Log Management Features

Read what people say are the most valuable features of the solutions they use.
Colt Rodgers says in a Splunk review
Infrastructure Engineer at Zirous, Inc.
The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk. View full review »
Damian Scott says in an IBM QRadar review
Sr SIEM Consultant at a tech services company with 51-200 employees
* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each organization. The correlation engine automates what is a manual process for many SIEM platforms. * Network-Based Anomaly Detection (NBAD): Using NetFlow, JFlow, SFlow, or QFlow (all 7 layers), offenses are detected as a response when a rule is triggered. * QRadar Vulnerability Management: Built-in vulnerability scanner or leverage for other supported scanners to either schedule a scan and/or import the results from a scan. Importing the results enriches the assets profile database to quickly identify assets that have known vulnerabilities. * X-Force Threat Intelligence: Threat intelligence IP reputation feed which leverages a series of international data centers to collect tens of thousands of malware samples, to analyze web pages and URLs, and to run analysis to categorize potentially malicious IP addresses and URLs. * App Exchange: Many vendors have written apps to enhance QRadar. The apps are free and enhance your SIEM experience by adding rules and custom event properties. In some cases a new tab. You will need to have purchased the third party solution. For example, if you have Palo Alto or Blue Coat, there's a free app for better integration. View full review »
Geremy Farmer says in an EventTracker review
Information Technology Coordinator at Magnolia Bank, Incorporated
The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in. We can resolve the issue a whole lot quicker than waiting for the user to call us and figure out that they're locked out of the network or need some assistance with their password or the like. The system's UI is pretty good, intuitive, and user-friendly. EventTracker SIEMphonic has been a good add-on piece because doing all the logs can be time-consuming. Having a nice, weekly summary report, and the supplemental logs with them, in the event that you need to dive in any further, is helpful. Having somebody else reviewing those logs as well, on their team, is very helpful and beneficial to us. View full review »
Bryan Caporlette says in an EventTracker review
Chief Technology Officer at G&G Outfitters Inc
The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats. I don't have a CISO and don't have the budget to bring a CISO in. Therefore, it basically allows me to outsource the information security officer to EventTracker and have them perform that role for the company. With the dashboards, I can very quickly see if there are any pending threats or anything that I should take action against. It has a very easy to use interface. Instead of having to go run reports and digging through millions of entries of data, I can have a couple of key metrics brought right up to me through the dashboard and be able to review that information, then either send it on to my networking team to address something or have comfort that we're in a good footing security-wise. The solution's UI is very good now. It went through a transition phase from four years ago to today. With each iteration, we started on version 6 or 7, then we went to 8, and now we're on 9. Each one has been a large improvement for user usability and the user interface. It is more modern and easier to use. We usually view it on Internet Explorer or Chrome. I use my laptop to view it and find it a comfortable view. I rely on them to tell me what features should be rolled out and come out. They are always introducing me to new threats and other thing that we need to be looking out for. They say, "By the way, we're looking for these now on the weekly report for you." They are the ones that I just outsourced this to. View full review »
QRadar677 says in an IBM QRadar review
B.T. G├╝venlik Y├Âneticisi at a recruiting/HR firm with 10,001+ employees
The most valuable feature is user-behavior analytics, where it will create logs based on the users' behavior and report suspicious events or other anomalies. I am working with the data analytics so it is a very good one for what I am doing. View full review »
Ramasamy Balakrishnan says in a DNIF review
CEO at Irisk Assurance Consultancy Services Pvt Ltd
The solution is based on a big-data platform and the response time on queries is super-fast. That's why we like this solution. It is 30 times faster than traditional SIEMs. It provides responses to queries within a minute. That's the most impressive feature we have found in this product. Also, the UBA, the User Behavior Analytics, is a built-in threat-hunting feature. It detects and reports on any kind of malware or ransomware that enters the network. That's an amazing feature of this product. View full review »
Sean Sheil says in an EventTracker review
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring. The ability to import log data into the solution is very good. It consolidates that information and stores it in a compact manner. It doesn't use a huge amount of disk space to store the history of the logs but still gives us the ability to pull various reports as we need them. View full review »
reviewer905577 says in a Splunk review
Principal Consultant with 51-200 employees
* Drill down * Apps * REST API * Software development kits * Architecture * Replication capabilities View full review »
FarhanAli says in an IBM QRadar review
Security Analyst at a security firm with 11-50 employees
* Its default set of rules: It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives. * The extension management: There are more than 120 extensions in QRadar, which are easy to install and configure. These can improve your analysis of events. * UBA 2.7: It can help you detect insider threats. View full review »
Clara Merriman says in a Splunk review
Business Intelligence Engineer at a hospitality company with 501-1,000 employees
Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. View full review »
John Paul Dienst says in a Graylog review
Technology Consultant
Real-time UDP/GELF logging and full text-based searching. Since UDP is a stateless, connectionless protocol, it simplifies error handling for the log sender/producer in the event that Graylog is not available. UDP is also a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead. Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default. Additionally, Graylog has support via plugins for Slack-based alerts. These have been wonderful for notifying us when exceptional log messages are encountered. View full review »
Prabhanshu Pandit says in an ELK Logstash review
Programmer at a tech services company
Documentation is very good, so implementation is fine. View full review »
Vulnera08667 says in an IBM QRadar review
Vulnerability Manager at a tech services company with 51-200 employees
The threat protection network is the most valuable feature because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why. View full review »
AndreTaborda says in a vRealize Log Insight review
Virtualization Engineer at a tech services company with 501-1,000 employees
The product is perfectly designed. The trace log is the solution's most valuable feature. It's very helpful in troubleshooting problems. The dashboards are also impressive. You have the option to create a very rich dashboard if you like. View full review »
reviewer1096398 says in a Check Point Security Management review
Network and Security Manager at a tech services company with 51-200 employees
One of the most valuable features is the console application. It's a great solution for management. We can manage a lot at the same time with one security management system. Also, each gateway depends on the other, which is helpful. View full review »
reviewer1181253 says in a Check Point Security Management review
System and Network Engineer at a non-tech company with 1,001-5,000 employees
The firewall's blades are the solution's most valuable feature. View full review »
reviewer1042011 says in an Elastic Beats review
NOC Manager/Network Administrator at a tech vendor with 1,001-5,000 employees
There's a whole spectrum of features on the solution that users can take advantage of. It's a very robust product. View full review »
CISO67 says in an Arcsight Logger review
CISO at a financial services firm with 1,001-5,000 employees
The ability to customize the solution in great detail is its most valuable feature. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive. View full review »
Shadow Fx says in an ELK Logstash review
User at a comms service provider with 51-200 employees
The visualization is very good. View full review »
Assistan6279 says in an EventTracker review
Assistant LAN Administrator at a non-profit with 10,001+ employees
The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like. The reports are fine the way they are. The dashboard is also fine. We haven't configured the dashboard widgets; we just basically go with the default that was there. The dashboard helps by organizing things for us. Overall, the UI is very helpful. It's user-friendly and relatively intuitive. View full review »
Richard Teegarden says in an EventTracker review
Network Manager at a energy/utilities company with 51-200 employees
The solution is on-prem and we also utilize them for fairly full, managed services. They do tend to babysit it quite a bit. We get daily reports that they piece together for us which walk through everything that they're finding and seeing. And we sit together in a monthly service call to walk through what they found over the course of the month, just to compare notes. We backtrack and check to make sure that nothing stood out and that we didn't miss anything or to hear if they've got any concerns or questions. They're putting in the time on a daily basis for us on that. Another valuable feature is that we've tied it into pretty much everything that we have. We've got it tied into our Office 365 and it's helping us monitor even the spam garbage there, the consistencies or the abnormalities on the spam. We've got it tied into our firewalls and into just about every appliance we have as a front-line or an in-between, including VPN and the authentication that is coming through there. It's also tied into anything that's cloud-based. We might tie into IIS logs, our antivirus logs. It's huge that it gives us that single dashboard overview of events happening, all at one time. It's been, tremendous for us. I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me. I can pass it along, not only my boss, but to senior management, if needed. I can show them what activity is being monitored, what types of incidents there are and the type of risk, if there is one. It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective. I just want to know what's going on on the end-points. If anything gets flagged, if anything's out of order, chances are pretty good we're going to get it flagged on a couple of systems, whether it's a desktop for a firewall or an outbound request. It might get flagged on our AV, but at least I'm seeing it across all of those systems at a given time. So I really appreciate having that single location to look for any event that might be something which warrants a little bit more work. I don't play around too much with the dashboard widgets, the stuff that's built-in. I get a daily report and, based on that, if I need to, I'll dig into it. So I don't customize things too much. I go back through things on a monthly basis as well. The dashboard is an easy enough layout and I've gotten used to using it or digging down deeper so I don't really change much in there. In terms of log importing, I've never really had any problems with it. Everything that's a syslog is a pretty easy tie-in and pull-through. Anything else that's agent-based, like a desktop, we've had very few problems with. Microsoft's Direct Access, their direct-access, always-on VPN product was a little bit of a tough one that we had to work through to get those to pull across. But overall, the agents seem to be pretty stable, pretty efficient. They're pulling through everything that we need at this point. Anytime we've pulled in, whether it's an antivirus product - we've gone through a couple of them - various appliances, even Office 365, it has been very well-versed on all the major brands out there. If we want to pull those in or pull in the syslogs or pull in those events, we've never had an issue. View full review »
Reza Azimi says in a vRealize Log Insight review
Infrastructure Engineer at a tech vendor with 201-500 employees
We are using it because we have a VMware product. It has its own built-in dashboards for VMware products, and that's a good thing. Also, filtering logs is very easy and extracting fields from the data is also very straightforward with Log Insight. View full review »
Pride Chieza says in a Fortinet FortiAnalyzer review
Network Security Engineer at Frampol
The most valuable features are customizing reports, and the ability to drill down to display critical information in real-time. FortiGate itself, for example, doesn't offer all of this information on the entry-level firewalls. You can get more detailed information from FortiAnalyzer based on the log that is retrieved from FortiGate while it is operating. View full review »
Dharmarajen Palanee says in a Fortinet FortiAnalyzer review
Technical lead at Rogers Capital Technology Services Ltd
I am very impressed by the new version's security - on-premise or on the cloud. We have integrated the program with FortiView to get a better-customized log and more scalability on the application. The newer version is also much faster than the previous one and we have more visibility on whatever is happening on our system. View full review »
Selorm Ahiataku says in a Fortinet FortiAnalyzer review
System & Network Administrator at a tech services company with 11-50 employees
It has a simplified and user-friendly interface. View full review »
Sign Up with Email