Strengths: Easy to use with strong reporting capabilities.
Weaknesses: None that we found.
Verdict: Powerful product with plenty of easy-to-use features, this one is our Best Buy.
SummaryThe LogRhythm LR-1000-XM system is a power log aggregation tool available in hardware and software platforms, although the appliance is the most common deployment and the one we tested. It can collect information off of a number of open and closed platforms, including Unix system logs, Windows event logs and Cisco logs. Its search capabilities make it a powerful network forensic tool.
Collection also can be done using customized agents on the monitored systems giving the product an impressive range of systems it can monitor. It also has built-in features to assist with regulatory compliance. LogRhythm is capable of displaying an array of reports from a general aggregated overview down to the individual events collected from logs. Many of the features are readily available and easy to use in a very clear and easy to analyze format.
The LogRhythm console starts up in a customizable interface with three main zones of focus: operational, security and audit events. The Tail tool provides the ability to scan logs in near real time for suspicious changes, and the product features a digital fingerprinting system for authenticity verification. It can also analyze long-term trends with the one year of log data it stores by default. With almost any tool in the suite that is accessible from the console, you can quickly drill down to individual events.
The appliance features dual quad-core Xeon CPUs and a RAID array [redundant array of independent disks] stocked with drives to deliver top performance even when handling large data sets. Despite warnings contained with the appliance, setup was relatively painless.
Locating the documentation was a bit of a challenge as it is solely available from LogRhythm's support site and covers the gamut of their products. The documentation itself is well-written and clear as to what procedures need to occur for proper use and customization.
The support system is top notch with setup assistance options and personable staff. LogRhythm can be easily reached on the phone, by email or using their help forum system. Starting at $20,000, depending on which LR model selected, this product is a very good value, especially considering its powerful network forensic capabilities.