NetWitness Platform vs syslog-ng comparison

NetWitness and One Identity are both solutions in the Log Management category. NetWitness is ranked #22 with an average rating of 7.6, while One Identity is ranked #19 with an average rating of 9.3. NetWitness holds a 0.3% mindshare in Log Management, compared to One Identity’s 2.5% mindshare. Additionally, 75% of NetWitness users are willing to recommend the solution, compared to 100% of One Identity users who would recommend it.

NetWitness Platform

Read 37 NetWitness Platform reviews

768 Views
480 Comparison Views

75% willing to recommend

syslog-ng

Read 5 syslog-ng reviews

4,498 Views
3,635 Comparison Views

100% willing to recommend

NetWitness Platform

syslog-ng

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 9, 2024

NetWitness Platform and syslog-ng are key players in network security and log management. User reviews indicate NetWitness Platform is favored for its pricing and support, although syslog-ng remains a top choice for its features.

Features: NetWitness Platform's versatility enhances corporate integration, offering seamless analytics and monitoring capabilities. It provides effective threat detection and user-friendly interfaces, making it adaptable across industries. Syslog-ng is robust in log management, offering exceptional customization options. Its flexibility ensures tailored solutions, making it suitable for varied network architectures.

Room for Improvement: NetWitness Platform could use more intuitive workflows and expanded documentation for easier user experiences. There's potential for improved integration with third-party solutions and enhancements in reporting capabilities. Syslog-ng needs better scaling options to handle increasing data volumes effectively. Improving error handling and streamlining configuration processes would aid user efficiency.

Ease of Deployment and Customer Service: NetWitness Platform benefits from a straightforward deployment process and responsive customer service, making it user-friendly. Users find its support comprehensive, addressing queries efficiently. In contrast, syslog-ng's deployment is often seen as complex, but users value the extensive online community and resources available, aiding in troubleshooting and learning.

Pricing and ROI: NetWitness Platform's pricing structure is perceived as accessible, aligning with expected ROI for budget-conscious buyers. The transparent model is appreciated for predictable costs. Syslog-ng is considered pricey by some, though its advanced functionalities justify the investment. The balance between cost and feature value is pivotal for financial decision-making.

To learn more, read our detailed NetWitness Platform vs. syslog-ng Report (Updated: April 2025).

Buyer's Guide

NetWitness Platform vs. syslog-ng

April 2025

Download the complete report

Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness Platform

Ranking in Log Management

22nd

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (22nd)

syslog-ng

Ranking in Log Management

19th

Average Rating

8.6

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of May 2025, in the Log Management category, the mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. The mindshare of syslog-ng is 2.5%, down from 2.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Featured Reviews

MdZaman

IT manager at a agriculture with 10,001+ employees

Really scalable for enterprise customers

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Read full review

RyanVargas

Senior Director and Senior Systems Engineer (Dual Role), IT Infrastructure and Security at a financial services firm with 51-200 employees

It's a user-friendly open-source solution that can replace or augment a commercial product in some cases

I rate syslog-ng 10 out of 10. It's free and easy to use. It has built-in tools that help us index the various logs sent to it. It's a solid log product. If you're looking for a SIEM solution, syslog-ng will work as a stopgap measure at beginning of the project. It can also work as an injector for a true SIEM solution. You can send all the logs to syslog-ng and forward all the data to the SIEM solution after you've cleaned up the data and got the pertinent information. It's a good front end for a commercial SIEM solution, which becomes more expensive as you load more data into it. I would highly recommend syslog-ng for that use case. However, if you lack the expertise, you might need to go with a cloud-based SIEM instead. You need some in-house expertise or an outside consultant to manage it and set it up.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"NetWitness Platform is valuable for creating rules that the solution must detect."

"Offers a good wireless feature."

"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."

"The newer 11.5 version that my team is using has found it to have good mapping."

"The most valuable feature is the hunting ability to work in a CERT."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"The solution is really scalable for the high-end power, enterprise customer."

"It's quite economical compared to other solutions in the market."

More NetWitness Platform pros

"For us, the most valuable feature is the use of compound search for searching logs at a specific time, by a specific user, or specific behavior."

"Syslog-ng provides easy access to all my logs. It helps me show managers and other clients precisely where an incident occurred. I also like it because you can integrate syslog-ng with multiple solutions to allow real-time monitoring."

"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."

"The ability to extract and store the logs is the most valuable feature of syslog-ng."

"Syslog-ng has a separate config file in addition to the core configuration."

Cons

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."

"The initial setup is very complex and should be simplified."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

More NetWitness Platform cons

"The filtering has room for improvement."

"There is room for improvement in terms of observability."

"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."

"There is always the potential for additional integration and protocol extensions."

"It's hard to find people who know how to use syslog-ng. I often find problems with configurations, and solutions aren't integrated correctly with syslog-ng. For example, there might be data with extra decimals, or the collector agents are incorrectly named. It isn't a problem with the solution; it's a lack of professionals."

Pricing and Cost Advice

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"The product price was reasonable for my region and the market."

"This is a pricey solution; it's not cheap."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The product is expensive."

"We are on an annual license for the use of the solution."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"Compared to the competition, the is price is not that high."

More NetWitness Platform pricing and cost advice

"Syslog-ng is a free open-source solution."

"Syslog-ng is open-source."

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

850,028 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

18%

Government

Insurance Company

Government

13%

Computer Software Company

13%

Financial Services Firm

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

What do you like most about syslog-ng?

For us, the most valuable feature is the use of compound search for searching logs at a specific time, by a specific user, or specific behavior.

See all answers

What is your experience regarding pricing and costs for syslog-ng?

The pricing is in the middle. I would rate the pricing a six out of ten, with one being expensive and ten being cheap.

See all answers

What needs improvement with syslog-ng?

There is room for improvement in terms of observability. Additionally, a possible new feature could be Kafka integration.

See all answers

Comparisons

Splunk Enterprise Security vs NetWitness Platform

Compared 28% of the time

IBM Security QRadar vs NetWitness Platform

Compared 18% of the time

Elastic Security vs NetWitness Platform

Compared 14% of the time

Trellix Network Detection and Response vs NetWitness Platform

Compared 11% of the time

RSA enVision vs NetWitness Platform

Compared 10% of the time

More NetWitness Platform Competitors

Graylog vs syslog-ng

Compared 30% of the time

SolarWinds Kiwi Syslog Server vs syslog-ng

Compared 26% of the time

Grafana Loki vs syslog-ng

Compared 13% of the time

Elastic Stack vs syslog-ng

Compared 5% of the time

Cribl vs syslog-ng

Compared 4% of the time

More syslog-ng Competitors

Product Reports

Buyer's Guide

NetWitness Platform

April 2025

Download NetWitness Platform product report

Buyer's Guide

Log Management

April 2025

Download syslog-ng product report

Also Known As

RSA Security Analytics

No data available

Overview

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Optimizing SIEM
syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM.

Rapid search and troubleshooting
With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs.

Meeting compliance requirements
syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance.

Big data ingestion
syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others.

Universal log collection and routing
syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management.

Secure data archive
syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

One Identity

Sample Customers

Los Angeles World Airports, Reply

Tecnocom, University of Victoria, University of Exeter, Datapath

Buyer's Guide

NetWitness Platform vs. syslog-ng

April 2025

Free Report: NetWitness Platform vs. syslog-ng

Find out what your peers are saying about NetWitness Platform vs. syslog-ng and other solutions. Updated: April 2025.

DOWNLOAD NOW

850,028 professionals have used our research since 2012.

See our NetWitness Platform vs. syslog-ng report.

See our list of best Log Management vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.