ArcSight Logger Reviews

Name: ArcSight Logger
Brand: OpenText
Rating: 3.9 (32 reviews)

3.9 out of 5

32 reviews
81% willing to recommend

What is ArcSight Logger?

HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.

Get the ArcSight Logger Buyer's Guide and find out what your peers are saying about ArcSight Logger, Wazuh, Dynatrace and more!

ArcSight Logger is the #24 ranked solution in Log Management Software. PeerSpot users give ArcSight Logger an average rating of 7.8 out of 10. ArcSight Logger is most commonly compared to Wazuh: ArcSight Logger vs Wazuh. ArcSight Logger is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.

Helped 860,825 peers since 2012

Featured ArcSight Logger reviews

Nagendra Nekkala.

Senior Manager ICT & at Bangalore International Airport Limited

The technical support team is very slow. The support persons do not take prompt action. They take too much time to implement new changes. Even if we tell them that we are not able to get critical logs, they take almost three to four days to provide a resolution. The support is not good.

Read full review

Geraldo Freitas

Analista de TI - suporte a redes e segurança at Tribunal de Contas da União

Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.

Read full review

Ben Nnatuanya

Manager, Security Operations Centre at Phillips Consulting Limited

We primarily use it in our site for compliance. The machine learning is a good feature. The next release should have AI capabilities. I have been using ArcSight Logger for 4 years. The initial setup is straightforward. Overall, I rate the product a 6 out of 10. On-premises

Read full review

ArcSight Logger mindshare

As of July 2025, the mindshare of ArcSight Logger in the Log Management category stands at 0.7%, down from 1.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Log Management

PeerResearch reports based on ArcSight Logger reviews

Type	Title	Date
Category	Log Management	Jul 9, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 9, 2025	Download
Comparison	ArcSight Logger vs Wazuh	Jul 9, 2025	Download
Comparison	ArcSight Logger vs Splunk Enterprise Security	Jul 9, 2025	Download
Comparison	ArcSight Logger vs Datadog	Jul 9, 2025	Download

Title	Rating	Mindshare	Recommending
Wazuh	3.7	13.7%	80%	48 interviews Add to research
Dynatrace	4.4	5.1%	95%	347 interviews Add to research

Valuable Features

ArcSight Logger offers scalability, flexible log collection options, real-time awareness, efficient query capabilities, and excellent device support with multi-tenancy. It provides detailed event visibility, robust log management, and advanced security analytics. Its user-friendly interface allows for complex queries and customization. Additionally, it offers strong data retention and compliance features, integration with SIEM tools, and efficient machine learning for threat detection. Users appreciate its performance, powerful searching tools, and comprehensive log aggregation capabilities.

"ArcSight Logger is very stable and useful for customers."
"ArcSight Logger is very stable and useful for customers."
"We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist."

Room for Improvement

ArcSight Logger needs improvement in user interface simplicity, speed, and adaptability. Users find it challenging to navigate and suggest enhancing the dashboard and search functionality. They note the lack of advanced features like AI, analytics, and integration with other systems. The platform's complexity requires specialized expertise. Users also criticize its outdated nature, limited reporting abilities, and inadequate connector support. They express concerns about its high cost and reduced technical support quality after corporate changes.

"They are migrating to Splunk because ArcSight Logger doesn't have those features for user or customer behavior analysis."
"ArcSight Logger doesn't have features for user or customer behavior analysis."
"ArcSight has been sold two or three times, and the quality has decreased."

ROI

ArcSight Logger improved operational efficiency by making log collection and fraud investigation more seamless. Users reported decreased operational time and described the tool as cost-effective with a positive return over the past year, especially when addressing enterprise requirements for log management and SIEM. One challenge noted was its expense, with licensing covering only essential servers. Professional services were suggested for effective deployment, further enhancing resource use from the start.

Pricing

ArcSight Logger pricing is perceived as costly compared to competitors, but its features justify the expense for many. Users suggest preparing for unexpected incidents by acquiring extra licenses. Pricing structures include annual subscriptions, three-year terms, and lifetime licenses, with some preferring the latter to avoid recurring fees. Licensing is considered complex, with setup challenges noted. Despite cost concerns, many find the investment worthwhile for its capabilities, although exploration of alternatives like ArcSight Recon is ongoing.

"We have a lifetime license, so we don't pay a monthly fee."
"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."

Popular Use Cases

Organizations use ArcSight Logger primarily for log management, including data retention, query execution, and incident response. It monitors perimeter defenses, security events, and collects logs for compliance. It manages logs from IT assets, networks, databases, and servers. Additionally, it integrates with SIEM tools and applications for fraud prevention and alert management. Its on-premise deployment is favored for firewall and Windows events, facilitating log archiving and structured long-term storage.

Service and Support

ArcSight Logger support varies; some find it efficient, praising knowledgeable and cooperative teams, while others note delays and lack of reactivity. Users mention the community helping more in emergencies. Technical expertise is sometimes found lacking after company changes. They provide timely responses, yet deployment support and critical log issue handling could improve. Disruptions from personnel shifts occur but are managed. Some rely on partners for enhanced assistance with implementation and configuration challenges.

Deployment

ArcSight Logger's initial setup can be perceived differently. Some found it straightforward, especially with the appliance version, while others experienced complexity due to multiple components and specific network requirements. Proper training and documentation were key factors in easing the complexity. Deployment time varied, with some installations taking hours and others extending to several weeks. Integrating with existing systems and ensuring data privacy required additional effort, which added to the overall complexity for some users.

Scalability

ArcSight Logger demonstrates robust scalability for larger organizations, accommodating high volumes of data and users efficiently. However, smaller entities may encounter challenges, requiring specific configurations to enhance performance. Adding connectors and expanding resources positively influence its operations. Organizations needing to integrate extensive infrastructure appreciate its user-friendly licensing model. While the impact on digital transformation is noted, some users experience operational difficulties, conflicting data management, and complex storage requirements. Flexibility appears crucial in optimizing ArcSight Logger in diverse environments.

Stability

Users report that ArcSight Logger is generally stable with occasional issues. Some experience stability when using smart connectors, while others note rare problems during upgrades or under heavy loads like DDoS attacks. The system's reliance on Java and console-related concerns prompts some users to suggest further improvements. In most cases, ArcSight Logger is seen as reliable with few crashes and bugs, maintaining functionality across different circumstances. Stability ratings vary, but many rate it positively.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our ArcSight Logger Buyer's Guide for additional reliable information.