SolarWinds Log & Event Manager is one of the most popular SIEMs on the market today - and with good reason. It is virtual, easy to use and verbose. SolarWinds includes agents to get detailed logs of different operating systems, hardware, network devices and applications, and includes the ability to parse through syslogs.
Setup involves simply downloading an open virtual appliance (OVA) and deploying it to a hypervisor. After that, we put agents on the machines we wanted to monitor - on Windows, this was pressing the next button, keying in the IP or hostname of the Log & Event Manager, and it just works.
The solution aggregates syslogs, as well as having agents available for many common utilities, such as MS SQL and OSs like Debian or Windows. In many cases, it includes agents that allow for an almost zero setup syslog client. SolarWinds has parsers available for a large number of syslog types as well, and we found it could extract useful information from every syslog device in our environment. While most SIEMs allow users to write their own syslog parser, it was nice to see one that had agents for most everything we wanted and included parsers easily available for everything we needed.
SolarWinds makes it easy to look though large numbers of logs with visual, drag-and-drop filters, as well as offering the capability to search. It has a tree map, allowing a user to quickly and easily see things that may stand out in their environment. It also has a word cloud, which is a unique and interesting way to show keywords that appear frequently.
Real-time remediation is one of its selling points. On a computer with the agent installed, blocking IPs, disabling networking, force logging off, killing processes and sending messages to the user are all a click away. File integrity monitoring is quick and easy to set up, and scheduling searches and emailing the results at a time interval are both useful and allow the admin to look for events.
The documentation is some of the best we've seen, available in PDF form with step-by-step examples or, even better, much of it is available through videos, something that can make hard tasks seem easy if done correctly.
As well, the company has one of the best support options we've encountered, 24/7 unlimited phone and email support for the first year included with the product. SolarWinds has an active forum community, largely due to its popularity, and low price, which greatly helps with any potential problems.
SolarWinds is a great value for the money. It is one of the least expensive SIEMs in the market and does not sacrifice quality anywhere in the process. It would be a great product for IT staff on a budget, or a business that involves many endpoints. The only factor that diminishes our assessment of this tool is its lack of unique features. - BJ