LEM, your one stop shop for Security Event and Incident Management!
February 28, 2019

LEM, your one stop shop for Security Event and Incident Management!

Jim Trucano-Harp | TrustRadius Reviewer
Score 9 out of 10
Vetted Review

Overall Satisfaction with SolarWinds Log & Event Manager

As a Network Monitoring Engineer and instructor, I see many Government and Military IT Organizations choose LEM as their primary Security Event and Incident Manager(SEIM) across all of their networks. LEM allows them to have a consolidated, normalized view of both their server and network environments. Having a consolidated view provides SolarWinds customers with the ability to correlate multiple security events across disparate systems and greatly reduces the amount of time and effort to detect and respond to potential security intrusions.


  • One of the most valuable features of SolarWinds LEM is its ability to normalize logs from differing systems into one common format. LEM normalization saves time and effort in doing forensic analysis by letting security personnel see the "whole picture" of their network in one place.
  • LEM's Active Response capability makes it easy to watch a security event happen in real time and to take immediate action. For example, LEM can very efficiently allow security personnel to logoff suspect users or even restart important Windows Server processes in real time, before further intrusion can happen.
  • LEM has a lot of out of the box features that allow for the quick implementation of security policy across many industries. LEM can provide immediate compliance monitoring and management for standards such as PICA, HIPAA and DISA-STIG.


  • The number one challenge for SolarWinds customers I see is LEM's reporting software. LEM Reporter, a standalone Windows Application, is not as intuitive as customers would like and they report some instability in the application itself. Customers tend to use LEM's search scheduling as a more effective way to report on security events.
  • Performance has been an issue based on LEM's use of a Flash interface. This has been a limitation for a long time. However, with the transition of the LEM interface from Flash to HTML5, customers are reporting much better performance starting in LEM 6.5
  • Every one of my customers makes some comment about LEM's very high learning curve. LEM is not very intuitive, requiring a lot of rote learning through repetition. Many LEM customers request some type of training to help them learn to use it.
  • LEM provides users the ability to reduce administration and operations cost by consolidating log management into one system.
  • LEM allows various IT departments such as server and network to work together using normalized common events. This increases operational efficiency and reduces event correlation time.
  • Customers should expect a high learning curve for personnel when the product is first implemented. Network management will need to plan on some ramp-up time cost up front.
LEM is best deployed in networks requiring high-speed aggregation of log messages across disparate platforms to a single logging system. In an environment where immediate response to security events and incidents is needed, LEM performs very well. From tracking suspicious user login events in real time to detaching suspect USB devices from workstations, LEM provides the ability to respond quickly.

SolarWinds Security Event Manager (SEM) Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection


More Reviews of SolarWinds Security Event Manager (SEM)