Collect it. Mine it. Report on it. Those are the key functions of log data analysis, and Prism Microsystems eases them all with version 6.0 of its EventTracker log manager. New features include a distributed collection architecture to enable use in geographically dispersed organizations, advanced data mining and report generation, and support for XML and Windows 2003 event formats.
We tested EventTracker in our Syracuse University labs and came away impressed; Prism's entry is on par with log management and analysis products we've tested from LogLogic, Q1 Labs, and Splunk.
Some features are impressively simple. Take agent deployment on Windows servers--just find hosts, point, click, and shoot. The agent installs and starts sending events back to the collector. Adding syslog hosts is just as easy.
Distributed event log collectors, called collection points, are EventTracker servers that forward events to a master collection server on a schedule. Event files are compressed, reducing the data transmitted over a WAN. And because EventTracker is licensed by the number of reporting servers, not by collector or management station, you can build your log collection system as needed without worrying about increasing costs.