Open for Voting

LEM Distributed Architecture

I would love to see LEM broken out into a distributed architecture where you would have the ability to choose which roles an appliance plays; Log Processor, Log Database and Log Manager.

Log Processor = A collection point for logs where agents send their logs and where systems can send their logs, this is where logs would be processed.

Log Database = This is where the logs are stored, any form of backup tasks would take place here as well.

Log Manager = This would provide the UI as well as the communication broker for the different systems in the environment.

Any given appliance once installed could be configured to perform all of these functions or only a one of these functions.  By doing this processing and storage could be distributed and you could also easily have different collection points within a DMZ.  This would also provide the flexibility for future capabilities.