2015-10-25 12:49:57 UTC

When evaluating Log Management, what aspect do you think is the most important to look for?


Let the community know what you think. Share your opinions now!

Guest
1717 Answers
author avatar
Top 5Real User

-Searchability
-Compression
-Encryption

2019-06-10 19:55:47 UTC
author avatar
User

Log Management should be a separate function of correlation. Correlation is best served in a SIEM tool. Analytics technology can be something that crawls your meta data to find issue, but buying a log management tool that does correlation is asking the bus boy to cook dinner. He can do it cause he is in the restaurant but doesn't mean the food will be good.

2020-01-21 13:04:09 UTC
author avatar
Consultant

1. Automatic Remediation
2. Co-relation Engines
3. Real Time Threat Visibilities
4. Pre-Built Dashboards

2018-04-05 19:46:14 UTC
author avatar
Vendor

Log compression and metadata storage capability
Ease of implementation/integration
Relational or Full Text English Query Support, Efficient Query Response
Compatibility with existing security vendors/products
Responsiveness of Tech Support and Integration Support Services
Support for breadth of security vendors and speed of new security product log integration
ID Management, Ticketing, and Geolocation Visualization Support

2017-03-22 22:05:29 UTC
author avatar
Vendor

Real Time remediation
Ease of customization (collectors/connectors)
Integration with Identity management stacks (for enriched information)
Scalability (possible split between collection, correlation, remediation, reporting, ..)
No hardware constraints
PCI, SOX, ISO,.... reporting

2016-02-25 19:47:59 UTC
author avatar
User

Data Storage and Indexing analysis
Compression capabilities
Reporting and Alerting capabilities
Event Correlation capabilities
Secure data transmission between Log Collection and Storage
Built in parsers
Query speed and performance of user interface

2018-04-26 21:28:48 UTC
author avatar
Top 20Real User

Volume of logs (sources and size)
Storage requirements and recoverability (from archive)
Ability to integrate/forward log management into a SIEM or forward to an MSSP
Ability to selectively choose what logs and/or events are sent into the management system

2018-04-24 16:21:25 UTC
author avatar
Top 20Real User

1. First is to check how the target systems are configured in terms of logs generated. i.e syslog may be disabled, apache conf etc
2. Types of logs collected
3. Log size
4. Storage and retention

2018-04-18 08:47:29 UTC
author avatar
Top 5LeaderboardReseller

Data compression and reporting followed by speed.

2018-03-13 19:58:24 UTC
author avatar
Top 5Real User

Hands down it's usability... Look, there are no shortage of tools available in our industry - but which ones do you use? Log management can be complex and the solution that lowers the barrier to success wins out in my book.

Usability comes down to several factors:

Ease of use is the primary one. How difficult is it to use the software and what types of documentation, community and vendor support exist? How difficult is it to get it up and running? How easily can you incorporate the log management tool into your existing processes using the IT/Security resources you have available? Does the tool help you track your assets or provide case management capabilities (if used as a SIEM). How difficult is it to incorporate new log sources? What reports are available out of the box?

Another item to not lose sight of is compatibility. Do your devices have parsers available for the Log Management tool you are evaluating. This ties back to usability because if you are relying on a vendor to provide custom parsing for you, it's expensive and time consuming. Broad device support and a community that contributes actively to supporting log sources is a must.

Finally, a large component of usability is understanding the architecture limitations and licensing aspects of the solution you are evaluating. It's really critical to make sure you don't outgrow your solution and/or find out later that it's going to be prohibitively expensive to either expand your solution or add related features and services. How much is that custom parser development going to cost? Adding FIM? Adding specialized parser support? What about storage expansion? If you are getting resource errors, do you understand where the performance bottlenecks come from? This could be a tuning issue or a hardware/licensing restriction.

I know this "answer" provide more questions than it does answers! But asking the right questions will lead you down the right path for success!

2018-02-19 18:44:20 UTC
author avatar
Top 5LeaderboardReal User

Costs - by device or by amount of log traffic (and can that traffic be trimmed/parsed before counting against your threshold?).

2018-02-12 17:12:21 UTC
author avatar
Vendor

Data compression and reporting speed.

2017-06-14 19:55:54 UTC
author avatar
Real User

Indexing. Reporting. Alerts. Parsing. Organization. Reporting. Translating to easy to read formats and well as maintaining raw data. Correlating events.

2017-05-26 14:10:32 UTC
author avatar
Vendor

If supported, a SIM can collect and correlate logs from just
about any device or application in your network. Examples include
routers, switches, wireless access points, firewalls, IDS/IPS, NBAD
(Network Behavioral Anomaly Detection) devices, vulnerability
scanners, windows hosts, unix hosts, services such as DHCP or DNS,
authentication services such as Active Directory, Radius, and LDAP as
well as applications such as Apache, Exchange and antivirus software.
Log collection is most often accomplished with redirecting syslog
output to the SIM, but can also be accomplished with vendor specific
methods such as Checkpoint’s LEA.

2017-05-25 06:55:31 UTC
author avatar
Real User

* Customization of audit policy categories
* Centralized log & event consolidation with manageable data retention
* Nearly real-time event monitoring alerts & notification(severity align to SLA policy)
* Nearly real-time log correlation & parsing
* Scalable platform to effectively handle the increasing number of message packets for analytics
* Schedule-able or on-demand accessibility to a wealth of security and compliance data for historical analysis, trending & reporting
* Agile collector mechanisms to monitor the increasing variety of event sources across the corporate network including FW, IPS, routers, bio-metric devices, servers, physical-access control systems, databases and applications
* Flexibility of deployment options e.g On-premise, hosted as well as hybrid implementation
* Support distributed deployment model
* Multi-tenancy & HA

2017-05-12 08:00:55 UTC
author avatar
Vendor

Data retention, storage and compression are important.
Ability to search for patterns
Reporting and alerting
Secure data transmission
Fast access to storage
Automation for activities
Speed to write data
Ability to search quickly

2017-03-30 16:22:14 UTC
author avatar
Vendor

Data Storage and Indexing analysis
Compression capabilities
Reporting and Alerting capabilities
Event Correlation capabilities
Secure data transmission between Log Collection and Storage
Built in parsers
Query speed and performance of user interface

2015-11-25 15:44:49 UTC
Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Log Management. Updated: January 2020.
396,296 professionals have used our research since 2012.