• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 23 subscribers
  • Views 355 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

LEM v. EventSentry

nrms

So I've just been handed contro of an old installation of EventSentry to try and kick into shape. However, as the company's SolarWinds bod as well I am tempted to try and persuade them to splash out on the SolarWinds LEM instead. I'm already not liking bits of EventSentry, so I already have a few ideas with which to go with, but the biggest concern I have is that the comparable licence with LEM is 3 times that of EventSentry (which we purchased some time ago I should add). I suspect one of the biggest blocks I may have is trying to justify the extra cost.

I don't suppose there are any comprehensive comparrisons between the 2 products, or experiences of others out there I can use to try and strengthen my case?

  • FormerMember
    0 FormerMember

    Hey nrms, if any of those nodes you want to monitor are workstations, we do have separate (lower) pricing for them that you can take advantage of.

    We don't have a comparison, but generally with the event logging-centric products, what we see is that they are lacking in the more robust correlation, search, and monitoring features that come with a holistic network view. They have historically focused on event logs/operating system data and application, security, and network device data suffer for it.

    Hopefully someone who has used both can chime in.

  • 0 in reply to FormerMember

    Hi Nicole,

    Sadly they're all servers.

    The search/report functionality is one of the weakest parts I've seen in EventSentry. I want to be able to write a report for the user's who have logged into a server, but I want to use wildcards in the user ID. For some reason, EventSentry will only let me do all users, or I have to select individual users from a drop down. Not really user friendly.

    I also want a simple way to create alerts if a Windows Service isn't running, as well as logging. EventSentry has a very convoluted way of doing this - have to log the situation to an event log, and then have an event log monitor that looks for that event and then sends the email. (As it is, I'm setting this up in SolarWinds SAM at the moment, but it's another dis-proof of concept in EventSentry, and given this is needed for compliance tracking, I'd rather have it in a logging system as well as email alerts; and I'd rather have it do it all from one package to simplify management in the future.)

  • 0 in reply to nrms

    While I don't have any experience with EventSentry, I have worked with both LEM and SAM.  I personally think that using logs for monitoring the status of services isn't very effective, SAM is a much better system for this because it's active and stateful.  On the other hand, LEM's correlation engine is very powerful and does great with things such as user login events.  LEM is also great for doing ad-hoc historical searches with nDepth and can be exported to a PDF for a report.  I personally don't care much for the LEM reporting via their reporting tool but I think that will be improved going forward.

    Hope this helps!

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.