|
LogLogic supports most of the widely deployed devices in the industry. At a sustainable rate of 4,000 messages per second, the LX 2010 can become the syslog and/or SNMP server for all servers and devices in the network. Logs can also be imported via HTTP, HTTPS, SCP, FTP or SFTP. Multiple log formats covering virtually all types of devices are supported--but not all log types. For instance, for firewall/VPN products with proprietary log formats, only Check Point Software Technologies, Cisco Systems, Juniper Networks and Nortel are supported. Email (Exchange) and database (Oracle) server support is also limited.
Configuring log sources is straightforward. Adding devices requires configuration changes on the source devices as well. The documentation provides step-by-step instructions for setting up the log transfer rules and frequency. We configured a few syslog devices, Windows servers using LogLogic's own open-source Lasso tool, a couple of Cisco routers and a Check Point firewall. Since most of the configuration happens on the log sources themselves, adding and setting up devices on LX 2010 usually takes less than a minute.
Reporting is the most important component of this product. Two excellent status dashboard screens show the current mps rate, alerts, system performance and total message counters. Another screen shows all added devices and their message counters. The Real-Time Viewer tab shows log messages as they are received.
LogLogic offers many built-in real-time reports for access control, connectivity, database event logs, IBM i5/OS, IDS, email and Web activity.
Administrators can create keyword or regular expression searches to produce custom reports to monitor network security and health. The ability to replay old log data should prove very useful for incident response.
LogLogic's LX 2010 offers much-needed help to companies in the areas of log review, analysis and archiving. It can help organizations not only with
compliance but also with detection and prevention of dangerous events.
Testing methodology: Logs were obtained from Windows and UNIX servers, Cisco routers, Check Point firewalls and other networking devices generating logs in syslog format.
|
