InTrust from Quest Software provides a server-based log collection and analysis tool for Windows and Linux/Unix systems, as well as syslogs, applications and databases. Right out of the box, this product can natively collect, correlate and analyze Windows event logs, as well as a few other common types of logs, such as custom device types.
We found this solution to be a reasonably simple install. The installation is guided by a wizard that will help not only in installing the product but also ensuring a proper database connection is made and all features are installed. At the completion of the wizard, all further configuration is done through the management console. When the console is run for the first time, a short getting-started wizard is shown, which helps get a base configuration in place to start collecting and analyzing logs.
This tool offers some robust functionality outside of log collection. The UserTrack capability allows for the collection of both user and administrator account access, and correlates them with other security events to provide a greater view of potential security risks. This functionality then uses real-time alerts to notify - through email or other monitoring programs - that suspicious activity has occurred.
Documentation included quick-start, installation and user guides, as well as several other pieces of supplemental documentation, all in PDF format. We found all documentation to be well-organized.
Quest Software includes the first year of standard support with the purchase of the product. After the first year, customers can purchase additional support by way of a contract.
At a price of $15 per enabled user and $995 per server, this product can be quite expensive for larger environments. We find InTrust to be an average value for the money as it does have some nice features, but overall cost of ownership can become pricey.