We are evaluating LEM as a possible replacement for our Juniper STRM syslog appliance. We would be using it for basic log aggregation, monitoring and reporting. So far I like the basics of the LEM interface, but I must be missing something because creating a basic filter seems like calculus.
As an example, I just want to search or filter the monitor for a source or destination IP address. Right now I have only one ASA appliance sending logs to LEM and all I want to do is find traffic to/from a certain IP. We do this in STRM all the time for diagnosing problems and it's a 2 click, 5 second process. How the heck do you do this in LEM?
Also, if anyone has gone from STRM or something similar to LEM I would love to hear the pros/cons of the switch.
Thanks in advance.