3 Replies Latest reply on Nov 6, 2012 11:08 PM by byrona

    LEM v. EventSentry

    nrms

      So I've just been handed contro of an old installation of EventSentry to try and kick into shape. However, as the company's SolarWinds bod as well I am tempted to try and persuade them to splash out on the SolarWinds LEM instead. I'm already not liking bits of EventSentry, so I already have a few ideas with which to go with, but the biggest concern I have is that the comparable licence with LEM is 3 times that of EventSentry (which we purchased some time ago I should add). I suspect one of the biggest blocks I may have is trying to justify the extra cost.

       

      I don't suppose there are any comprehensive comparrisons between the 2 products, or experiences of others out there I can use to try and strengthen my case?

        • Re: LEM v. EventSentry
          nicole pauls

          Hey nrms, if any of those nodes you want to monitor are workstations, we do have separate (lower) pricing for them that you can take advantage of.

           

          We don't have a comparison, but generally with the event logging-centric products, what we see is that they are lacking in the more robust correlation, search, and monitoring features that come with a holistic network view. They have historically focused on event logs/operating system data and application, security, and network device data suffer for it.

           

          Hopefully someone who has used both can chime in.

            • Re: LEM v. EventSentry
              nrms

              Hi Nicole,

              Sadly they're all servers.

              The search/report functionality is one of the weakest parts I've seen in EventSentry. I want to be able to write a report for the user's who have logged into a server, but I want to use wildcards in the user ID. For some reason, EventSentry will only let me do all users, or I have to select individual users from a drop down. Not really user friendly.

               

              I also want a simple way to create alerts if a Windows Service isn't running, as well as logging. EventSentry has a very convoluted way of doing this - have to log the situation to an event log, and then have an event log monitor that looks for that event and then sends the email. (As it is, I'm setting this up in SolarWinds SAM at the moment, but it's another dis-proof of concept in EventSentry, and given this is needed for compliance tracking, I'd rather have it in a logging system as well as email alerts; and I'd rather have it do it all from one package to simplify management in the future.)

                • Re: LEM v. EventSentry
                  byrona

                  While I don't have any experience with EventSentry, I have worked with both LEM and SAM.  I personally think that using logs for monitoring the status of services isn't very effective, SAM is a much better system for this because it's active and stateful.  On the other hand, LEM's correlation engine is very powerful and does great with things such as user login events.  LEM is also great for doing ad-hoc historical searches with nDepth and can be exported to a PDF for a report.  I personally don't care much for the LEM reporting via their reporting tool but I think that will be improved going forward.

                   

                  Hope this helps!