What happens when a user locks out his user account? He calls you, right? Well, something else happens, too: your domain controller logs the event. The neat thing about that is it's not just good for compliance reporting. Logged events like this are also useful for log management systems that monitor your logs and notify you in real time when a problem occurs. In this example, you wouldn't have to wait for the locked-out user to call you; you could set your log management system to notify you when the lockout occurs. At that point, you could contact the user proactively instead of waiting for a call.
There are countless other times your logs can tell you something's wrong before your users do, or worse, before some sort of failure occurs. For example, Windows event logs can tell you when users access or modify sensitive files, when critical services stop, or even when a suspicious process starts. On the network side, device logs can warn you of abnormal traffic patterns or traffic from a malicious source. If you had a way to constantly monitor these logs and get notified when things like these occur, you could make your life a whole lot easier.
Log Management the SolarWinds Way
SolarWinds Log & Event Manager (LEM), our SIEM tool not only provides the proactive problem analysis described here, it also provides functionality that helps resolve the problems remotely - even automatically. LEM can reset passwords, re-enable accounts, and even start and stop services. It goes far beyond what you would expect from a solution that monitors and aggregates log files.
Troubleshooting Complex IT Problems
If you're looking for a more complete remote support tool to troubleshoot and fix more complex problems than what you want to automate with LEM, check out DameWare Remote Support (DRS). DRS doesn't provide the alerting a log management system would provide, but it provides everything you need to solve the issues that come up:
- Manage multiple Active Directory sites in a single interface
- Edit Group Policy Objects from your workstation, not your domain controller
- Start and stop desktop services on remote computers on demand
- View registry information on a computer without remoting into it
- Remotely control desktops and servers with integrated chat and screenshot functionality
Together, LEM and DRS create an IT troubleshooting environment that's not only compliant, but also proactive and flexible.