Log Management Gains Momentum

News that unauthorized government workers illegally accessed passport files of candidates Clinton, Obama, and McCain, and that UCLA medical personnel snooped in Britney Spears' medical files earlier this month was no surprise to some industry sources -- in fact, it was welcome news.

"It was actually good news, because we could see log management doing its job," says Dominique Levin, VP of products, marketing and business development at LogLogic, a provider of log management products.

Levin and others claim that while the saving and perusal of log files has been standard security and IT procedure for many years, growth has blown out the doors in the last couple of years. Some predict this will be a $1 billion market by 2010. Levin says her company, which sells log management appliances and services through partners to enterprise customers, grew more than 100 percent last year. The six-year-old firm now has over 400 customers, of which 160 signed on in 2007 alone.

One customer, Northwestern Memorial Hospital in Chicago, is typical: The Healthcare Insurance Portability Accountability Act (Hipaa), like numerous other regulations worldwide, mandates that organizations track and save log files associated with patient records. This means gathering logs from multiple devices, such as firewalls; storing them in a searchable, central repository; and using the data to prompt alerts about network performance as well as security.

Use of a product from LogLogic streamlined all this. "In the past, to analyze logs manually after getting the data from our former database would take 180 to 240 minutes. The same job can now be done in less than 10 minutes," said Asad Syed, a senior security analyst with Northwestern, in a prepared statement.Many more enterprises and mid-sized firms are spending $25,000 to more than $200,000 for software, appliances, or services from vendors like LogLogic or its competitors, including ArcSight, Prism Microsystems, and RSA, via its Envision technology. AdventNet, LogRhythm, and NetForensics also compete in this space. HP has a product. And Symantec introduced a Log Management Service in December 2007.

Most products in this segment are focused on delivering more than log file management, although some are tied to earlier security or performance-monitoring wares. "Most people want multiple functions for their money," says A. N. Ananth, CEO and co-founder of Prism Microsystems. His company, which Ananth says is growing by over 50 percent annually, competes in midrange accounts by offering performance monitoring and downtime prediction as a value-add to log file management. He says customers can typically get payback on their Prism wares within a year, thanks to cost savings in faster troubleshooting and availability on top of security and compliance.

Since the primary focal point is the server in any log file management endeavor, storage gear plays a bit part in many scenarios, according to Levin and Ananth. Still, compliance calls for the reliable archiving of log data, which is no doubt good news for storage firms.

"Storage products are required to keep the actual information and ensure that it's there and that no one has touched it," Ananth says. "But really, it's the critical servers that are important.

That means virtualized servers as well -- another consideration for log file management. "Quite a few customers are using virtualization. As you get more discrete server and log sources, there is more of a need for automation and oversight," says LogLogic's Levin.In spite of the emphasis on servers -- virtual or otherwise -- it's likely that storage vendors involved in data archiving and/or search will start looking more closely at this space. Log file management is, after all, closely tied to a range of other data protection functions. Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.