The Ultimate Solution for Security Log Management and Network Device Auditing

In the ever-evolving digital world, the importance of effective security log management and network device auditing cannot be overstated. ManageEngine EventLog Analyzer is your comprehensive solution for all your log management needs. Trusted by over 10,000 customers, including industry leaders like Infosys, IBM, and Siemens, EventLog Analyzer is the gold standard in security log management.

Why Choose ManageEngine EventLog Analyzer?

Real-Time Security Log Management

  • Predefined Reports and Alerts: So that you can proactively identify and mitigate security threats, reducing the time spent on manual monitoring.
  • Centralized Log Collection: So that you can gather logs from multiple sources into a single repository for easy access and analysis.

EventLog Manager Dashboards

Network Device Auditing

  • Multi-Device Support: So that you can audit logs from firewalls, routers, and switches, ensuring a secure and compliant network environment.
  • Predefined Reports and Alerts: So that you can receive immediate notifications about suspicious activities, enabling quick remedial action.

Application Log Analysis

  • In-Depth Analytics: So that you can understand user behavior and application performance, helping you to optimize both security and functionality.

Server Log Management

  • Windows and Unix/Linux Server Support: So that you can manage logs across various server platforms, offering you flexibility and comprehensive coverage.
  • Compliance-Ready Reports: So that you can effortlessly meet regulatory requirements like GDPR, HIPAA, and PCI-DSS.

Security Event Management

  • Event Correlation: So that you can link related records and identify attack patterns, making it easier to prevent security incidents.
  • User Monitoring: So that you can track user activities and permissions changes, enhancing your internal security measures.

Awards and Recognitions

  • Gartner Peer Insights Customers' Choice 2019

Trusted by the Best

  • Infosys
  • IBM
  • Siemens
  • Panasonic

Ready to Take the Next Step?

Don't compromise when it comes to your security log management and network device auditing. With ManageEngine EventLog Analyzer, you get a solution that is robust, feature-rich, and trusted by industry leaders. It's time to take control of your logs like never before.

Get Started Today:

  • Download a Free 30-Day Trial: Experience the power of ManageEngine EventLog Analyzer firsthand. Try it free for 30 days.
  • Request a One-on-One Demo: Let our experts guide you through the features and benefits of EventLog Analyzer, tailored to your specific needs.
  • Have Questions? Our team is here to assist you. If you have any inquiries or need a customized quote, reach out to us.
EventLog Customers

Your security log management excellence awaits. Elevate your security posture and gain actionable insights with ManageEngine EventLog Analyzer. Join the ranks of industry leaders who have harnessed the power of EventLog Analyzer to transform their organizations. It's time to unlock your log management excellence.

Get a Free Trial and see how EventLog Analyzer can help!

Your Role

1.	IT Manager Mike

IT Manager Mike

Mike is an IT Manager at a mid-sized tech startup in Toronto. He's been in the tech industry for over 15 years and has seen it evolve rapidly. Mike is responsible for overseeing the company's IT infrastructure, ensuring everything runs smoothly, and troubleshooting any issues that arise. He's constantly looking for tools that can simplify his work, improve efficiency, and ensure compliance with IT regulations. He values solutions that are robust, scalable, and offer good value for money. Mike is tech-savvy and always on the lookout for the latest trends and tools in the industry.

Mike needs a solution that can help him:

  • Manage large volumes of log data from various sources
  • Easily monitor and troubleshoot any issues in the company's IT infrastructure
  • Generate detailed reports to make informed decisions and ensure the smooth operation of the company's systems
CIO Catherine

CIO Catherine

Catherine is a Chief Information Officer (CIO) at a large manufacturing firm in Vancouver. She has a vast experience of over 25 years in the IT field, with a focus on the manufacturing industry. Catherine is responsible for the company's IT strategy and ensuring that the company's IT systems support its business objectives. She's interested in solutions that can provide comprehensive reports, help with IT compliance, and can be easily integrated with the company's existing systems. Catherine is a strategic thinker and values data-driven decision-making.

Catherine needs a solution that can help her:

  • Monitor and analyze log data
  • Ensure compliance with various IT regulations
  • Integrate with the company's existing systems to streamline operations and support the company's business objectives
Network Administrator Naomi

Network Administrator Naomi

Naomi is a Network Administrator at a prestigious university in Montreal. She's been working in the education sector for over 10 years. Naomi is responsible for managing and maintaining the university's network infrastructure. She's looking for a solution that can help her manage and analyze large volumes of log data, identify potential issues before they become problems, and ensure the university's IT systems are compliant with relevant regulations. Naomi is detail-oriented and values efficiency and reliability in her work.

Naomi needs a solution that can help her:

  • Manage and analyze the university's network log data
  • Identify potential issues before they become problems
  • Ensure the university's IT systems are compliant with relevant regulations
	IT Director David

IT Director David

David is an IT Director at a consulting firm in Calgary. He has over 20 years of experience in the IT field, with a focus on project management. David is responsible for overseeing the firm's IT projects and ensuring they're delivered on time and within budget. He's interested in solutions that can provide detailed insights into the firm's IT systems, help with project management, and ensure IT compliance. David is a problem-solver and values innovation and effectiveness in his work.

David needs a solution that can help him:

  • Get detailed insights into the firm's IT systems
  • Manage IT projects effectively
  • Ensure IT compliance
MSSP Manager Maria

MSSP Manager Maria

Maria is a Managed Security Service Provider (MSSP) in Ottawa. She's been working in the IT services industry for over 15 years. Maria is responsible for providing her clients with top-notch security services. She's looking for a solution that can help her manage and analyze her clients' log data, provide detailed reports, and ensure her clients' IT systems are compliant with various regulations. She values solutions that are scalable and can be customized to meet her clients' specific needs. Maria is a leader and values customer satisfaction and excellence in her work.

Maria needs a solution that can help her:

  • Manage and analyze her clients' log data
  • Generate detailed reports for each client
  • Ensure her clients' IT systems are compliant with various regulations
  • Provide top-notch security services

FAQs

Q: What is ManageEngine EventLog Analyzer?
A: ManageEngine EventLog Analyzer is a comprehensive log management solution that allows you to collect, monitor, and analyze logs from your IT infrastructure. It also helps you comply with various IT regulatory mandates, making IT compliance management easy and efficient.

Q: What are the key features of ManageEngine EventLog Analyzer?
A: Key features include centralized log collection and archival, log search-based reports, compliance reports, log forensic analysis capabilities, multi-geographical location monitoring (Distributed Edition), and rebranding of the web client for client-specific views (Distributed Edition).

Q: How does ManageEngine EventLog Analyzer help with IT compliance?
A: ManageEngine EventLog Analyzer provides compliance reports that help you meet the requirements of various IT regulatory mandates. These reports can be easily generated and exported for audit purposes.

Q: What are the different editions of ManageEngine EventLog Analyzer?
A: ManageEngine EventLog Analyzer is available in three editions: Free, Premium, and Distributed. Each edition offers a different set of features and supports a different number of log sources, catering to different business needs and budgets.

Q: How does the Free Edition of ManageEngine EventLog Analyzer differ from the Premium and Distributed Editions?
A: The Free Edition supports up to 5 log sources and includes centralized log collection, archival, log search-based reports, and compliance reports. The Premium and Distributed Editions support more log sources and additional features, with the Distributed Edition offering capabilities for a scalable environment and multi-geographical location monitoring.

Q: Can ManageEngine EventLog Analyzer be deployed in the cloud?
A: Yes, ManageEngine EventLog Analyzer can be deployed both on-premise and in the cloud, providing flexibility based on your organization's needs.

Q: Who are some of the customers of ManageEngine EventLog Analyzer?
A: ManageEngine EventLog Analyzer is trusted by over 10,000 customers worldwide, including industry leaders like Infosys, IBM, Siemens, Accenture, Michigan State University, and Panasonic.

Q: Is there a trial version of ManageEngine EventLog Analyzer available?
A: Yes, a free 30-day trial of ManageEngine EventLog Analyzer is available. You can download it to evaluate the product's features and see if it meets your needs.

Q: Who should I contact for support with ManageEngine EventLog Analyzer?
A: For support with ManageEngine EventLog Analyzer, you can reach out to the ManageEngine support team.

Hardware

Log management solutions are resource-intensive and selecting the right hardware plays a major role in ensuring optimal performance.

The following table denotes the suggested hardware requirements based on the type of flow.

  Low Flow Normal Flow High Flow
Processor cores 6 12 24
RAM 16 GB 32 GB 64 GB
IOPS 150 750 1500 *
Disk space 1.2 TB 3 TB * 4 TB *
Network card capacity 1 GB/s 1 GB/s 10 GB/s
CPU Architecture 64-bit 64-bit 64-bit
Note:
  • The above-mentioned values are approximate. It is recommended to run a test environment similar to the production environment with the setup details mentioned in the above table. Based on the exact flow and data size, the system requirements can be fine-tuned.
  • For higher IOPS, we can use RAID or SSD.

Use the following table to determine the type of flow for your instance.

Log type Size (in Bytes) Category Log Units
Low Flow (EPS) Normal Flow (EPS) High Flow (EPS)
Windows 900 Windows 300 1500 3000
Linux, HP, pfSense, Juniper 150 Type 1 Syslogs 2000 10000 20000
Cisco. Sonicwall, Huaweii, Netscreen, Meraki, H3C 300 Type 2 Syslogs 1500 6000 12000
Barracuda, Fortinet, Checkpoint 450 Type 3 Syslogs 1200 4000 7000
Palo Alto, Sophos, F5, Firepower, and other syslogs 600 Type 4 Syslogs 800 2500 5000
Note:
  • A single-installation server can handle either a maximum of 3000 Windows logs or any of the high flow values mentioned for each log type in the above table.
  • For log types which are not mentioned in the above table, choose the appropriate category based on the log size. For example, in the case of SQL Server logs when the byte size is 900 bytes, and EPS is 3000, it should be considered as High Flow.
  • If the combined flow is higher than what a single node can handle, it is recommended to implement distributed setup.
  • It is recommended to choose the next higher band if advanced threat analytics and a large number of correlation rules have been used.

General Recommendations:

VM infrastructure

  • Allocate 100 percent RAM/CPU to the virtual machine running EventLog Analyzer. Sharing memory/CPU with other virtual machines on the same host may result in RAM/CPU starvation and may negatively impact EventLog Analyzer's performance.
  • Employ thick provisioning, as thin provisioning increases I/O latency. In case of VMware, Select Thick provisioned, eagerly zeroed as lazily zeroed is lower in performance.
  • Enabling VM snapshots is not recommended as the host duplicates data in multiple blocks by increasing reads and writes, resulting in increased IO latency and degraded performance.

CPU & RAM:

  • Server CPU utilization should always be maintained below 85% to ensure optimal performance.
  • 50% of server RAM should be kept free for off-heap utilization of Elasticsearch for optimal performance.

Disk:

  • Disk latency greatly affects the performance of EventLog Analyzer. Direct-attached storage (DAS) is recommended on par with the throughout of an SSD with near-zero latency and high throughput. An enterprise storage area network (SAN) can be faster than SSD.

Web browsers

EventLog Analyzer has been tested to support the following browsers and versions with at least a 1024x768 display resolution:

  • Internet Explorer 11 and Edge
  • Firefox 4 and later
  • Chrome 8 and later

Databases

EventLog Analyzer can use the following databases as its back-end database.

Bundled with the product

  • PostgreSQL

External databases

  • Microsoft SQL 2012 & above

Please note the hardware requirements needed to configure the MS SQL database for EventLog Analyzer:

RAM CPU IOPS Disk space
8GB 6 300-500 300-500 GB

Operating systems

EventLog Analyzer can be installed in machines running the following operating systems and versions:

  • Windows 7 & above, and Windows Server 2008 & above
  • Linux: Red Hat 8.0 and above/all versions of RHEL, Mandrake/Mandriva, SUSE, Fedora, CentOS, Ubuntu, Debian

Installation server

  • SIEM solutions are resource-intensive. It is recommended to provide a dedicated server for their optimal performance.
  • Eventlog Analyzer uses Elasticsearch. Elasticsearch process is expected to utilize off-heap memory for better performance. Off-heap memory is maintained by the operating system and will free up when necessary.

Additional Elasticsearch Node Recommendations:

Hardware Minimum Recommended
Base Speed 2.4 GHz 3 GHz
Core 12 16
RAM 64 64
Disk Space 1.2 TB 1.5 TB
IOPS 1500* 1500*

Compare Editions

  • Pricing in USD.
  • Quotes in CAD also available.

Free Edition

Starting at: $0
  • Supports up to 5 log sources only
  • Never expire
    • Centralized log collection and archival
    • Log search based reports
    • Compliance reports
    • Log forensic analysis capabilities

Premium

Starting at: $595
  • Supports up to 1,000 log sources only
  • Never expire
    • Centralized log collection and archival
    • Log search based reports
    • Compliance reports
    • Log forensic analysis capabilities

Distributed

Starting at: $2,495
  • Supports 50 to unlimited log sources
  • Includes all features of premium edition and supports
    • Scalable environment
    • Distributed central-collector architecture
    • Multi-geographical location monitoring
    • Site-specific reports
    • Rebranding of the web client for client-specific views
ct

Try EventLog Analyzer
for 30 Days for Free!

Download the on-premises version now.

6810-104 St Edmonton, AB
Canada T6H 2L6
info@optrics.com
TF: Edmonton Local: 780-430-6240 | Toll-Free: 1-877-430-6240
Direct: 780.430.6240

 
About Us

Optrics is your Canadian ManageEngine Partner specializing in all ManageEngine and Zoho software products.

Pricing / availability may change without notice. Prices in USD. Registered Logos / Trademarks displayed are property of their owners.