Log Management is typically used to streamline compliance audits, enhance security posture, and adhere to service level agreements. Effective log management requires broad event collection, efficient storage and straightforward analysis of large amounts of log data. ArcSight Logger is a turnkey log management appliance that uniquely addresses these requirements for organizations of any size.
By leveraging the event normalization abilities of ArcSight Connectors, ArcSight Logger can manage and report on log data from hundreds of types of commercial products. It can also easily manage raw events in syslog or other formats, depending on customer preference.
Many customers capture logs for future compliance reporting purposes, and so effective storage is important. ArcSight Logger can store an effective 35 TB of log data on a single appliance, and can also be deployed to work with SAN-based storage. In either case, ArcSight Logger provides a variety of means to ensure audit-quality log data storage.
A key differentiator for ArcSight Logger is the ability to drill down
from alerts and reports directly to the source events behind each alert and report. As a result, customers using ArcSight Logger enjoy the ability to perform "forensics on the fly", without the need to run new reports to understand why an alert occurred. The benefit is faster response and less time spent researching alerts.
Alerts and reports can be presented through a personalized portal, or sent to other systems such as email or SNMP consoles. Through ArcSight Compliance Reporting modules, customers gain the benefit of best practices for specific regulations, packaged as pre-built rules, reports, alerts, and dashboards.
ArcSight Logger appliances are available in a range of performance options and price points for organizations of any size. Specialized configurations, such as the ArcSight PCI Logger, offer all-in-one turnkey appliance for collection, storage, and pre-packaged audit content for small merchants to jumpstart their PCI initiative with minimal effort. Large distributed organizations benefit from the ability to scale collection and storage layers across remote locations and data centers.
 ArcSight Logger
Appliance Specifications
| Model |
L3000 & L3000-PCI |
L5100-SAN |
L7100s |
L7100x |
| Management |
Web browser, CLI |
| Supported Sources |
• Raw Syslog (TCP/UDP)
• Raw File based logs (FTP, SCP, SFTP)
• Analysis optimized collection for 275+ commercial products
• FlexConnector framework for legacy event sources
• ArcSight CEF (Common Event Format)
• ArcSight ESM |
| OS |
CentOS Linux |
Oracle Enterprise Linux |
CentOS Linux |
CentOS Linux |
| Compression |
Up to 10:1 |
| Devices |
200 |
Unrestricted |
500 |
Unrestricted |
| EPS |
2,000 |
75,000 |
5,000 |
100,000 |
| CPU |
1 x Dual Core Intel Xeon 3050 |
2 x Quad Core Intel Xeon E5405 |
2 x Quad Core Intel Xeon E5405 |
2 x Quad Core Intel Xeon E5405 |
| RAM |
4GB |
8GB |
8GB |
8GB |
| Storage |
2 x 750 GB - RAID1 |
External - SAN |
6 x 750GB - RAID 5 |
6 x 750GB - RAID 5 |
| Chassis |
1U |
1U |
2U |
2U |
| Power |
Non-Redundant |
Redundant |
Redundant |
Redundant |
| Dimensions (DxWxH) |
22.6" x 16.78" x 1.7" |
29.56" x 16.78" x 1.68" |
29.31" x 17.5" x 3.4" |
29.31" x 17.5" x 3.4" |
|
Product Brief: ArcSight Logger
Log Management for Security Monitoring