I have been lately involved in lot of loganalysis tools and would like your help in deciding upon a good tool. My requirement is basically to look for log analyzer softwares with good reporting for security and compliance.
I have shortlisted 2 products:
If anyone has worked extensively on loganalysis in their respective work front, please respond with your thoughts about what an ideal log analyzer product must have (with all its bells & whistles).
These two look ok, but have you looked into a SIM product. I'm in the process of getting management where I work to buy the Cisco Mars product. You might want to look into that product too. Are you looking for a Security Information Management product?
How much do these products cost? Cisco Mars is going to run us about 30k for 200 host coverage.
I use NeuSecure, which has been bought up about 3 times in the last six months. Currently, IBM owns the product.
I LOVE this console (SIM solution). I feed events from all core assets and have now got a handle on what's going on out there. The downside to any of these beasts is cost and the effort needed to tune them properly. Another nasty is bug discovery which seems to happen more so with products with "bigger than life" feature sets.
I looked at NetForensics product which was absolute crap and also at CAs offering which was less than user friendly.
ArcSite was another one I looked at but the pricing, $150 grand, left it way out of reach.
Anyway, another 2 cents.
Yes, I'm looking at SIM or SEM or SEIM :cool:
Cisco Mars cost 30K :(
>> A 200 hosts per year license for EventLog Analyzer costs only $2490 . These guys seem to be having another product called Firewall Analyzer which does the log analysis for firewalls, vpns & routers!
I guess a complete SIM software would mean an integration of these 2 products and more?
>> Sawmill's Enterprise Edition: 100 pack cost $4,500 and 500 pack cost $6750
By the way whats the pricing for NeuSecure ? What type of reports do they support? since reporting is essential for me to place my bet on the product. As of now the eventlog analyzer had some kewl reports, courtesy their free edition ;)