1 Reply Latest reply on Dec 16, 2013 8:22 AM by curtisi

    LEM vs. Kiwi

    robspangler

      Greetings!

      This is a simpleton question, and I think I know the answer to this already, but I'm under a crunch and don't have the luxury of time to actually look for myself, so thank you in advance...   :-)

       

      We've been using Kiwi Syslog and Log Viewer, but recently purchased LEM and are in the process of learning and setting it up.  Meanwhile, my license for Kiwi has come due so I need to determine whether I need to renew it or not...

       

      My understanding of LEM is that it does everything that Kiwi does and a whole lot more, so my question is:  Do I need to keep Kiwi Syslog or can I completely replace it with LEM?  Also, is there any benefit to keeping Kiwi Log Viewer if everything is stored in and accessed through LEM?

       

      Thanks for your help with this!

      -Rob

       


        • Re: LEM vs. Kiwi
          curtisi

          I don't think this is a simpleton question!  I don't think it has a simple answer, either.

           

          It's true that the LEM can do a lot of things that Kiwi can't.  LEM's strengths include normalizing the log data, correlating the logs and the ability to respond to events.  Kiwi doesn't have an active response component and doesn't do correlations.

           

          However, Kiwi and LEM can work together.  There's been a few threads where the topic is "distributed LEM."  If you have a lot of nodes, or a complex network topology, you can use Kiwi as a route point: devices log to Kiwi, and Kiwi forwards to LEM.  This can be a powerful way to cut traffic, since Kiwi can do some filtering and send only desirable data to the LEM.

           

          So it's complicated, and whether LEM + Kiwi makes sense will depend on your network topology and business needs.