1. leader badge
    The initial setup isn't overly complex.There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.
  2. leader badge
    I have found the most important features to be the flexibility, tech framework, and disk manager.The solution is flexible and easy to use.
  3. Find out what your peers are saying about Splunk, IBM, Datadog and others in Log Management. Updated: April 2021.
    475,291 professionals have used our research since 2012.
  4. leader badge
    The visibility that it provides is valuable. It is helping in being proactive around incident management. It is helping us to be able to get more visibility into our customers' applications so that we can assist them at the application layer. We also provide them the infrastructure from an AWS standpoint. We are able to make sure that our customers are aware of certain critical things around the analytical piece of either the network or the application. We're able to call customers before they even know about the issue. From there, we can start putting together some change management processes and help them a bit.
  5. The cost is reasonable. It's not overly pricey.We've found the initial setup to be quite straightforward.
  6. The user interface is good and it is quite easy to use.The scalability is good. It is also good in the cluster nodes. You can make multiple FortiAnalyzer clusters groups, and you can distribute the logs between these FortiAnalyzer nodes. In other words, you can expand the scale.
  7. The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way.
  8. report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    475,291 professionals have used our research since 2012.
  9. There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.
  10. It is very scalable and can handle a large workload.The setup and installation are very easy.

Advice From The Community

Read answers to top Log Management questions. 475,291 professionals have gotten help from our community of experts.
Rony_Sklar
How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution? Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?
author avatarLindsay Mieth
Real User

Rony, Daniel's answer is right on the money.  There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget.  A small operation may be best served by a managed service if it proves to be economical.  I do not have any recent data on these.  When I was investigating SIEMs there were big systems such as IBM, HP and McAfee then I found LogRhythm which has proved to be a great tool and more of what I needed right away.  We manage it ourselves, though they now have a cloud offering.  Also, if you have mostly Office365 and Azure IaaS logs to work with, you may find MS Azure Sentinel to be a good fit.  I hope this is of some use to you.

author avatarDaniel Sichel
Real User

Log Management is just that, it looks at logs from devices and attempts to make inferences about security issues from those logs. SIEM technology typically casts a wider net, looking at all types of security events. The best of breed will look at Network flows and events and logs, and other types of events that don't necessarily come from logging sources and provide an inference engine and rules management platform to allow you to detect anomalies from a wide variety of sources rather than just logs.

author avatarDavid Rivas Huete
User

In short, Log Management refers to the collection, storage, and organizing of the event logs according to your specifics needs and operational processes. Opposite, the SIEM after data collection, is making the real exploitation of this data acquired from different sources, servers, applications, and OS. In the context of the traditional Intelligence cycle, is performing 3 of the 4 typical stages: Collection, Analysis/Processing, and Distribution to Decision-makers. Said that from the perspective of a former Intel guy is Intelligence vs raw data before even converted into the information.

author avatarEsmat Salah El-Din
User

Splunk would be the best solution to address several use cases.

author avatarDamien Finette
User

Argent Software can help with the following products:-


Argent for Compliance - Compliance and Log monitoring.


 https://www.argent.com/product...


Argent SEIM (Expected release Q4 2020) – Single Security Management platform that provides full visibility to activity in your network. Argent SEIM collects, parses and categorizes data for correlation and threat detection so that you can act accordingly.



https://www.argent.com


Ariel Lindenfeld
Let the community know what you think. Share your opinions now!
author avatarGerrit Boele
User

Log Management should be a separate function of correlation. Correlation is best served in a SIEM tool. Analytics technology can be something that crawls your meta data to find issue, but buying a log management tool that does correlation is asking the bus boy to cook dinner. He can do it cause he is in the restaurant but doesn't mean the food will be good.

author avatarJeff Uhlich
Real User

-Searchability
-Compression
-Encryption

author avatarR.G.
User

Usability, Compatibility, Integration with other solutions and Support

author avatarRanjanSandeep (McAfee)
Consultant

1. Automatic Remediation
2. Co-relation Engines
3. Real Time Threat Visibilities
4. Pre-Built Dashboards

author avatarit_user632850 (Director of Information Security at a healthcare company with 5,001-10,000 employees)
Vendor

Log compression and metadata storage capability
Ease of implementation/integration
Relational or Full Text English Query Support, Efficient Query Response
Compatibility with existing security vendors/products
Responsiveness of Tech Support and Integration Support Services
Support for breadth of security vendors and speed of new security product log integration
ID Management, Ticketing, and Geolocation Visualization Support

author avatarit_user395517 (User)
Vendor

Real Time remediation
Ease of customization (collectors/connectors)
Integration with Identity management stacks (for enriched information)
Scalability (possible split between collection, correlation, remediation, reporting, ..)
No hardware constraints
PCI, SOX, ISO,.... reporting

author avatarit_user863733 (User)
User

Data Storage and Indexing analysis
Compression capabilities
Reporting and Alerting capabilities
Event Correlation capabilities
Secure data transmission between Log Collection and Storage
Built in parsers
Query speed and performance of user interface

author avatarit_user861630 (Senior Network Security Engineer at Starz Entertainment)
Real User

Volume of logs (sources and size)
Storage requirements and recoverability (from archive)
Ability to integrate/forward log management into a SIEM or forward to an MSSP
Ability to selectively choose what logs and/or events are sent into the management system

See more Log Management questions »
Find out what your peers are saying about Splunk, IBM, Datadog and others in Log Management. Updated: April 2021.
475,291 professionals have used our research since 2012.