At a high level, the process of handling a fault breaks down into four steps:
- Find it
- Fix it
- Diagnose the root cause
- Prevent the fault from happening again
A highly recommended solution to make fault identification and prevention simple is using Security Information and Event Management (SIEM) technology. The log and event analysis features of a SIEM can provide a comprehensive strategy for fault diagnosis and prevention.
SolarWinds Log & Event Manager is a fully-functional SIEM designed to make diagnosing network fault a quick and easy task. Log & Event Manager automates collecting, analyzing, and diagnosing log data to help you find, fix, diagnose, and prevent network fault.
You can download a fully functional, FREE, 30-day trial of Log & Event Manager from here.
Log & Event Manager helps you with the difficult task of knowing where to start looking. The good news is that all parts of your infrastructure such as the operating system, network equipment, and even application software generates log files that can provide information that you can use to locate the problem.
Where Log & Event Manager can help is by correlating the log data with detected anomalies and issues in your infrastructure and then present them in an easy-to-understand format with clearly defined actions. After all, if you knew what to look for, you wouldn't need a log and event management product.
Once you have identified the when and where of your infrastructure issues, you need to determine how best to fix it. Log & Event Manager will provide immediate or automated corrective actions such as: quarantining infected machines; blocking IP addresses; disabling user accounts; killing unauthorized processes; restarting services; and more.
DIAGNOSE THE ROOT CAUSE
Your IT infrastructure can be large and complex with many interconnected elements so, once you have found and fixed the problem, you need to know that you have identified the root cause so it can be prevented in the future.
Log & Event Manager provides the ability to conduct deeper analysis of the log data through ad-hoc searches and detailed forensic analysis on events.
PREVENT THE FAULT FROM HAPPENING AGAIN
Once you have resolved a problem for the first time, there is a good chance that either you or management will want to know that the problem won't occur again or that you will be better prepared next time it happens.
Log & Event Manager assists in both fault prevention and fault handling by allowing you to create rules for common conditions and correlating those in real-time so you get immediate visibility into potential issues. Examples of correlation rules may include: verify that a firewall is working by measuring flows against a specific pattern; looking for SNMP polling alerts; or looking for application failure logs on your Windows server.
Alerts and automated responses provide a mechanism for immediate action, thereby reducing potential downtime. Log & Event Manger will monitor for specific log messages alert you with action items. Examples of alerts and actions may include: send an alert to the help desk or system operations center with a custom message that helps with the cause of the problem; or to notify and then restart a service or application.
Benefits of using SolarWinds Log & Event Manager
- Virtual appliance means you're up and running faster – You don't have all day to wait for a new system to be installed. Because Log & Event Manager is a virtual appliance you can download and start analyzing your logs in under an hour.
- Know immediately when issues occur – Log & Event Manager includes a patented correlation engine that is real-time, in-memory, and multi-dimensional which means you'll know immediately if there is an issue in your infrastructure.
- Visual search for quicker troubleshooting – Log & Event Manager's advanced IT search functionality is built around a point-and-click graphical web interface that allows you to explore your data visually.
- Built-in automated responses - Log & Event Manager provides a library of built-in active responses which allows you to execute automated responses to mitigate threats and respond to security, operational, and policy-driven events.
- Point-and-Click, Drag-and-Drop – The graphical user interface of Log & Event Manager makes it easy to sort through logs from hundreds of devices. The drag-and-drop feature will save you countless hours when building rules, creating custom filters, or simply exploring data.
Download a fully functional, FREE, 30-day trial and see how SolarWinds LEM can be the foundation for your fault diagnosis and prevention.