Most Helpful Review
Find out what your peers are saying about EventTracker vs. vRealize Log Insight and other solutions. Updated: November 2019.
384,324 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches.
I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective.
The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like.
The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location.
If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically.
The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in.
The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring.
The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats.
The virtualization solution supports data center virtualization, network and security.
The root cause analysis feature is very valuable.
What I like is that you can have different storage locations for different applications.
The most valuable feature is server virtualization. It's been very useful.
We use the on-premises version of this solution for log analysis and to find details about certain issues.
The trace log is the solution's most valuable feature. It's very helpful in troubleshooting problems.
We are using it because we have a VMware product. It has its own built in dashboards for VMware products, and that's a good thing.
The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated.
Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it.
I would like to see the dashboard come up more quickly.
The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open.
There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days.
I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports.
The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them.
It's great for VMware, but it would be good if they had third-party logins.
I don't use the solution on a day to day basis, so I'm not sure what specifically can be improved.
I think that it should be able to integrate with other third-party backup and recovery solutions, more that it does now.
The solution isn't user-friendly for admins.
Documentation is lacking, including some guide as to how to use the expressions. It is not clear how to look for a log, for example. Some examples in the documentation might be helpful. I think that VMware had good documentation, but it's no longer hosted. The documentation is not as easy to understand as it was before.
They should improve their web interface to make it more user-friendly.
The solution is a very good tool, but it has a lot of limitations. One of the main issues is around how you define your retention policy, for instance, in Log Insight. It doesn't have it. You can't define a log retention policy. You also can't define the destination or location for your logs. All of the logs are in one index or one bucket.
Pricing and Cost Advice
When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service.
EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting.
In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money.
I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year.
The upfront costs have increased, and we have been locked into this contract. The cost of changing over from it is way too high.
The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same.
Licensing is very easy. Our CIO takes care of the billing, but in terms of price point, he hasn't complained, so it must be good.
The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value.
Pricing could always be lower. If it were free, I would be more satisfied.
out of 46 in Log Management
Average Words per Review
out of 46 in Log Management
Average Words per Review
Compared 38% of the time.
Compared 19% of the time.
Compared 12% of the time.
Compared 42% of the time.
Compared 29% of the time.
Compared 7% of the time.
EventTracker by Netsurion delivers actionable security intelligence that empowers organizations of any size to effectively detect and respond to advanced threats.
EventTracker Security Center
|vRealize Log Insight delivers indexing and machine learning based Intelligent Grouping, to enable searching, for faster troubleshooting across physical, virtual and cloud environments. It help monitors and manages Machine Data at Scale through analyzing massive amounts of log data and delivers near real-time monitoring, search and log analytics, coupled with a dashboard for stored queries, reports and alerts. Speeds correlation of events across an entire IT environment. vRealize Log Insight creates Structure from Unstructured Data by collects and automatically identifies structure in all types of machine-generated log data (application logs, network traces, configuration files, messages, performance data, system state dumps, etc.) to build an index for performing analytics. And it offers a pricing model that includes unlimited data and does not require buying licenses based on peak usage and worst-case scenarios.|
Learn more about EventTracker
Learn more about vRealize Log Insight
|The Salvation Army, The FRESH Market, Pacific Western Bank, AAOS, Vanderbilt University, Talbots||Wildlands Adventure Zoo, Medic Mobile, IBM, Seventy Seven Energy, Baystate Health, Osis, Oxford University, Columbia University, Siemens, Cardinal Health, Ashdod Port, Vasakronan, Sydney Adventist Hospital, University of Derby|
Software R&D Company32%
Financial Services Firm10%
Comms Service Provider8%
Software R&D Company39%
Comms Service Provider13%