What is our primary use case?
We're getting some daily reports out of it for different systems regarding passwords expiring, accounts locked out, and a number of events in different categories. We're probably not using it to its fullest potential.
We import log data into the solution from Windows Servers and switch-logs from the Cisco switches. Those are the main things that we feed into the system. We don't have any Linux or any other external systems that we feed into it.
How has it helped my organization?
We use those standard reports every day and monitor them. It does save us some time from having to go out manually and pull that information together. With the daily reports that we get, we can easily scan through them and find any anomalies that are occurring. If a system suddenly starts getting thousands of more errors than it did previously, we know we need to look at something on that system.
The solution has also saved us time due to the fact that it's doing the consolidation of the log files for us. It probably saves us three hours a day.
What is most valuable?
The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring.
The ability to import log data into the solution is very good. It consolidates that information and stores it in a compact manner. It doesn't use a huge amount of disk space to store the history of the logs but still gives us the ability to pull various reports as we need them.
What needs improvement?
I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports. Other than that it's fine.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
It's very stable. We put it in place and have ignored it except, for pulling the reports.
What do I think about the scalability of the solution?
In our environment, it works perfectly fine.
How are customer service and technical support?
I've used the technical support a couple times. I've had very good results. In generating those reports, they were able to provide the methods in order to collect the information we needed to collect.
What was our ROI?
I don't know exact numbers on ROI, but in my mind it saves us a lot of time. I have six or seven reports that I can peruse through each day, quickly and efficiently, instead of having to go out and collect that data manually.
What's my experience with pricing, setup cost, and licensing?
Licensing is very easy. Our CIO takes care of the billing, but in terms of price point, he hasn't complained, so it must be good.
What other advice do I have?
Go through some training to know the ins and outs of the application. It has changed quite a bit in the seven years I've worked with it, and it would be a good idea to do some more training to learn all the new features and to make sure you can utilize all the capabilities.
The UI is okay. As I said, we're probably underutilizing the product compared to what we should be using it for. We don't view the information from it on screens. We more go off of the reports that we get daily out of the system.
In our company there are only three people using the system. We're all IT managers. We're only monitoring about 30 systems and we don't have plans to increase usage. Total time for deployment and maintenance would be a part-time IT manager, ten hours a year. In terms of internal staff resources for internal incident management, it's the same three IT specialists.
I would give the solution an eight out of ten. I'm not giving it a ten because of a lack of understanding of the system and some of the kludginess in the generating of reports.