    LEM Storage Capacity Alert


      Currently evaluating LEM to replace our existing SIEM. We have a requirement that says we have to be alerted when our log storage disk capacity reaches 80%.


      While we could do this within VMWare, we have this configured internally on our current SIEM but I'm not seeing how to configure this in LEM.


      Anyway to do this internally in LEM?


          LEM performs health checks on the database at regular intervals (on an hourly basis I think) - these events appear as InternalInfo events. You could build a custom rule based on these events.


          A disk usage event appears like this within the web console:



          So, you could build a rule like this to alert if disk usage for logs exceeds a certain percentage:



          I haven't tested the rule, but that should do the trick

