ELM Enterprise Manager architecture diagram illustrating ELM Server, ELM Console, ELM Dashboard, Databases and Agents with Licenses.

The ELM Enterprise Manager architecture includes five highly specialized components:

ELM Server

The central processing engine for ELM Enterprise Manager is the ELM Server. It performs all the heavy lifting for automated event log management and Windows Server monitoring. The operations include:

  • Receiving and processing all of the data from Windows systems and Syslog/SNMP supported devices.
  • Inserting data and managing the databases.
  • Interfacing with the Agents to update configurations.
  • Launching notification and actions.
  • Controlling Licensing.

With this centralized architecture, the majority of the resources required to provide real-time monitoring, alerting and reporting are efficiently localized at the ELM Server.

ELM Console

The ELM Console is the primary user interface for the ELM Sever.  It provides easy access to all configurations and database settings.  In addition, the ELM Console presents the event data as filtered Views and Reports.

For ease of use, the ELM Console is a Microsoft Management Console snap-in.  The familiar tree structure and “right click” methodologies flatten the learning curve and accelerates the time to value.

ELM Dashboard

The ELM Dashboard provides a dynamic graphical summary of the health and status of all monitored Windows systems. When implemented on a system administrators workstation or a central monitor in an operations center, it displays alerts and key bottleneck metrics. In addition, a filterable event log provides an efficient drill down mechanism for each monitored system.


The ELM Agent performs all the local functions on the monitored system. This small footprint set of binaries provides a secure and efficient mechanism for automated event log management and Windows Server monitoring.

The primary functions of the Agents include:

  • Real-time collection of the Windows event logs.
  • Pre-filtering to reduce bandwidth, processing cycles and database storage costs.
  • Scheduled collection of performance and status data.
  • Encryption of data prior to transmitting it across the network.
  • Secure data caching independent of the local Windows event log system.
  • Execution of local actions directly on the host system.

The Licenses are the commercial component of the ELM Enterprise Manager.   They are functional sets of Collectors, Monitors and Receivers grouped to support specific objectives and price points.  When a License is assigned to an Agent, it controls which data sets they can collect. With this Agent/License relationship, multiple License Types can be used within a single ELM deployment.


For resiliency and responsiveness, ELM supports three databases. 

  1. The Primary Database receives data in real-time directly from the ELM Server.
  2. When the Primary is unavailable, the data is inserted into a Failover Database. Once the Primary database has returns to full operation, the Failover data is merged in the Primary database.
  3. The Archive Databases store long term data for support of compliance reporting and security policies.

All three of these databases require Microsoft SQL Server.  The Primary and Archive Databases are typically installed in the same instance on the user provided database server. The Failover Database can be configured to take advantage of the runtime database installed with the ELM Server.