Log & Event Manager Quick Tour

Uploaded by solarwindsinc on 02.03.2012

[Music Playing]
Hello, my name is Rob Johnson.
During this session, we'll complete a brief overview of the
SolarWinds Log & Event Manager or LEM Console.
The LEM Console is a web-based console, and offers several
methods of log analysis, both for real-time and historical purposes.
Across the top of the console is a navigation bar.
The navigation bar just allows us to get to the different areas of analysis
that we need to perform.
We'll start out in the "Ops Center" view.
The OPS Center gives you the ability to create a visual representation
or "high level" overview of the data that's being generated
in your network.
There are several charts and graphs or "widgets" that are included
and come out-of-the-box, or you can use the "Widget Manager" to
create and add your widgets to the dashboard.
In addition to the out-of-the-box widgets that are included,
there are several that include links to useful information such as
videos and documentation, that can help you quickly and efficiently
deploy LEM in your environment.
Next on our navigation bar is the "Monitor" section.
The monitor section is used for real-time analysis and allows you
to view events generated on your devices as they happen in
your network.
To view specific event details, simply CLICK on the event and the details are
located on the right-hand side.
To the left of the "Alert Details"--similar to what you can do in the OPS Center,
you can create a visual representation of that data.
On the far left are "Filters."
Filters allow you to pull specific pieces of information out of the logs,
or focus on specific events of interest.
There are several out-of-the-box filters included, or you can utilize
the simple drag and drop "GUI Editor" to create your own.
Moving on from the monitor section, we'll use the "Explore" button
to navigate to the nDepth "Search, Analysis, and Ad Hoc
Reporting Utility."
This utility allows to quickly and efficiently access log data for
forensics and historical analysis.
nDepth is highly interactive.
All of the charts and graphs are clickable, and can be used for
effective drill down into log data.
A bottom row of icons allows you to edit and change different charts
and graphs or widgets so that they can be used within a report.
All of the results of your queries can also be accessed and
used for drill down.
Finally, any of the results that you receive within your query,
can then be turned into an ad hoc report by simply using the "Export."
Any of the reports can be edited.
Graphs and charts can be moved around.
All of your layouts can be saved
and any queries can be saved for later use.
Further real-time analysis and additional management of the LEM technology
can be conducted in the "Build" menu.
Build offers three different areas.
"Groups" allow you to create lists of information, email templates,
and access to directory service or Active Directory groups.
In the "Users" area, you can create and manage users to allow access,
provide roles, or limit access to the console.
Most importantly, the build menu contains the correlation engine in an
area we simply call "Rules."
Rules allow you to tie events together from all the different systems
that you're collecting logs from.
LEM comes with hundreds and hundreds of rules out-of-the-box.
In most cases, LEM will have a rule that you can use.
If not, like the filter utility that you saw before, it's a simple drag and drop
editor to create and/or edit the existing rules.
Rules are broken down into several categories located within
the "NATO5" section.
Think of these as a community rule set.
There are several additional categories under here that break it down
into "Change Management," "File-Related" rules, or "Authentication."
Correlation rules can also be used to automatically respond to events of
interest within your network.
Actions can be attached to these correlation rules that can conduct
everything from detaching USB devices, blocking an IP address, using
your firewall, simply sending an email, or disabling or re-enabling accounts.
There are literally dozens of actions that can be applied, and they can
happen automatically, depending on the event of interest.
The "Manage" area of the console allows you to manage your licenses,
as well as, other configuration options within the LEM Console.
And finally, the "Analyze" button is basically a placeholder for things to come.
SolarWinds believes in constantly improving their technologies to make
our customer's lives easier, so you can expect to see additional
information in this tab going forward.
For more information on how to easily customize LEM for your environment,
please visit www.solarwinds.com.