Arcsight Logger Review

It integrates with ArcSight SIEM as it uses the same connectors.


Valuable Features

Several features are valuable to us, including --

  • Log management in general
  • Security options
  • Integration with ArcSight SIEM as it uses the same connectors
  • Simple GUI
  • Powerful searching and reporting tools

Improvements to My Organization

Although I unfortunately can't comment on specific usage within my company, we have seen improvements from the use of ArcSight Logger and the many features that are valuable to us.

Room for Improvement

SmartConnector vendor support will always be a battle, but most major vendors and products seem to be supported.

Clicking on a log source on the main page should not pull all stored logs as this is too slow and way excessive. It should default to a recent and smaller sample.

Deployment Issues

My deployment is on Red Hat though which seems pretty speedy, so I am unsure for more Windows-based deploys.

Stability Issues

We have had no issues with stability.

Scalability Issues

From what I can see, it scales well. It does require a pretty hefty baseline, but the more system resources you give it, the better it seems to perform.

Customer Service and Technical Support

HP support has been fairly impressive. Shifting personnel causes a bit of disruption in deployment tasks, but they seem to compensate for shifts pretty well.

Initial Setup

For main components, HP SE’s seem eager to help. The way documentation is organized on their site could definitely use some work though. Documentation exists, and it’s generally pretty solid, but most times, asking an HP SE directly to email it to you tends to be much easier than searching for it yourself.

Implementation Team

Implementation of anything this size and scope in a large company requires a lot of work. So getting outside assistance or additional staffing for deployment and support is recommended.

Other Solutions Considered

Splunk is definitely a direct competitor and equally powerful. Logger seems to have a better interface in my opinion. Also, if your company is already using ArcSight, it makes sense to go with Logger as it utilizes the same SmartConnectors for log parsing/forwarding.

I think where Logger shines is usability. Splunk is a beast unto itself and people build careers on it. Not to knock it too much, as it is a very powerful product. But the appeal of Logger is it makes log management accessible and usable to any IT/systems/networking employee or user to be able to make sense and use it while not having to become a guru of a specific log management system to use it to it’s fullest extent.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email