LogLogic MX2010

Real time reports can be used to alert you to critical events. Filters are used to look for specific events and if triggered the MX2010 can send messages to a syslog server or via email and SNMP trap. Naturally, you’ll want to ensure only authorised users can access the log data and the extensive range of controls enables you to determine precisely what each user can see and do. Even the appliance itself can be audited, as it acts as its own logging source. Furthermore, if you have already have laid down compliancy reporting procedures LogLogic enables you to customise its reports with its XML and SOAP APIs

The review system was supplied with the PCI compliance suite preinstalled and this is accessed from a separate menu tab. Each suite collects data from a range of real time reports and produces the required compliance reports for you, thus avoiding the need to understand the regulations. For example, we created a PCI compliance report that showed all the password changes that occurred over a specific period for Windows servers. Once completed you can export them to HTML, PDF or CSV formats and simply hand them over to the auditor.

The MX2010 provides forensics facilities that can be used to interrogate the raw log data and if you’re looking for a particular event you can also show prior and post events to see what happened before and after the period of interest. Similar to Google, searches are indexed to improve performance and you can prove that logs haven’t been meddled with as the appliance digitally signs them on receipt.

You are more limited on what you can do with index searches as only the AND, OR and NOT terms can be used as filters. However, although the reports will take longer to run, LogLogic’s contextual analysis can glean far more information as it provides a wider range of expressions. Summary reports are useful for producing reports over longer time periods as these can reduce the amount of data being presented. All report types can be scheduled to run at regular times of the day and week and have their output emailed to designated users.

Businesses handling sensitive and personal information cannot afford to be slack with their security. However, it’s one thing to implement data protection standards and another to prove you’re adhering to them and for the latter Loglogic can do all the hard work for you with its impressive range of log data reporting tools and compliancy suites.

Verdict

With log management and analysis now an important part of regulatory compliance it pays to have a solution that can take the hard work out of preparing reports for auditors. The MX2010 isn’t the best value we’ve seen and the compliance suites will increase costs significantly so you may want to check out the alternative from LogRhythm, which comes with all the main reporting packages as standard. However, we did find the MX2010 extremely easy to deploy and capable of providing impressively detailed log reporting and forensics tools along with strong alerting facilities.