SolarWinds LEM features

Hi, tagathzg.

Thanks for all your thoughtful questions. Here's what I know...

I am interested if LEM can log application events from IIS, DHCP Windows, MS SQL server and Oracle Audit?

The quick answer is "Yes." We have connectors for all of those items, and you can find a comprehensive list of our supported data sources here.

Additionally, I was wondering if it can log internal user activity and generate reports. We would have several administrators using LEM and we would like to log what each was doing. Is that possible?

LEM logs all activity related to its users, and you can view that activity in the default SolarWinds Alerts filter (real time data) and several default LEM reports. You can also configure rules (go to Build > Rules) and historical searches (go to Explore > nDepth) for this sort of thing using the TriGeo Alerts Alert Group.

Is it possible to rebrand LEM reports, give them a different look and feel. Is it possible to change the layout and even graphics in generated reports?

At this time, you cannot modify the "canned" reports that come with LEM. You can, however, customize the layout of the ad hoc reports that you can generate based on your nDepth searches, but you cannot currently change the logos on those reports.

Would you say that the report gathering is tamper-proof, in other words is it possible to modify/edit gathered reports in some way?

All information gathered by LEM is encrypted and read-only. When you "alter" a report (currently limited to exporting nDepth search results as noted above), you can only alter its appearance. You cannot change any of the alert data. Furthermore, LEM Agents collect event data from Windows in real time, before the data is even written to the event log. So, even if a user alters the event logs on disk, the LEM Manager already has the original events.

Is it possible to setup active directory authentication or maybe radius?

LEM users must authenticate separately to the LEM Manager. The closest you can get to "seamless" authentication at this time is to set your LEM Console to authenticate to your LEM Manager on startup. LEM saves these settings at the level of the user's Windows profile.

Do active responses need connectivity to LEM Manager?

All LEM active responses require connectivity to the LEM Manager except the Detach USB Device action. You can set up a local policy on your LEM Agents to detach any USB device that is neither recognized as an authorized device nor associated with an authorized user. For more information, see "Configuring the USB Defender Local Policy Tool."

Does LEM support other databases? If so, do you happen to know which ones?

Not at this time.

If we have several user using LEM is it possible to change each user view and dashboard, or do we all use the same?

Users can customize their LEM Console, and those customizations are saved in their Windows profile. They can change the layout of their graphical dashboard view (Ops Center), the conditions of their real-time filters (Monitor), and the parameters of their saved searches (nDepth). Administrators can also limit such changes by user role. Currently there are two user roles that can access the LEM Console, but are limited to read-only access: Monitor and Guest.

Thanks again for all of your questions. If you'd like me to get you in touch with a Sales Engineer, just let me know.

Thanks Phil,

Your answer is very helpful to first-timers like me..:)