LogLogic's LX2010 appliance aces a variety of tasks; LogRhythm has the edge in compliance features.
There has been explosive growth in the log management market for a couple of reasons. One is the overwhelming complexity of deciphering log data from hundreds or thousands of nodes. Regulatory compliance is another major driver. We took a close look at two log management appliances, LogLogic's LX2010 and LogRhythm 4.0, to see how they stacked up.
On the whole, we were very impressed with the LX2010, but it's expensive compared with LogRhythm and others.
IT managers--and system admins, for that matter--hate logs, because they seemingly go on forever and often provide an overabundance of useless information. Administrators get lost looking for one or two important log entries scattered through a log file with tens of thousands of entries. LogLogic's simple-to-use Boolean search capabilities can help find that needle in a haystack.
We tested LogLogic's LX2010, a dual-processor, 2U appliance that comes fully equipped with 2 TB of internal storage (RAID-10), dual power supplies, two bonded Gigabit NICs for log collection, and a 10/100 port for the Web-based management user interface. The 2010 can be deployed as a centralized solution for small and midsize businesses, but it's often deployed as a remote-office log collector in a hub-and-spoke configuration, with the flagship ST2010 or ST3010 appliance serving as the hub.
As an intelligent syslog server, the 2010 automatically detected and categorized incoming logs as we configured each of 10 Cisco PIX firewalls to connect to the LogLogic 2010. To ship our Windows server logs over to the 2010, it was necessary to install a LogLogic proprietary version of Lasso, an open source-based product that was built as a gateway between Microsoft's event-logging format and syslog. Once complete, the 2010 automatically recognized and grouped all the server log data accordingly.
STILL SAVING EVERYTHING?
Hone deletion and retention policies and tools to stay compliant without swamping your systems.
Collecting log data in and of itself is useless without a powerful reporting and database engine, and that's where the LX2010 packs a wallop. Using simple SQL commands, for example, an administrator can do an enterprise-wide search of any failed attempts to use root or administrator-level credentials to gain access to a system. The query can be run against a group or routers, firewalls, servers, or everything simultaneously.
The 2010 isn't a security event manager, or SEM, per se, but it can be configured to alert IT in the event of a failed condition, so in a way it can perform some of the same core functions of a good SEM. Ad hoc reports can be e-mailed or saved to CSV and/or PDF formats for easy distribution to management. We also loved the way the 2010 aggregated all of our PIX firewall logs and aggregated all connection information, including which hosts were talking to which, on what port, and at what time.
Ready for the sticker shock? The fully loaded LX2010 we tested lists for $68,995. The lower-end LX series, which is limited to 1,024 log sources and 1,000 log messages per second, lists for $14,995.
LogLogic aims to deliver a new level of visibility, reporting, and analytics to the massive number of logs that are typically distributed among a wide range of enterprise IT systems. Using a simple yet powerful LogLogic reporting engine that's well suited for forensic and troubleshooting chores, administrators can locate important information often contained in logs that would otherwise be difficult to find through manual searches.
LogLogic, LogRhythm, TriGeo, and Q1 Labs are among the top players in the enterprise log management space. Among pure-play log management vendors, LogLogic is widely accepted as the best-of-breed solution in this category.
LogLogic delivers a terrific log management solution that also can be used as a rudimentary security event manager. The appliance's simple yet powerful reporting engine makes complex log searches almost routine. As tested, however, the LX2010 is a tad pricey, with a list-price sticker of $68,995. The entry-level LX starts at $14,995.
Google in the Enterprise SurveyThere's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity products, and 69 percent cite Google Apps' good or excellent mobility. But progress could still stall: 59 percent of nonusers distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.