The Ultimate Solution for Security Log Management and Network Device Auditing
In the ever-evolving digital world, the importance of effective security log management and network device auditing cannot be overstated. ManageEngine EventLog Analyzer is your comprehensive solution for all your log management needs. Trusted by over 10,000 customers, including industry leaders like Infosys, IBM, and Siemens, EventLog Analyzer is the gold standard in security log management.
Why Choose ManageEngine EventLog Analyzer?
Real-Time Security Log Management
EventLog Manager Dashboards
Network Device Auditing
Application Log Analysis
Server Log Management
Security Event Management
Awards and Recognitions
Trusted by the Best
Ready to Take the Next Step?
Don't compromise when it comes to your security log management and network device auditing. With ManageEngine EventLog Analyzer, you get a solution that is robust, feature-rich, and trusted by industry leaders. It's time to take control of your logs like never before.
Get Started Today:
- Download a Free 30-Day Trial: Experience the power of ManageEngine EventLog Analyzer firsthand. Try it free for 30 days.
- Request a One-on-One Demo: Let our experts guide you through the features and benefits of EventLog Analyzer, tailored to your specific needs.
- Have Questions? Our team is here to assist you. If you have any inquiries or need a customized quote, reach out to us.
Your security log management excellence awaits. Elevate your security posture and gain actionable insights with ManageEngine EventLog Analyzer. Join the ranks of industry leaders who have harnessed the power of EventLog Analyzer to transform their organizations. It's time to unlock your log management excellence.
Get a Free Trial and see how EventLog Analyzer can help!
Your Role
IT Manager Mike
Mike is an IT Manager at a mid-sized tech startup in Toronto. He's been in the tech industry for over 15 years and has seen it evolve rapidly. Mike is responsible for overseeing the company's IT infrastructure, ensuring everything runs smoothly, and troubleshooting any issues that arise. He's constantly looking for tools that can simplify his work, improve efficiency, and ensure compliance with IT regulations. He values solutions that are robust, scalable, and offer good value for money. Mike is tech-savvy and always on the lookout for the latest trends and tools in the industry.
Mike needs a solution that can help him:
CIO Catherine
Catherine is a Chief Information Officer (CIO) at a large manufacturing firm in Vancouver. She has a vast experience of over 25 years in the IT field, with a focus on the manufacturing industry. Catherine is responsible for the company's IT strategy and ensuring that the company's IT systems support its business objectives. She's interested in solutions that can provide comprehensive reports, help with IT compliance, and can be easily integrated with the company's existing systems. Catherine is a strategic thinker and values data-driven decision-making.
Catherine needs a solution that can help her:
Network Administrator Naomi
Naomi is a Network Administrator at a prestigious university in Montreal. She's been working in the education sector for over 10 years. Naomi is responsible for managing and maintaining the university's network infrastructure. She's looking for a solution that can help her manage and analyze large volumes of log data, identify potential issues before they become problems, and ensure the university's IT systems are compliant with relevant regulations. Naomi is detail-oriented and values efficiency and reliability in her work.
Naomi needs a solution that can help her:
IT Director David
David is an IT Director at a consulting firm in Calgary. He has over 20 years of experience in the IT field, with a focus on project management. David is responsible for overseeing the firm's IT projects and ensuring they're delivered on time and within budget. He's interested in solutions that can provide detailed insights into the firm's IT systems, help with project management, and ensure IT compliance. David is a problem-solver and values innovation and effectiveness in his work.
David needs a solution that can help him:
MSSP Manager Maria
Maria is a Managed Security Service Provider (MSSP) in Ottawa. She's been working in the IT services industry for over 15 years. Maria is responsible for providing her clients with top-notch security services. She's looking for a solution that can help her manage and analyze her clients' log data, provide detailed reports, and ensure her clients' IT systems are compliant with various regulations. She values solutions that are scalable and can be customized to meet her clients' specific needs. Maria is a leader and values customer satisfaction and excellence in her work.
Maria needs a solution that can help her:
FAQs
Q: What is ManageEngine EventLog Analyzer?
A: ManageEngine EventLog Analyzer is a comprehensive log management solution that allows you to collect, monitor, and analyze logs from your IT infrastructure. It also helps you comply with various IT regulatory mandates, making IT compliance management easy and efficient.
Q: What are the key features of ManageEngine EventLog Analyzer?
A: Key features include centralized log collection and archival, log search-based reports, compliance reports, log forensic analysis capabilities, multi-geographical location monitoring (Distributed Edition), and rebranding of the web client for client-specific views (Distributed Edition).
Q: How does ManageEngine EventLog Analyzer help with IT compliance?
A: ManageEngine EventLog Analyzer provides compliance reports that help you meet the requirements of various IT regulatory mandates. These reports can be easily generated and exported for audit purposes.
Q: What are the different editions of ManageEngine EventLog Analyzer?
A: ManageEngine EventLog Analyzer is available in three editions: Free, Premium, and Distributed. Each edition offers a different set of features and supports a different number of log sources, catering to different business needs and budgets.
Q: How does the Free Edition of ManageEngine EventLog Analyzer differ from the Premium and Distributed Editions?
A: The Free Edition supports up to 5 log sources and includes centralized log collection, archival, log search-based reports, and compliance reports. The Premium and Distributed Editions support more log sources and additional features, with the Distributed Edition offering capabilities for a scalable environment and multi-geographical location monitoring.
Q: Can ManageEngine EventLog Analyzer be deployed in the cloud?
A: Yes, ManageEngine EventLog Analyzer can be deployed both on-premise and in the cloud, providing flexibility based on your organization's needs.
Q: Who are some of the customers of ManageEngine EventLog Analyzer?
A: ManageEngine EventLog Analyzer is trusted by over 10,000 customers worldwide, including industry leaders like Infosys, IBM, Siemens, Accenture, Michigan State University, and Panasonic.
Q: Is there a trial version of ManageEngine EventLog Analyzer available?
A: Yes, a free 30-day trial of ManageEngine EventLog Analyzer is available. You can download it to evaluate the product's features and see if it meets your needs.
Q: Who should I contact for support with ManageEngine EventLog Analyzer?
A: For support with ManageEngine EventLog Analyzer, you can reach out to the ManageEngine support team.
Hardware
Log management solutions are resource-intensive and selecting the right hardware plays a major role in ensuring optimal performance.
The following table denotes the suggested hardware requirements based on the type of flow.
Low Flow | Normal Flow | High Flow | |
---|---|---|---|
Processor cores | 6 | 12 | 24 |
RAM | 16 GB | 32 GB | 64 GB |
IOPS | 150 | 750 | 1500 * |
Disk space | 1.2 TB | 3 TB * | 4 TB * |
Network card capacity | 1 GB/s | 1 GB/s | 10 GB/s |
CPU Architecture | 64-bit | 64-bit | 64-bit |
- The above-mentioned values are approximate. It is recommended to run a test environment similar to the production environment with the setup details mentioned in the above table. Based on the exact flow and data size, the system requirements can be fine-tuned.
- For higher IOPS, we can use RAID or SSD.
Use the following table to determine the type of flow for your instance.
Log type | Size (in Bytes) | Category | Log Units | ||
---|---|---|---|---|---|
Low Flow (EPS) | Normal Flow (EPS) | High Flow (EPS) | |||
Windows | 900 | Windows | 300 | 1500 | 3000 |
Linux, HP, pfSense, Juniper | 150 | Type 1 Syslogs | 2000 | 10000 | 20000 |
Cisco. Sonicwall, Huaweii, Netscreen, Meraki, H3C | 300 | Type 2 Syslogs | 1500 | 6000 | 12000 |
Barracuda, Fortinet, Checkpoint | 450 | Type 3 Syslogs | 1200 | 4000 | 7000 |
Palo Alto, Sophos, F5, Firepower, and other syslogs | 600 | Type 4 Syslogs | 800 | 2500 | 5000 |
- A single-installation server can handle either a maximum of 3000 Windows logs or any of the high flow values mentioned for each log type in the above table.
- For log types which are not mentioned in the above table, choose the appropriate category based on the log size. For example, in the case of SQL Server logs when the byte size is 900 bytes, and EPS is 3000, it should be considered as High Flow.
- If the combined flow is higher than what a single node can handle, it is recommended to implement distributed setup.
- It is recommended to choose the next higher band if advanced threat analytics and a large number of correlation rules have been used.
General Recommendations:
VM infrastructure
- Allocate 100 percent RAM/CPU to the virtual machine running EventLog Analyzer. Sharing memory/CPU with other virtual machines on the same host may result in RAM/CPU starvation and may negatively impact EventLog Analyzer's performance.
- Employ thick provisioning, as thin provisioning increases I/O latency. In case of VMware, Select Thick provisioned, eagerly zeroed as lazily zeroed is lower in performance.
- Enabling VM snapshots is not recommended as the host duplicates data in multiple blocks by increasing reads and writes, resulting in increased IO latency and degraded performance.
CPU & RAM:
- Server CPU utilization should always be maintained below 85% to ensure optimal performance.
- 50% of server RAM should be kept free for off-heap utilization of Elasticsearch for optimal performance.
Disk:
- Disk latency greatly affects the performance of EventLog Analyzer. Direct-attached storage (DAS) is recommended on par with the throughout of an SSD with near-zero latency and high throughput. An enterprise storage area network (SAN) can be faster than SSD.
Web browsers
EventLog Analyzer has been tested to support the following browsers and versions with at least a 1024x768 display resolution:
- Internet Explorer 11 and Edge
- Firefox 4 and later
- Chrome 8 and later
Databases
EventLog Analyzer can use the following databases as its back-end database.
Bundled with the product
- PostgreSQL
External databases
- Microsoft SQL 2012 & above
Please note the hardware requirements needed to configure the MS SQL database for EventLog Analyzer:
RAM | CPU | IOPS | Disk space |
---|---|---|---|
8GB | 6 | 300-500 | 300-500 GB |
Operating systems
EventLog Analyzer can be installed in machines running the following operating systems and versions:
- Windows 7 & above, and Windows Server 2008 & above
- Linux: Red Hat 8.0 and above/all versions of RHEL, Mandrake/Mandriva, SUSE, Fedora, CentOS, Ubuntu, Debian
Installation server
- SIEM solutions are resource-intensive. It is recommended to provide a dedicated server for their optimal performance.
- Eventlog Analyzer uses Elasticsearch. Elasticsearch process is expected to utilize off-heap memory for better performance. Off-heap memory is maintained by the operating system and will free up when necessary.
Additional Elasticsearch Node Recommendations:
Hardware | Minimum | Recommended |
---|---|---|
Base Speed | 2.4 GHz | 3 GHz |
Core | 12 | 16 |
RAM | 64 | 64 |
Disk Space | 1.2 TB | 1.5 TB |
IOPS | 1500* | 1500* |
Compare Editions
- Pricing in USD.
- Quotes in CAD also available.
Free Edition
- Supports up to 5 log sources only
-
Never expire
- Centralized log collection and archival
- Log search based reports
- Compliance reports
- Log forensic analysis capabilities
Premium
- Supports up to 1,000 log sources only
-
Never expire
- Centralized log collection and archival
- Log search based reports
- Compliance reports
- Log forensic analysis capabilities
Distributed
- Supports 50 to unlimited log sources
-
Includes all features of premium edition and supports
- Scalable environment
- Distributed central-collector architecture
- Multi-geographical location monitoring
- Site-specific reports
- Rebranding of the web client for client-specific views