|
Log Management is typically used to streamline compliance audits, enhance security posture, and adhere to service level agreements. Effective log management requires broad event collection, efficient storage and straightforward analysis of large amounts of log data. ArcSight Logger uniquely addresses those challenges along with simplicity in deployment and management, small to enterprise scale, and elimination of tradeoffs between performance and efficiency.
By leveraging the event normalization abilities of ArcSight Connectors, ArcSight Logger can manage and report on log data from hundreds of types of commercial products. It can also easily manage raw events in syslog or other formats based on customer preference.
Many customers capture logs for compliance reporting, and so efficient storage is important. ArcSight Logger can store an effective 35 TB of log data on a single appliance, and can also be deployed to work with SAN-based storage. In either case, ArcSight Logger provides a variety of means to ensure audit-quality log data storage.
A key differentiator for ArcSight Logger is the ability to drill down from alerts and reports directly to the source events behind each alert and report. As a result, customers using ArcSight Logger enjoy the ability to perform "forensics on the fly", without the need to run new reports to understand why an alert occurred. The benefit is faster response and less time spent researching alerts. High performance search and reporting can reduce hours of manual effort down to minutes or seconds, but too many solutions deliver analysis performance only by compromising collection rates and storage efficiency. Only ArcSight offers Log Management without compromising performance or efficiency!
Alerts and reports can be presented through a personalized portal, or sent to other systems such as email or SNMP consoles. Through ArcSight Compliance Reporting modules, customers gain the benefit of best practices for specific regulations, packaged as pre-built rules, reports, alerts, and dashboards.
ArcSight Logger appliances are available in a range of performance options and price points for organizations of any size. Specialized configurations, such as the ArcSight PCI Logger, offer all-in-one turnkey appliance for collection, storage, and pre-packaged audit content for small merchants to jumpstart their PCI initiative with minimal effort. Large distributed organizations benefit from the ability to scale collection and storage layers across remote locations and data centers.
 ArcSight Logger
Appliance Specifications*
| Model | L3000 & L3000-PCI | L5100-SAN | L7100s | L7100x |
| Management |
Web browser, CLI |
|
Supported Sources
|
• Raw Syslog (TCP/UDP), Raw File based logs (FTP, SCP, SFTP)
• Analysis optimized collection for 275+ commercial products
• FlexConnector framework for legacy event sources
• ArcSight CEF (Common Event Format), ArcSight ESM |
| OS |
CentOS Linux |
Oracle Enterprise Linux |
CentOS Linux |
| Compression |
Up to 10:1 |
| Devices |
200 |
Unrestricted |
500 |
Unrestricted |
| Max EPS |
2,000 |
75,000 |
5,000 |
100,000 |
|
CPU
|
1 x Dual Core Intel Xeon 3050 |
2 x Quad Core Intel Xeon E5405 |
2 x Quad Core Intel Xeon E5405 |
|
RAM
|
4GB |
8GB |
8GB |
| Storage |
2 x 750 GB - RAID1 |
External - SAN |
6 x 750GB - RAID 5 |
| Chassis |
1U |
1U |
2U |
|
Power
|
260 W - Non-Redundant 100 – 240 VAC |
2 x 670 W - Redundant 100 – 240 VAC |
2 x 750 W - Redundant 100 – 240 VAC |
| Ethernet Interfaces |
2 x 10/100/1000 |
2 x 10/100/1000 |
2 x 10/100/1000 |
| Host Bus Adapter |
Not Applicable |
Emulex LPe 11002
2 x 4 Gigabit |
Not Applicable |
| Dimensions (DxWxH) |
22.6" x 16.8" x 1.7" |
29.6" x 16.8" x 1.7" |
29.3" x 17.5" x 3.4" |
Actual performance will depend on factors specific to a user’s environment
|
ArcSight Log Management Suite
Getting It Right! Best Practices in Selecting a Log Management Solution That’s Right for You