Advice From The Community

Read answers to top Log Management questions. 425,660 professionals have gotten help from our community of experts.
Ariel Lindenfeld
Let the community know what you think. Share your opinions now!
author avatarJeff Uhlich
Real User


author avatarGerrit Boele

Log Management should be a separate function of correlation. Correlation is best served in a SIEM tool. Analytics technology can be something that crawls your meta data to find issue, but buying a log management tool that does correlation is asking the bus boy to cook dinner. He can do it cause he is in the restaurant but doesn't mean the food will be good.

author avatarRanjanSandeep (McAfee)

1. Automatic Remediation
2. Co-relation Engines
3. Real Time Threat Visibilities
4. Pre-Built Dashboards

author avatarDirector of Information Security at a healthcare company with 5,001-10,000 employees

Log compression and metadata storage capability
Ease of implementation/integration
Relational or Full Text English Query Support, Efficient Query Response
Compatibility with existing security vendors/products
Responsiveness of Tech Support and Integration Support Services
Support for breadth of security vendors and speed of new security product log integration
ID Management, Ticketing, and Geolocation Visualization Support

author avatarUser

Real Time remediation
Ease of customization (collectors/connectors)
Integration with Identity management stacks (for enriched information)
Scalability (possible split between collection, correlation, remediation, reporting, ..)
No hardware constraints
PCI, SOX, ISO,.... reporting

author avatarUser

Data Storage and Indexing analysis
Compression capabilities
Reporting and Alerting capabilities
Event Correlation capabilities
Secure data transmission between Log Collection and Storage
Built in parsers
Query speed and performance of user interface

author avatarSenior Network Security Engineer at Starz Entertainment
Real User

Volume of logs (sources and size)
Storage requirements and recoverability (from archive)
Ability to integrate/forward log management into a SIEM or forward to an MSSP
Ability to selectively choose what logs and/or events are sent into the management system

author avatarHead, Risk and Advisory at a tech services company with 201-500 employees
Real User

1. First is to check how the target systems are configured in terms of logs generated. i.e syslog may be disabled, apache conf etc
2. Types of logs collected
3. Log size
4. Storage and retention

See more Log Management questions »
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Log Management. Updated: June 2020.
425,660 professionals have used our research since 2012.