LogLogic Review

Situational awareness is a must but the biggest issue, is that it seems to deliberately use the lousiest compression.

Valuable Features

It collects logs, most of the time.

Improvements to My Organization

Having logs in a central location helps with troubleshooting, forensic investigations, and legal investigations. Situational awareness is a must for a healthy IT environment.

Room for Improvement

The biggest issue, cost-wise, is that it seems to deliberately use the lousiest compression it can use and still say it's compressing data. It wouldn't be hard for them to pack 2-3x as much data into an appliance, but then that would mean they couldn't sell as many appliances. But there are lots of areas for improvement, which you'll see in the answers to other questions.

Use of Solution

About a year.

Deployment Issues

Yes, their log collectors work well in homogenous environments, but in the real world where people have a mix of server operating systems, you'll have issues. If you have a mix of Windows 2003, 2008, and 2012 servers, you'll have to use the same OS on the server doing the collecting.

Stability Issues

Yes. The piece that collects Windows logs tends to be very unstable once you get it running, which isn't always easy. Be prepared to have to try several versions of the Universal Collector and Lasso Enterprise to find which one works best in your environment. The latest isn't necessarily the greatest. New versions tend to be slow to appear even when there are known issues with them.

Scalability Issues

Yes. The product isn't designed to allow you to add disk space to it. NAS options are limited to NFS. One of their devices allows you to connect it to a SAN, but check compatibility first as you can run into issues. SAN space, of course, is very expensive.

Customer Service and Technical Support

Customer Service:

On a scale of 1-5, 0. They say the right things but don't deliver when it counts. I've given numerous suggestions for improving the product but they've dismissed every single one.

Technical Support:

On a scale of 1-5, 0. Lower-level support is only interested in closing tickets as quickly as possible, not in fixing the issue. If you can get a senior-level engineer they're polite and patient but limited by the rest of the organization. Many of their fixes look like the kind of thing I set up at 2am to get through an issue to buy some time until we can fix it right during normal business hours. The difference is they never come back and fix it right.

Previous Solutions

Yes, we used ArcSight. It was expensive and difficult to configure. That said, none of these products are out-of-the-box solutions, so I caution against any vendor who claims to have one.

Initial Setup

You'll need an experienced sysadmin with knowledge of your network and the operating systems you're collecting from, but for a person like that, the initial setup is pretty easy. I was able to get a new appliance on the network and collecting the easiest logs in about a day, which is reasonable.

Implementation Team

In-house, with help from the vendor. The help from the vendor wasn't very helpful.


I'm uncomfortable with the idea of ROI on something like this because centralized logging isn't a luxury, it's a necessity. A large company has to do something like this or go out of business.

Pricing, Setup Cost and Licensing

I wasn't involved in discussions about the initial cost. Ongoing, count on needing one FTE to dedicate to it. At least initially, it will need to be an experienced specialist. Prior Loglogic experience isn't necessary but good knowledge of Windows and Unix is.

Other Solutions Considered

Yes, but I wasn't involved in the evaluation. I came in after the fact.

Other Advice

There is a perception throughout the industry that this is an easy product to implement. The more heterogeneous your environment is and the better you know it going in, the easier it will be.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email