What is our primary use case?
Our primary use case was to catch malicious activity happening inside our organization.
What is most valuable?
As the name suggests, it's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data. The search operations are very fast, and you can get reports very easily for a huge number of events. You can export the search operations. It's very easy when you want to further forward the logs as well. For example, from the end device if I'm receiving logs in an outside logger and I want to forward those to some other product, which will do something for me, I can easily do it. That's one thing that I like about it.
What needs improvement?
It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult. There is a storage problem, and some improvement can be made at the search mechanism. If you want to do a search, then you have to obtain a couple of criteria to get the exact amount of data. Let's say you have hundreds and thousands of servers in your environment, which will ultimately populate billions of events in a single day, especially the network devices. In this case, if you want to search a specific event, you have to be very, very specific with that query. That's something that can be generalized a bit. Apart from that, it's a very complex tool and is not easy to implement and maintain. It requires a dedicated team. Another thing that I think can be improved is the performance issue. When you are ingesting data in ArcSight and also you are forwarding the data from ArcSight to some other products, I have seen some performance issues. ArcSight, does not perform well in this case. It takes time to process the data. The load is too much. At times, the logger crashes. The UI can be improved as well.
For how long have I used the solution?
I used it for close to two years.
Buyer's Guide
Log Management
June 2022
Find out what your peers are saying about Micro Focus, Elastic, Splunk and others in Log Management. Updated: June 2022.
610,336 professionals have used our research since 2012.
What do I think about the stability of the solution?
The overall stability is good, and I'd rate it as fine.
What do I think about the scalability of the solution?
To scale it, it again comes down to how are you using it. You need to identify the areas which are taking too much load or requiring too many resources from the logger. Area identification needs to be there. Once you do that, then it is easier to scale. If you are not looking at the right place, then it would be difficult to scale because the bigger the organization, the bigger is the architecture of ArcSight Logger. This is because you need to have multiple loggers so that ArcSight Logger can withhold all the data that I want to feed into it. We had 20 to 30 users who used ArcSight Logger logger on a daily basis.
How are customer service and support?
Technical support is good. Depending on the agreement with the vendor, such as gold support, platinum support, etc., the support can differ. However, overall, it is good.
How was the initial setup?
The initial setup is complex.
What about the implementation team?
We got help from the vendor during implementation. Without the vendor's help, I would say it's very, very difficult to implement ArcSight Logger and maintain. It's a very complex tool, so we need to have vendor support for implementation.
What's my experience with pricing, setup cost, and licensing?
It's not cheap at all as it's a big product and has been in the market for quite some time now.
What other advice do I have?
I would recommend ArcSight Logger and rate it at seven on a scale from one to ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.