Current Filter: Security>>>>>>

   

Its agent-less architecture also means it's easier to deploy and its modest system requirements allow it to be hosted on a low-cost Windows PC.

MEA supports plenty of log sources, including Windows, Unix and Linux systems, Oracle and SQL Server databases, VMware, apps such as Apache and IIS web servers, and literally hundreds of switches and routers. It can also be customised to specific requirements, as it can parse any unencrypted, human-readable data source.

The file integrity check feature does require a small 5MB Windows agent installed on monitored systems, but this allows MEA to keep a close eye on critical data. It can send out alerts, if file attributes are changed or they are viewed, created, modified or deleted, and audit trails show which users were responsible.

We swiftly installed the Standalone version on a Windows Server 2012 R2 host, using the one-click install option, which loads it as a single Windows service. The intuitive MEA web interface opens with a customisable dashboard of graph widgets, providing a breakdown of all log events over the selected time period.

We tested with a range of Syslog-enabled storage appliances and HP ProCurve switches, which MEA auto-discovered and added to the console. Our Windows Server 2008 R2 with Hyper-V, Server 2012 R2 and Windows 8 test systems needed RPC, DCOM and WMI enabled, but, if this is a security issue, you can use the agent instead. Our hosts were swiftly added to the console, as MEA scans workgroups or domains and lists all discovered systems.

Custom groups make for easier host management - and monitoring intervals as often as ten minutes can be assigned to each one. Selecting a group shows all members accompanied by a breakdown of event types, which can be drilled down into for more information.

Integrating applications isn't so easy, as their logs must be imported into the MEA server. This can be done locally on the MEA host via HTTP/HTTPS or retrieved from remote systems using FTP/FTPS.

For file monitoring, you select a host on which you want it enabled and MEA pushes the agent to it. Templates can be used for multiple hosts where the same location is being monitored and dashboard graphs keep you posted on all file activity.

Log interrogation features are excellent, as you can use the console's top search bar for fast results or the Advanced section for more complex queries, using wild-cards, phrases, Boolean operators, groups and ranges. Reporting tools are equally good, as, along with a range of canned reports, you can create custom ones; and MEA also provides a full set of regulatory compliance reports for FISMA, PCI, HIPAA, SOX, and GLBA.

Alerts can be issued on any log event, making it easy to keep abreast of network and security issues. Using profiles, alerts can be linked to predefined, custom, compliance-related, application or file monitoring events and notifications sent by email, SMS or via another program.

Logs can be easily managed, as MEA provides full archiving facilities where you specify an interval and retention period, and elect to have the files securely encrypted and time stamped. The console displays a list of all archives for each host, which can be loaded up, searched and exported.

ManageEngine's EventLog Analyzer may be one of the lowest cost SIEM products we've yet seen, but it doesn't disappoint for features. Its one-click installation and agent-less architecture make it one of the easiest to deploy as well.

Product: ManageEngine EventLog Analyzer
Supplier: ZOHO Corporation
Tel: 0800 028 6590
Web site: www.manageengine.com
Price: Professional Edition/25 hosts - £ 1,211