Results 1 to 5 of 5

Thread: Log Analyzers

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    8

    Log Analyzers

    I have been lately involved in lot of loganalysis tools and would like your help in deciding upon a good tool. My requirement is basically to look for log analyzer softwares with good reporting for security and compliance.

    I have shortlisted 2 products:

    1. www.eventloganalyzer.com
    2. www.sawmill.net

    If anyone has worked extensively on loganalysis in their respective work front, please respond with your thoughts about what an ideal log analyzer product must have (with all its bells & whistles).

    Thanks
    SysLog

  2. #2
    These two look ok, but have you looked into a SIM product. I'm in the process of getting management where I work to buy the Cisco Mars product. You might want to look into that product too. Are you looking for a Security Information Management product?

  3. #3
    How much do these products cost? Cisco Mars is going to run us about 30k for 200 host coverage.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I use NeuSecure, which has been bought up about 3 times in the last six months. Currently, IBM owns the product.

    I LOVE this console (SIM solution). I feed events from all core assets and have now got a handle on what's going on out there. The downside to any of these beasts is cost and the effort needed to tune them properly. Another nasty is bug discovery which seems to happen more so with products with "bigger than life" feature sets.


    I looked at NetForensics product which was absolute crap and also at CAs offering which was less than user friendly.

    ArcSite was another one I looked at but the pricing, $150 grand, left it way out of reach.

    Anyway, another 2 cents.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Junior Member
    Join Date
    Jul 2006
    Posts
    8

    Exclamation

    Yes, I'm looking at SIM or SEM or SEIM

    Cisco Mars cost 30K
    whereas,

    >> A 200 hosts per year license for EventLog Analyzer costs only $2490 . These guys seem to be having another product called Firewall Analyzer which does the log analysis for firewalls, vpns & routers!

    I guess a complete SIM software would mean an integration of these 2 products and more?

    >> Sawmill's Enterprise Edition: 100 pack cost $4,500 and 500 pack cost $6750

    By the way whats the pricing for NeuSecure ? What type of reports do they support? since reporting is essential for me to place my bet on the product. As of now the eventlog analyzer had some kewl reports, courtesy their free edition

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •