Strengths: One of the best network log analysis tools we’ve seen.
Weaknesses: None that we found.
Verdict: Top-end network analysis tool. This one gave our Best Buy a strong run for its money, but still we rate it Recommended.
SummaryThis is a serious log analysis tool. It covers all the bases that you need to cover for network forensics. The appliance contains all of the features you would expect in a SIM, plus the ones you need for managing log evidence. Its log management program allows long-term archiving of log contents. In a forensic environment, you would save the raw logs in a chain of custody and perform all analysis on LogRhythm’s archived data, never taking the chance of corrupting actual evidence.
The LogRhythm appliance is easy to setup and deploy. Since it is watching the network all the time in its role as a log correlator and analyzer, it will have everything you need to perform network forensics. It has the ability to take data from most types of logs found on a network. Additionally, its universal database log adapter allows it to gather logs from most types of database systems. This is a major forensic benefit.
If we were to pick a single feature that characterizes high performance for the forensic capabilities of this product it would be the Log Miner. This function provides multiple, innovative ways to view log data from multiple sources. The displays tell a story very quickly leading to drill-downs that access exactly what you are looking for. Newly improved handling of log metadata adds to the high performance.
LogRhythm provides good documentation to meet the needs of both administrators and end-users. The product comes with all user, administrator and appliance manuals to make operations and deployment straightforward. The supplied admin guide contains deployment and management documentation, as well as “how to” examples to assist users from start to finish. The documentation is well laid out and easy to follow with good examples and script code.
Support offers users the options of web, email, and phone support. Also, LogRhythm offers a support portal that includes specific resources to assist customers in troubleshooting problems. To round out the list, other available services offered by LogRhythm are deployment and implementation planning, custom configuration, training and managed services.
Starting at $20,000, this is a very good value, even if all you want it for is forensics. If you plan to implement the LogRhythm appliance as a full featured SIM, it’s an even better deal.