About once a week we'll have the network connections between locations go incredibly slow or stop all together. Our network vendor sees about 3-5 GB of traffic being sent from our domain controller server to our SolarWinds LEM device. This transfer occurs for about 30 minutes and has been occurring between 10-11 AM. Is there any way for us to track down what is causing this? It seems like a ton of traffic for just recording logs.
Do you see a flood of logs or spike of logs at that time also? GB is a LOT, it seems unlikely it'd happen without some logs associated...
You might also check the logs in the agent on that system and see if you can find something happening right around that time (spoplog.txt or SWLEMAgent.log in the agent install directory). Did the agent restart? Did it note that it was reading logs? Anything else?