Feature

Product review: LogLogic LX

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."

Download it now to read this article plus other related content.

LOG MANAGEMENT


LogLogic's LX
REVIEWED BY PHORAM MEHTA

LogLogic

    Requires Free Membership to View


Price: Starts at $50,000

Although device logs can contain a wide variety of information, little attention was given to the review and management of these logs until regulations like SOX, HIPAA and PCI made it mandatory. Now companies are finding there is far more to gain from reviewing and auditing logs than just compliance.

LogLogic offers enterprise-class appliances for analyzing and archiving log data that enable organizations to achieve compliance, while offering decision support and improved availability. We reviewed the LX 2010, one of the LX family of appliances for real-time log data collection and analysis. (The ST series interfaces with NAS and WORM devices for mass storage.)


Installation/SetupB+  
LX 2010 is a beast of an appliance with a 2 TB RAW (1 TB in RAID 10) storage capacity, dual 2.4 AMD Opteron processors and 4 GB of memory. The setup is as simple as it gets, supported by a hardened Linux kernel, MySQL database, Apache Web server and Java.

The only thing left for the user is mounting the hard drive in the slots in allotted order and changing the default IP address on the Ethernet interface used to access the Web-based management console, which is easily done through the GUI or CLI.

An appliance can be used to manage multiple LX and/or ST deployments. The access control feature allows you to restrict network access based on source IP address and destination port, similar to access lists used by routers or firewalls. The GUI provides controls to access different parts of the system, and menu items display according to the level of privileges granted to a specific user.

ConfigurationB+  
LogLogic supports most of the widely deployed devices in the industry. At a sustainable rate of 4,000 messages per second, the LX 2010 can become the syslog and/or SNMP server for all servers and devices in the network. Logs can also be imported via HTTP, HTTPS, SCP, FTP or SFTP. Multiple log formats covering virtually all types of devices are supported--but not all log types. For instance, for firewall/VPN products with proprietary log formats, only Check Point Software Technologies, Cisco Systems, Juniper Networks and Nortel are supported. Email (Exchange) and database (Oracle) server support is also limited.

Configuring log sources is straightforward. Adding devices requires configuration changes on the source devices as well. The documentation provides step-by-step instructions for setting up the log transfer rules and frequency. We configured a few syslog devices, Windows servers using LogLogic's own open-source Lasso tool, a couple of Cisco routers and a Check Point firewall. Since most of the configuration happens on the log sources themselves, adding and setting up devices on LX 2010 usually takes less than a minute.


ReportingB+  
Reporting is the most important component of this product. Two excellent status dashboard screens show the current mps rate, alerts, system performance and total message counters. Another screen shows all added devices and their message counters. The Real-Time Viewer tab shows log messages as they are received.

LogLogic offers many built-in real-time reports for access control, connectivity, database event logs, IBM i5/OS, IDS, email and Web activity. Administrators can create keyword or regular expression searches to produce custom reports to monitor network security and health. The ability to replay old log data should prove very useful for incident response.


Verdict
LogLogic's LX 2010 offers much-needed help to companies in the areas of log review, analysis and archiving. It can help organizations not only with compliance but also with detection and prevention of dangerous events.



Testing methodology: Logs were obtained from Windows and UNIX servers, Cisco routers, Check Point firewalls and other networking devices generating logs in syslog format.

This was first published in November 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: