LEM currently will receive and store the events being forwarded to a specified location within LEM. When access the LEM from the cmd the selected repository will show the forwarded events, however you can not manipulate the data within the GUI.
It would be extremely helpful for some deployments to be able to create alert emails based on the events that are being collected in an "offline" environment (separation via data diode) with Kiwi Syslog Server. Currently utilizing Log and Event Forwarder to send specific events from x amount of nodes to the Kiwi Syslog Server. This data is being forwarder out through the data diode to the LEM and being received/stored by the LEM. The needed functionality would be to trigger an alert based on specific criteria that may be within one of the forwarded events. Current licensing setup within LEM does not allow this.
This would be a crucial piece to the LEM puzzle by providing more functionality for isolated environments.
