The MX 2010 provides a wide range of features. Aside from the expected log aggregating, LogLogic also provides very intuitive ways to manage a network. The MX combines the functionality of the LX model and the storage capacity of the ST model, giving users a one-year log retention length. The MX has a wide range of search features that allows the user to drill down through the logs to gather specific information.
Reports can pull together information from the logs to allow the user to view specific details - such as login attempts, traffic on specific ports or overall device use - including information on many features that are strong forensic capabilities. The system offers export features to PDF, CVS and HTML format for both the search results and the reports. It also provides a large number of customizable alerts for the company's needs.
The setup process for this tool is straightforward. Once you plug in, the documentation gives two options: setup via command line or remote setup via the internet. Following the simple instructions found in the startup guide allowed us to have the device up and running in 10 to 15 minutes. There was the option to set the time manually, or sync it with a server. An annoyance we found was that when we opted to manually set the time and date, the program constantly recommended that we synchronize with the server.
Documentation can be found on an included CD. While some of the PDFs were a little long, they were all detailed and easy to understand. Each PDF came with its own hyperlinked table of contents, and screen shots and diagrams.
LogLogic provided excellent phone support with very knowledgeable and helpful staff.
With a price tag of $35,000, we found this product to be a good buy for the money. We were impressed with its ease of use, quick setup out of the box, and the features it provided, especially those that relate specifically to network forensics.