It is possible to find the user logon information login successful\failed login in windows /Linux servers using SAM?
Possible, yes. Depending on what you are trying to do with it. I would probably not recommended SAM unless it is looking for very specific login attempts to alert on and not as a generalized authentication monitor. LEM is the tool that is better suited for logon auditing/monitoring.
Using SAM your options are these:
For Windows devices you would be using the event log monitor. You would need to enable logon auditing on the windows box as I do not think it is enabled by default.
For Linux you would probably be using log parser monitor and monitoring the auth.log file.
LEM has separate agent or it uses the same agent which is used for SAM?
LEM is a different Product and also has a different Agent.
LEM is a virtual Appliance (like vman) that gathers/receives and then analyzes/normalizes the Data. LEM classifies as a SIEM solution.
hope that helps
So orion and LEM will be in single dashboard?
