Cloud // Cloud Storage
10:45 AM

2 Log Managers Show State Of The Art

LogLogic's LX2010 appliance aces a variety of tasks; LogRhythm has the edge in compliance features.

There has been explosive growth in the log management market for a couple of reasons. One is the overwhelming complexity of deciphering log data from hundreds or thousands of nodes. Regulatory compliance is another major driver. We took a close look at two log management appliances, LogLogic's LX2010 and LogRhythm 4.0, to see how they stacked up.

LogLogic's LX2010
On the whole, we were very impressed with the LX2010, but it's expensive compared with LogRhythm and others.

IT managers--and system admins, for that matter--hate logs, because they seemingly go on forever and often provide an overabundance of useless information. Administrators get lost looking for one or two important log entries scattered through a log file with tens of thousands of entries. LogLogic's simple-to-use Boolean search capabilities can help find that needle in a haystack.

InformationWeek Reports

We tested LogLogic's LX2010, a dual-processor, 2U appliance that comes fully equipped with 2 TB of internal storage (RAID-10), dual power supplies, two bonded Gigabit NICs for log collection, and a 10/100 port for the Web-based management user interface. The 2010 can be deployed as a centralized solution for small and midsize businesses, but it's often deployed as a remote-office log collector in a hub-and-spoke configuration, with the flagship ST2010 or ST3010 appliance serving as the hub.

As an intelligent syslog server, the 2010 automatically detected and categorized incoming logs as we configured each of 10 Cisco PIX firewalls to connect to the LogLogic 2010. To ship our Windows server logs over to the 2010, it was necessary to install a LogLogic proprietary version of Lasso, an open source-based product that was built as a gateway between Microsoft's event-logging format and syslog. Once complete, the 2010 automatically recognized and grouped all the server log data accordingly.

Hone deletion and retention policies and tools to stay compliant without swamping your systems.
Collecting log data in and of itself is useless without a powerful reporting and database engine, and that's where the LX2010 packs a wallop. Using simple SQL commands, for example, an administrator can do an enterprise-wide search of any failed attempts to use root or administrator-level credentials to gain access to a system. The query can be run against a group or routers, firewalls, servers, or everything simultaneously.

The 2010 isn't a security event manager, or SEM, per se, but it can be configured to alert IT in the event of a failed condition, so in a way it can perform some of the same core functions of a good SEM. Ad hoc reports can be e-mailed or saved to CSV and/or PDF formats for easy distribution to management. We also loved the way the 2010 aggregated all of our PIX firewall logs and aggregated all connection information, including which hosts were talking to which, on what port, and at what time.

Ready for the sticker shock? The fully loaded LX2010 we tested lists for $68,995. The lower-end LX series, which is limited to 1,024 log sources and 1,000 log messages per second, lists for $14,995.

-- Randy George

CLAIM:  LogLogic aims to deliver a new level of visibility, reporting, and analytics to the massive number of logs that are typically distributed among a wide range of enterprise IT systems. Using a simple yet powerful LogLogic reporting engine that's well suited for forensic and troubleshooting chores, administrators can locate important information often contained in logs that would otherwise be difficult to find through manual searches.

CONTEXT:  LogLogic, LogRhythm, TriGeo, and Q1 Labs are among the top players in the enterprise log management space. Among pure-play log management vendors, LogLogic is widely accepted as the best-of-breed solution in this category.

CREDIBILITY:  LogLogic delivers a terrific log management solution that also can be used as a rudimentary security event manager. The appliance's simple yet powerful reporting engine makes complex log searches almost routine. As tested, however, the LX2010 is a tad pricey, with a list-price sticker of $68,995. The entry-level LX starts at $14,995.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 24, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.