Tripwire Log Center
Strengths: Stores raw unfiltered log data for easy analysis.
Weaknesses: Requires integration with Tripwire Enterprise to get the most functionality.
Verdict: An integral part of a Tripwire implementation.
SummaryTripwire Log Center is more than just a place for collecting logs. This product does indeed collect logs, but after the logs are collected and correlated, the Log Center offers real-time event alerting based on custom-made rules that can be easily configured. This product also features the ability to store raw and unfiltered log data for forensic purposes.
We found this tool to be quite simple to install and configure. The initial installation takes just a few minutes and is guided by a setup wizard. This wizard not only helps install the product, but also aids in setting up devices and logs to monitor, so that when installation is complete a base configuration is already in place.
While this product packs some solid log correlation and management features on its own, it also can be integrated with Tripwire Enterprise for added functionality. Once integrated with Enterprise, it becomes easy to correlate events side-by-side with system changes for an even more detailed picture on how an event occurred and whether it was malicious activity or just a standard operation.
Documentation included installation and user guides, both in PDF format. We found both guides to include clear, step-by-step instructions, as well as a number of screen shots and examples.
Tripwire offers standard and premium support as part of an annual agreement.
Tripwire Log Center costs about $7,000 for the console itself and around $130 per device, which can become quite pricey for some environments. Although Log Center does offer some solid functionality, it would also require the purchase of Tripwire Enterprise to get all the bells and whistles.