Hello
We have our Network team asking these questions, can you please help with specifics.
Thanks
How does it communicate?
Agents push to the virtual appliance using the ports listed here
SolarWinds Knowledge Base :: SolarWinds LEM Port and Firewall Information
specifically,
Frequency?
By default each enabled connector has a sleep time of 1 second. The frequency is configurable. So, it is real-time for all practical purposes.
Logging activities and amount of log data?
It depends on the connectors enabled. By default, connectors for Security, System and Application event logs are enabled. The communication is encrypted and compressed. In most cases, it is a steady trickle roughly equivalent to an LDAP request (i.e., negligible network overhead)
Thanks, further on from this our operations guys are blaming network bandwidth congestions on the amount of data being sent from agents to the LEM Appliance.
1. Does the LEM agent send the complete log data to LEM?
2. Or does the agent just send the data what I have configured in the LEM Policy?
If you enabled the connectors with the default output type (which is Alert, not nDepth or Alert,nDepth), then only the normalized events are sent. The normalized events are sent only for the enabled connectors.
Is the "excessive" bandwidth coming from 1 agent or multiple agents combined? Where are your agents relative to the LEM appliance - all in the same location or another location? You can check which connectors are turned on for a particular node from MANAGE > Nodes and the Gear icon > Connectors next to the agent node. You can change the sleep time from 1 (second) to say 10 (seconds) to see if it helps
