Current Filter: Security>>>>>>

   

SolarWinds is challenging the establishment, as its Log & Event Manager (LEM) software offers a more affordable alternative.

LEM is available as a virtual appliance for both VMware and Hyper-V. This has the further benefit of reduced acquisition costs, as LEM's modest hardware requirements and log data compression techniques mean it can be deployed on an existing system.

Installation on a VMware ESXi 5.0 system was simple, with the supplied template deployed as a new VM in minutes. All you do next is ensure the VM has a static IP address and then it's over to the main LEM web console.

Naturally, you need all your devices sending Syslog and SNMP trap data to the LEM server, but you must configure connectors as well. These set LEM apart, as it can't log sources for which it doesn't have a connector.

The upside is that LEM includes hundreds of predefined connectors and SolarWinds can create custom ones for you. Another advantage is that LEM identifies log sources based on the Connector type, so can provide detailed information about them.

LEM also supports most common OSes, including Windows, Linux, Mac OS X, Solaris and AIX. These require an agent, which, for Windows, has a fairly large footprint, but does allow LEM to interact tightly with the OS and also enforce USB device polices.

The LEM console opens with the Ops Center dashboard, showing all the latest security events and alerts. It's easy to customise using the Widget Manager, and you can move each one around the console using drag and drop.

The Monitor page shows all alert activity as it happens and this is where LEM reveals its enterprise credentials, as it processes log data in real-time. On Windows systems running the agent, all events are sent from memory, even before they're written to the local Event Log, so LEM's responses are near instantaneous.

Filters refine the amount of alert data being shown and you can create custom filters for specific security incidents. Notifications can also be assigned to filters and include pop-up messages, sounds and causing the relevant filter to blink in the Monitor page.

LEM really comes into its own for event correlation. From the Build tab, you create groups of similar systems or devices and assign rules that carry out specific tasks when an event occurs. You can create rules from scratch or clone and modify any of the huge range of predefined rules included with LEM.

We found the process swift, as you choose from events, user groups, connector profiles, time periods and variables. After dragging them into the main correlation window, you assign a time period that determines when the rule is triggered.

Actions come next and LEM can carry out virtually any task you desire. A rule can be used to kill a process, stop a service, shutdown or reboot a system, disable a network port, log off a user, send out an email - the choice is yours.

Full reporting is handled by a separate utility that uses the LEM VM as its data source. The range of predefined reports is impressive and options are provided for creating regulatory compliance reports for industry standards, such as HIPAA, FISMA and PCI.

SolarWinds' pricing model for Log & Event Manager makes it a very affordable SIEM solution for SMEs. It may cost less than the competition, but it doesn't skimp on features and its smart real-time event correlation puts it up alongside many enterprise solutions.

Product: Log & Event Manager
Supplier: SolarWinds
Tel: 0800 028 6782
Web site: www.solarwinds.com
Price: Starts from £2,950 for 30 nodes