I said yes and Splunk answered no and said more
SolarWinds LEM is not intended to be an enterprise solution. It can be useful if you use Cisco ASA's, and Cisco switches and routers, but be careful, some devices need to be changed from logging facility 6 (default). I would go with Splunk for a large deployment, or maybe Alienware for a small deployment. Just put tour connectors/sensors on the critical assests directly, and log network and IPS traffic via Syslog to the SEIM. Then it really doesn't matter where you put the SEIM hardware, as long as FW's are set to allow traffic to and from sensors' to the correlation engine. Let me know if that answers your question.
Thanks,
Jeff
This is true?