Network Computingwww.networkcomputing.com

Log Management Gets SLIM

Posted by Mike Fratto, Editor
January 16, 2008

Tags: SEIM, SIM, event management, log aggregation, log analysis, log storage, security event management, syslog event log, Appliances, Consulting, Data Networking & Management, Data Protection, Database Management Services, Java, Linux, Load Balancing and Performance, Log, Network Management and Monitoring, Networking, Other, Remote Access Software, Remote Management, Security and Privacy, Servers & Storage, Software and Web Development, Storage Management Software, Storage Security, User Interface, WAN Optimization and Application Acceleration, Windows

Channel: Other, Networking & Mgmt, Servers & Storage, Data Protection, WAN & App Acceleration

The Upshot Q1 Labs' Simple Log and Information Management (SLIM) product adds event correlation to log management. It provides reports based on log data. The company says the product can help meet regulatory requirements that demand log retention and review. Q1 Labs is a security event management (SEM) company that's getting into the log management market with SLIM. Meanwhile, log management vendors such as Splunk and LogLogic are adding data mining features to their products. SLIM is best suited to correlation and reporting rather than data mining. SLIM uses the same underlying framework used by that Q1 Labs' SEM product, QRadar. The event correlation and report definitions are easy to set up. Defining parsing rules for messages can be difficult, but is on par with other log management products. QRADAR SLIM

Log management is a regulatory requirement and best practice. It has grown from simple aggregation and storage of logs to become another data resource that can be mined, trended and reported on.

Q1 Labs' Simple Log and Information Management—SLIM—platform stores logs from a variety of devices and can correlate events and create ad hoc and scheduled reports. The appliance is rated for 5,000 events per second; adding more devices increases this events-per-second ratio.

SLIM's event correlation feature can be useful for uncovering malicious or unwanted activity in real time and can be easily customized. It also includes report templates for regulations such as Sarbanes-Oxley and GLB. However, SLIM is not as agile with real-time data mining or arbitrary event data compared with products from Splunk or LogLogic, both of which create indexes of data as they stream from event sources. SLIM is a good fit for companies that want to automate report generation and event correlation from log data.

As tested, SLIM costs $24,000; the product ships with 2 terabytes of disk space, and raw data and indexes are compressed after two days, conserving space with minimal impact on searching. Splunk's commercial software starts at $5,000 for 500 MB of indexed data per day, and hardware typically runs to over $10,000 for a beefy server. Moreover, Splunk doesn't have SLIM's event correlation component. A more comparable product, LogLogic's LX 2010, lists for $28,000 plus an additional $14,999 for compliance and control suites. It has more robust archiving functions and powerful search capabilities.

Related Reading

More servers-storage Insights