ArcSight Logger Review

Strong scalability options, Flexible log collection and has an easy setup

What is our primary use case?

We focus mainly on the enterprise market where the customers have the requirement for log management and compliance. And most of the time we propose ESM along with the logger for SIEM requirements.

We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them.

What is most valuable?

Various log collecting methods helps customers to route logs from almost every application or device.In terms of ArcSight Logger's most valuable feature, it is their scalability and flexible log collecting options. ArcSight's real advantage is its scalability because they have two layers, Logger layer and correlation layer. So customers may benefit from this when it comes to licensing and designing. For example, let's say the customer wants to only have a logger requirement, they have the flexibility to only use the logger layer, instead of suggesting all the other layers. I don't see this kind of flexibility in other vendors.

What needs improvement?

A concern is that after their merger with Micro Focus I have some doubts. I don't see much development of the road map on ArcSight itself. The reason why I'm saying this is because we had a situation here in Sri Lanka which concerned us, where Arcsight suddenly decided to discontinue IBM as installation platform for the connectors. So in case of the road map and the technical improvements, I see the direction has changed somehow and now the customers and the distributors who are trying to implement it don't have as much visibility about the direction.

Arcsight should focus on inbuilt features like SOAR and UBEA features.

For how long have I used the solution?

I have been working with ArcSight Logger for about two years.

What do I think about the stability of the solution?

The platform is very stable. We haven't experienced any unexpected failures at any circumstances.

What do I think about the scalability of the solution?

As I mentioned, their scalability is one of their most valuable features.

How are customer service and technical support?

I would rate the technical support only 5 out of 10. The technical support is not satisfactory. I think there is a lack of expertise when it comes to support . This appears to after merging with Micro Focus.

How was the initial setup?

Log collection may seems tricky but if you have fundamental understanding about the product it's straight forward.

What about the implementation team?

We implement arcsight solution for the customers. We posses skill set for the implementation.

What was our ROI?

We focus mainly on the enterprise market where the customers have the requirement for log management and SIEM. We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them. We see that those customers has compliance, security in depth and log management as their main ROI drivers.

What's my experience with pricing, setup cost, and licensing?

We have an annual subscription license. I'd say the pricing is okay.

What other advice do I have?

I would advise anyone looking to implement this solution to have a good understanding of your infrastructure and to verify your architecture. You should be able to get an idea of their road map for the next five years to just verify what sort of effect it will be making on your system.

On a scale of one to ten, I would rate it an eight.

Which deployment model are you using for this solution?


If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

**Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
More ArcSight Logger reviews from users
...who work at a Government
...who compared it with IBM QRadar
Add a Comment