Showing results for 
Search instead for 
Did you mean: 
Create Post


Level 11

To check out the most up-to-date information regarding What We're Working on, please visit the LEM Product Roadmap page.

Be sure to let us know in the Log & Event Manager Feature Requests forum, if there are features you're really keen on. This list doesn't enumerate a lot of the features we're looking into for long term development and further releases, but we continually use Thwack as our biggest source of feedback.


Things have come to a head (missed notifications, notifications being buried in too many other notifications, etc.) and we're going to finally spend some time with this.  Thanks for keeping this going!

Level 9

Letting you know here, as asked. List of my feature requests/issues:

1) Allow visibility of logs to be broken up by groups. Some people need to be able to see every log, but some people should only be able to see the logs pertaining to their systems.

2) 2 TB is simply not big enough. We need more historical data space. Doing fancy "back it up to another system, and restore it when you need to look at it, just so you can be compliant" is not feasible.

3) We need time-based data retention. We need to be able to mark some data for longer retention, especially for compliance. I don't need firewall logs for more than a month. I do need PCI machine data for a year. The large volume of firewall logs will push off the PCI logs before I am ready. Again, the whole "back up your logs elsewhere" isn't very feasible.It also makes it difficult to see trends over a long period.

4) I need to be able to do longer ndepth searches, without having to rely on Crystal Reports.

5) Crystal Reports? Seriously?

6) Ability to group syslog nodes with the same ease as windows nodes. Yes, I know you can manually enter them all in a group, but if the system already detects them, I should be able to just highlight them and add them. This goes for offline nodes too.

7) Did I mention scrapping Crystal Reports? Having to do a giant report (say, for all logons) before I get to parse the data down (say, for a specific user) is incredibly cumbersome.

Level 9

😎 Getting away from Flash and Java.

Level 9

9) Ability to customize LEM backup times.

I second hitnrunxx​ motion... get away from Java.

Level 8

Being able to import filters to rules and rules to filters.  

HTML5, always.  No Java, no Flash.

Level 10
  1. global filters
  2. ability to view groups in the monitor (PCI vs non PCI would be helpful)
    1. Ability to view groups in ndepth search (which group does the workstation/server belong to) to assist in false positive
  3. ndepth search view to resemble "monitor" vs current list view
  4. HTML5
Level 10

Also, the "last connected" timestamp should reflect last event sent and not when the agent last rebooted?

Level 10

ability to do a "MAX" search, to search for the last event for a workstation/network device

About the Author
Product Marketing Manager