ArcSight Logger OverviewUNIXBusinessApplication

ArcSight Logger is the #20 ranked solution in Log Management Software. PeerSpot users give ArcSight Logger an average rating of 7.4 out of 10. ArcSight Logger is most commonly compared to Splunk: ArcSight Logger vs Splunk. ArcSight Logger is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Buyer's Guide

Download the Log Management Buyer's Guide including reviews and more. Updated: November 2022

What is ArcSight Logger?
HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.

ArcSight Logger was previously known as Micro Focus Arcsight Logger, HPE Arcsight Logger.

ArcSight Logger Customers
China Merchants Bank, Bank AlJazira, Banca Intesa
ArcSight Logger Video

ArcSight Logger Pricing Advice

What users are saying about ArcSight Logger pricing:
  • "It's not cheap at all as it's a big product and has been in the market for quite some time now."
  • "The pricing is quite harsh."
  • ArcSight Logger Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Security Professional at a tech services company with 501-1,000 employees
    Real User
    Top 10
    Has very fast search operations but is not easy to implement and maintain
    Pros and Cons
    • "It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
    • "It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."

    What is our primary use case?

    Our primary use case was to catch malicious activity happening inside our organization.

    What is most valuable?

    As the name suggests, it's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data.

    The search operations are very fast, and you can get reports very easily for a huge number of events. You can export the search operations.

    It's very easy when you want to further forward the logs as well. For example, from the end device if I'm receiving logs in an outside logger and I want to forward those to some other product, which will do something for me, I can easily do it. That's one thing that I like about it.

    What needs improvement?

    It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult.

    There is a storage problem, and some improvement can be made at the search mechanism.

    If you want to do a search, then you have to obtain a couple of criteria to get the exact amount of data. Let's say you have hundreds and thousands of servers in your environment, which will ultimately populate billions of events in a single day, especially the network devices. In this case, if you want to search a specific event, you have to be very, very specific with that query. That's something that can be generalized a bit.

    Apart from that, it's a very complex tool and is not easy to implement and maintain. It requires a dedicated team.

    Another thing that I think can be improved is the performance issue. When you are ingesting data in ArcSight and also you are forwarding the data from ArcSight to some other products, I have seen some performance issues.

    ArcSight, does not perform well in this case. It takes time to process the data. The load is too much. At times, the logger crashes.

    The UI can be improved as well.

    For how long have I used the solution?

    I used it for close to two years.

    Buyer's Guide
    Log Management
    November 2022
    Find out what your peers are saying about Micro Focus, Elastic, Splunk and others in Log Management. Updated: November 2022.
    656,862 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The overall stability is good, and I'd rate it as fine.

    What do I think about the scalability of the solution?

    To scale it, it again comes down to how are you using it. You need to identify the areas which are taking too much load or requiring too many resources from the logger. Area identification needs to be there. Once you do that, then it is easier to scale.

    If you are not looking at the right place, then it would be difficult to scale because the bigger the organization, the bigger is the architecture of ArcSight Logger. This is because you need to have multiple loggers so that ArcSight Logger can withhold all the data that I want to feed into it.

    We had 20 to 30 users who used ArcSight Logger logger on a daily basis.

    How are customer service and support?

    Technical support is good. Depending on the agreement with the vendor, such as gold support, platinum support, etc., the support can differ. However, overall, it is good.

    How was the initial setup?

    The initial setup is complex.

    What about the implementation team?

    We got help from the vendor during implementation. Without the vendor's help, I would say it's very, very difficult to implement ArcSight Logger and maintain. It's a very complex tool, so we need to have vendor support for implementation.

    What's my experience with pricing, setup cost, and licensing?

    It's not cheap at all as it's a big product and has been in the market for quite some time now.

    What other advice do I have?

    I would recommend ArcSight Logger and rate it at seven on a scale from one to ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    ShilpaSingh - PeerSpot reviewer
    Security Engineer at a tech services company with 1,001-5,000 employees
    Real User
    Top 10
    High performance, easy query creation, and straightforward documents
    Pros and Cons
    • "Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
    • "The solution could be improved in maintenance settings."

    What is most valuable?

    Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query. Additionally, it is user friendly and the automatic graph creation feature is beneficial. 

    What needs improvement?

    The solution could be improved in maintenance settings.

    Some of the additional features I would like to see in the next release is an automated dashboard of the logs that has information that is more detailed. 

    For how long have I used the solution?

    I have used this solution for one and a half years. 

    What do I think about the stability of the solution?

    It is a stable solution. 

    What do I think about the scalability of the solution?

    It is a scalable solution. 

    How are customer service and technical support?

    The technical support is very good providing accurate answers and I have never experienced problems with them.

    How was the initial setup?

    The initial setup to be straightforward, you just have to stick to the documents and it is really easy.

    What about the implementation team?

    My current deployment was not a complex environment. It was very easy to deploy and connect with the different connectors. I had deployed the solution approximately three times in my career. 

    With a complex environment, the deployment was approximately two days whereas with a really complex environment the setup would require around 15-20 connectors.

    What other advice do I have?

    I would recommend it to others because the performance of the solution is overall great. One of the significant features are its high search capacity and if you know the query language you will be more comfortable.

    I rate ArcSight Logger a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Log Management
    November 2022
    Find out what your peers are saying about Micro Focus, Elastic, Splunk and others in Log Management. Updated: November 2022.
    656,862 professionals have used our research since 2012.
    Mohammad Sabah - PeerSpot reviewer
    Senior Security Analyst at a government with 201-500 employees
    Real User
    Top 10
    It helps us monitor a massive database platform
    Pros and Cons
    • "We check a lot of logs in ArcSight Logger because we're running a massive database platform."
    • "I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."

    What is most valuable?

    We check a lot of logs in ArcSight Logger because we're running a massive database platform.

    What needs improvement?

    I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency. 

    For how long have I used the solution?

    I have been using Logger for around five years.

    What do I think about the scalability of the solution?

    The scalability is good. I built our ArcSight Logger deployment, so I will increase resources if there are any performance problems. 

    How are customer service and support?

    I haven't had many problems, but I a partner in Jordan has helped me more than the vendor.  

    Which solution did I use previously and why did I switch?

    I didn't use logging tools previously, but I used Elasticsearch to prepare to use Logger, and I have the ability to build query support in ArcSight Logger.

    How was the initial setup?

    Setting up ArcSight Logger is easy.

    What's my experience with pricing, setup cost, and licensing?

    We have a Logger license for lots of devices because our company built 5,000 CBS. 5,000 CBS. You need to buy the  ESM and Logger licenses.This is the last year we will be using ArcSight Logger. We plan to switch to Recon. We'll adopt the next-generation ArcSight tools like Recon and Transformation Hub. If the performance improves, then I have licensed 5,000 CBS. We expect to increase the licenses to 15,000 CBS and expand the scope and network. 

    What other advice do I have?

    I rate ArcSight Logger eight out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Senior Information Security Analyst – GRC at a transportation company with 1,001-5,000 employees
    Real User
    Top 10
    Expensive with poor support, but it gives us the basic information we want
    Pros and Cons
    • "ArcSight provides the basic information that we want."
    • "The integration with other systems could be improved."

    What is our primary use case?

    We have just upgraded to Splunk, so we're currently in the process of converting everything over from ArcSight to Splunk.

    What is most valuable?

    ArcSight provides the basic information that we want.

    What needs improvement?

    The support structure is not very good.

    They are not 100% up to date with the current technology.

    ArcSight does not provide the advanced details that we require.

    AI and analytics are one of the major things that are needed for better analysis.

    The integration with other systems could be improved.

    The interface could be improved with a better GUI.

    For how long have I used the solution?

    The company has been using ArcSight Logger for between six and seven years. I joined the company six months ago, which was my first experience with it.

    What do I think about the stability of the solution?

    The stability is alright.

    What do I think about the scalability of the solution?

    Scaling this product is painful.

    Staff-wise, we're not very big but scale-wise, we're right across the whole world. We operate in EMEA, Mexico, and APAC.

    How are customer service and technical support?

    We are not satisfied with the support.

    Which solution did I use previously and why did I switch?

    We are now using Splunk and are moving away from ArcSight.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is quite harsh.

    What other advice do I have?

    I would rate this solution a five out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Ademayokun Daini - PeerSpot reviewer
    Cyber Security Engineer at MTN
    Real User
    Top 10
    A helpful solution for incident response, investigations and log management

    What is our primary use case?

    Our primary use case for this solution is incident response, investigations and log management. For example, risky network communications, communications with risky countries, and VPN connections from outside the country. We deploy the solution on-premises.

    What is most valuable?

    The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable.

    What needs improvement?

    The graphics and dashboard could be improved.

    For how long have I used the solution?

    We have been using this solution for approximately four years and are currently using ArcSight 7.

    What do I think about the scalability of the solution?

    The solution is scalable, and we have approximately 6,000 machines sending logs.

    How are customer service and support?

    We have had a good experience with customer service and support.

    How was the initial setup?

    The initial setup was a little bit complex.

    What about the implementation team?

    Implementation was done in-house.

    What's my experience with pricing, setup cost, and licensing?

    The licensing costs are standard and are charged yearly.

    What other advice do I have?

    I rate this solution an eight out of ten. The solution is good, but the dashboard can be improved.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Log Management Report and find out what your peers are saying about Micro Focus, Elastic, Splunk, and more!
    Updated: November 2022
    Product Categories
    Log Management
    Buyer's Guide
    Download our free Log Management Report and find out what your peers are saying about Micro Focus, Elastic, Splunk, and more!