This week we are going to discuss Monitoring, Events, and Filters. For the purpose of this blog, I will be using SolarWinds Log & Event Manager (LEM) as our monitoring software. LEM collects, stores, and normalizes log data from a variety of sources and displays that data in an easy to use desktop or web console for monitoring, searching, and active response.

 

 

Why do you need monitoring?

 

Network monitoring is necessary to maintain the integrity and safety of your internal network. Monitoring can determine if your network is overloaded, has crashed servers, network connection issues, or even if you are the target of an unauthorized access attempt. LEM monitors network activity by analyzing the log data collected, and then parsing the information with the use of out-of-the-box filters or custom filters.LEM displays the monitored events on your network in real time.

 

Events and Filters

 

Events are messages created from Agent, Manager, and network device log entries. These normalized (remember what this is? If not, then review this blog entry) events are sent from the Agent to the Manager for processing. At the Manager, the events are processed against your Rules, sent to your Database for archiving, and sent to the LEM Console for monitoring. On a busy network, there can be millions of events each day, so the LEM Console uses event filters to manage events.

 

A filter is a subset of your events that focuses on a particular type or group of events and hides all others. When configuring a filter, you can examine and use individual event properties to determine precisely which events are to appear in that filter. Filters also display events in real time. You can turn filters on and off, pause filters to sort or investigate their events, perform actions to respond to events, and configure filters to notify you when they capture a particular event

 

What kind of events necessitate a filter?

  • Change management events
  • High volume events
  • Events you want to monitor (user logon failures, etc)
  • Testing conditions for future rules