitoring

Scott Reese | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with SolarWinds Security Event Manager (SEM)

We use LEM for two main purposes. First, to replace an obsolete Cisco MARS appliance that captured a couple of days' worth of packets from our firewalls for forensic purposes. Second, to provide notification to staff of AD events such as account lockouts and administrator logins. Users are strictly within the infrastructure team of the IT department.
  • Able to ingest full Syslog output from three enterprise firewalls.
  • Able to detect and alert on specific Active Directory events.
  • The interface for creating alerts is onerous. It is necessary to dig out the exact event ID of anything you want to alert on.
  • Early versions required a separate server to host a FastBit database, but that requirement has been eliminated with the latest release; SQL is now required.
  • We did not have to purchase Cisco's successor to MARS, that is a large ROI.
  • We did not have the ability to know when users locked their accounts by bad password attempts, now we know before they call us.
We did not evaluate LEM against competitors because we have a significant investment in other SolarWinds products and wanted to leverage the infrastructure and interface as well as staff knowledge.
Filtering, detection, and notification of Windows and AD events is LEM's strong point, though it's tricky to build the filters. It's not necessarily designed for forensic firewall packet capture but it can be used for that purpose.

SolarWinds Security Event Manager (SEM) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Custom dashboards and workspaces