2015-10-25T12:49:00Z
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
  • 19
  • 94

When evaluating Log Management tools and software, what aspect do you think is the most important to look for?

Dear members, 

Let the community know what you think. Share your professional opinion!

19
PeerSpot user
19 Answers
HW
Global Enterprise Account Executive at Novacoast
User
2021-06-29T20:01:20Z
Jun 29, 2021

Understanding what your organization is capable of monitoring and responding to, even if you have all of the right tools.   Do you need to monitor 24x7? How will you escalate off hours?  Are you trying to check a box, or proactively protect your environment?  


Consider co-managed SOC services if you are not able to provide your own SOC.

Search for a product comparison in Log Management
GB
Experienced Sales Engineer Delivering Managed Cyber Security Solutions Globally with 201-500 employees
User
2020-01-21T13:04:09Z
Jan 21, 2020

Log Management should be a separate function of correlation. Correlation is best served in a SIEM tool. Analytics technology can be something that crawls your meta data to find issue, but buying a log management tool that does correlation is asking the bus boy to cook dinner. He can do it cause he is in the restaurant but doesn't mean the food will be good.

Jeff Uhlich - PeerSpot reviewer
CEO with 11-50 employees
Real User
2019-06-10T19:55:47Z
Jun 10, 2019

-Searchability
-Compression
-Encryption

RanjanSandeep - PeerSpot reviewer
Inside Sales Account Manager at McAfee
Real User
2018-04-05T19:46:14Z
Apr 5, 2018

1. Automatic Remediation
2. Co-relation Engines
3. Real Time Threat Visibilities
4. Pre-Built Dashboards

RG
CS at FM
User
2020-08-06T20:32:06Z
Aug 6, 2020

Usability, Compatibility, Integration with other solutions and Support

it_user632850 - PeerSpot reviewer
Director of Information Security at a healthcare company with 5,001-10,000 employees
Vendor
2017-03-22T22:05:29Z
Mar 22, 2017

Log compression and metadata storage capability
Ease of implementation/integration
Relational or Full Text English Query Support, Efficient Query Response
Compatibility with existing security vendors/products
Responsiveness of Tech Support and Integration Support Services
Support for breadth of security vendors and speed of new security product log integration
ID Management, Ticketing, and Geolocation Visualization Support

Learn what your peers think about Devo. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.
Vendor
2016-02-25T19:47:59Z
Feb 25, 2016

Real Time remediation
Ease of customization (collectors/connectors)
Integration with Identity management stacks (for enriched information)
Scalability (possible split between collection, correlation, remediation, reporting, ..)
No hardware constraints
PCI, SOX, ISO,.... reporting

it_user863733 - PeerSpot reviewer
User at a tech company with 51-200 employees
User
2018-04-26T21:28:48Z
Apr 26, 2018

Data Storage and Indexing analysis
Compression capabilities
Reporting and Alerting capabilities
Event Correlation capabilities
Secure data transmission between Log Collection and Storage
Built in parsers
Query speed and performance of user interface

it_user861630 - PeerSpot reviewer
Senior Network Security Engineer at Starz Entertainment
Real User
2018-04-24T16:21:25Z
Apr 24, 2018

Volume of logs (sources and size)
Storage requirements and recoverability (from archive)
Ability to integrate/forward log management into a SIEM or forward to an MSSP
Ability to selectively choose what logs and/or events are sent into the management system

it_user858429 - PeerSpot reviewer
Head, Risk and Advisory at a tech services company with 201-500 employees
Real User
2018-04-18T08:47:29Z
Apr 18, 2018

1. First is to check how the target systems are configured in terms of logs generated. i.e syslog may be disabled, apache conf etc
2. Types of logs collected
3. Log size
4. Storage and retention

it_user837123 - PeerSpot reviewer
CEO at a tech services company with 1-10 employees
Reseller
2018-03-13T19:58:24Z
Mar 13, 2018

Data compression and reporting followed by speed.

it_user822597 - PeerSpot reviewer
Senior Security Engineer at a marketing services firm with 201-500 employees
Real User
2018-02-19T18:44:20Z
Feb 19, 2018

Hands down it's usability... Look, there are no shortage of tools available in our industry - but which ones do you use? Log management can be complex and the solution that lowers the barrier to success wins out in my book.

Usability comes down to several factors:

Ease of use is the primary one. How difficult is it to use the software and what types of documentation, community and vendor support exist? How difficult is it to get it up and running? How easily can you incorporate the log management tool into your existing processes using the IT/Security resources you have available? Does the tool help you track your assets or provide case management capabilities (if used as a SIEM). How difficult is it to incorporate new log sources? What reports are available out of the box?

Another item to not lose sight of is compatibility. Do your devices have parsers available for the Log Management tool you are evaluating. This ties back to usability because if you are relying on a vendor to provide custom parsing for you, it's expensive and time consuming. Broad device support and a community that contributes actively to supporting log sources is a must.

Finally, a large component of usability is understanding the architecture limitations and licensing aspects of the solution you are evaluating. It's really critical to make sure you don't outgrow your solution and/or find out later that it's going to be prohibitively expensive to either expand your solution or add related features and services. How much is that custom parser development going to cost? Adding FIM? Adding specialized parser support? What about storage expansion? If you are getting resource errors, do you understand where the performance bottlenecks come from? This could be a tuning issue or a hardware/licensing restriction.

I know this "answer" provide more questions than it does answers! But asking the right questions will lead you down the right path for success!

CS
Information Security Officer at a government with 501-1,000 employees
Real User
2018-02-12T17:12:21Z
Feb 12, 2018

Costs - by device or by amount of log traffic (and can that traffic be trimmed/parsed before counting against your threshold?).

it_user684759 - PeerSpot reviewer
Manager of Information Services Infrastructure Team at a healthcare company with 1,001-5,000 employees
Real User
2017-06-14T19:55:54Z
Jun 14, 2017

Data compression and reporting speed.

BG
Systems Engineer at a university with 201-500 employees
Real User
2017-05-26T14:10:32Z
May 26, 2017

Indexing. Reporting. Alerts. Parsing. Organization. Reporting. Translating to easy to read formats and well as maintaining raw data. Correlating events.

it_user672189 - PeerSpot reviewer
Data Security Analyst at Risk Diversion Digital
Vendor
2017-05-25T06:55:31Z
May 25, 2017

If supported, a SIM can collect and correlate logs from just
about any device or application in your network. Examples include
routers, switches, wireless access points, firewalls, IDS/IPS, NBAD
(Network Behavioral Anomaly Detection) devices, vulnerability
scanners, windows hosts, unix hosts, services such as DHCP or DNS,
authentication services such as Active Directory, Radius, and LDAP as
well as applications such as Apache, Exchange and antivirus software.
Log collection is most often accomplished with redirecting syslog
output to the SIM, but can also be accomplished with vendor specific
methods such as Checkpoint’s LEA.

KhLee - PeerSpot reviewer
Product Manager at a tech services company with 5,001-10,000 employees
MSP
2017-05-12T08:00:55Z
May 12, 2017

* Customization of audit policy categories
* Centralized log & event consolidation with manageable data retention
* Nearly real-time event monitoring alerts & notification(severity align to SLA policy)
* Nearly real-time log correlation & parsing
* Scalable platform to effectively handle the increasing number of message packets for analytics
* Schedule-able or on-demand accessibility to a wealth of security and compliance data for historical analysis, trending & reporting
* Agile collector mechanisms to monitor the increasing variety of event sources across the corporate network including FW, IPS, routers, bio-metric devices, servers, physical-access control systems, databases and applications
* Flexibility of deployment options e.g On-premise, hosted as well as hybrid implementation
* Support distributed deployment model
* Multi-tenancy & HA

it_user638145 - PeerSpot reviewer
Premier Support Engineer at Atlassian
Vendor
2017-03-30T16:22:14Z
Mar 30, 2017

Data retention, storage and compression are important.
Ability to search for patterns
Reporting and alerting
Secure data transmission
Fast access to storage
Automation for activities
Speed to write data
Ability to search quickly

it_user341232 - PeerSpot reviewer
IT Security Specialist at a manufacturing company with 1,001-5,000 employees
Vendor
2015-11-25T15:44:49Z
Nov 25, 2015

Data Storage and Indexing analysis
Compression capabilities
Reporting and Alerting capabilities
Event Correlation capabilities
Secure data transmission between Log Collection and Storage
Built in parsers
Query speed and performance of user interface

Related Questions
GB
PresidentPresident at TSG Networks
Nov 11, 2022
Hi community, The GDPR compliance is demanding that we use automated event log monitoring on our 8-9 servers.  Which tool would you recommend using for this  Windows environment? Why? Thanks in advance for your help!
2 out of 7 answers
Daniel Penn - PeerSpot reviewer
Consultant at a computer software company with 11-50 employees
May 4, 2022
SolarWinds SEM (Security Event Manager) is quickly implemented, easy to understand and will do the job regarding GDPR and other compliance regulations. Getting events from Windows Servers is an easy task with the Agent. If you have more time for the topic and are more into deep data analytics probably other solutions may be more satisfying.
DS
Director Of Information Security at OSG Connect
May 4, 2022
That would also depend on how much the budget will support and how granular you want to get.  If you want a full solution that will be significantly more than a patched-together solution using open source tools and Windows native logging tools.  What specifically are your objectives? Do they want to scan events for PII, health data, simple website cookies and expirations?  This is a complex question and much more detail, in a general sense, is needed for proper context.
Ertugrul Akbas - PeerSpot reviewer
Manager at ANET
Sep 13, 2021
Hot data is necessary for live security monitoring.  Archive data (cold data) is not available fastly. It takes days to make archive data live if the archive data time frame is more than 30 days (in most of the SIEM solutions).  As an example, SolarWinds said the attackers first compromised its development environment on Sept. 4, 2019. So, to investigate the SolarWinds case, we have to go bac...
See 1 answer
ML
Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees
Sep 13, 2021
We changed our model to be able to cover such critical long-term cases.  We upload all our critical log sources to AWS S3 for a 3-year retention period. Based on compliance needs we either leave the log files as-is or scrub them from metadata that does not serve any purpose.  In a second pass, we then inject the last 180 days of data into our SIEM. Should the need be we can always search our original log files for required data or re-ingest older data.  This helps us save money while addressing security needs.
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, we've summarized and selected the latest posts (professional questions, articles and discussions) by PeerSpot community members. Check them out! Also, please share with us your feedback and suggestions by commenting below! Trending See what is trending at the moment and chime in to discuss! ...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
Related Categories
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Community Spotlight #16
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, ...
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Devo Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,113 professionals have used our research since 2012.