Hey nrms, if any of those nodes you want to monitor are workstations, we do have separate (lower) pricing for them that you can take advantage of.
We don't have a comparison, but generally with the event logging-centric products, what we see is that they are lacking in the more robust correlation, search, and monitoring features that come with a holistic network view. They have historically focused on event logs/operating system data and application, security, and network device data suffer for it.
Hopefully someone who has used both can chime in.
Sadly they're all servers.
The search/report functionality is one of the weakest parts I've seen in EventSentry. I want to be able to write a report for the user's who have logged into a server, but I want to use wildcards in the user ID. For some reason, EventSentry will only let me do all users, or I have to select individual users from a drop down. Not really user friendly.
I also want a simple way to create alerts if a Windows Service isn't running, as well as logging. EventSentry has a very convoluted way of doing this - have to log the situation to an event log, and then have an event log monitor that looks for that event and then sends the email. (As it is, I'm setting this up in SolarWinds SAM at the moment, but it's another dis-proof of concept in EventSentry, and given this is needed for compliance tracking, I'd rather have it in a logging system as well as email alerts; and I'd rather have it do it all from one package to simplify management in the future.)
While I don't have any experience with EventSentry, I have worked with both LEM and SAM. I personally think that using logs for monitoring the status of services isn't very effective, SAM is a much better system for this because it's active and stateful. On the other hand, LEM's correlation engine is very powerful and does great with things such as user login events. LEM is also great for doing ad-hoc historical searches with nDepth and can be exported to a PDF for a report. I personally don't care much for the LEM reporting via their reporting tool but I think that will be improved going forward.
Hope this helps!