Home : Networking : Reviews

Prism Microsystems EventTracker 6.3

By Dave Mitchell, 15 Jun 2009

Rating:

Price as reviewed:£3115 exc. VAT - for 10 devices

EventTracker delivers essential log management and analysis but does combining it with systems monitoring, change management and USB access controls complicate things?

Alerting is extensive as you can tie virtually any log event in with warnings and send messages via a choice selection of routes. You can sound the beeper or pop up a message on the EventTracker server, send an email, forward an SNMP trap, update an RSS feed and configure the agent and console to run remedial executables.

For syslog monitoring we told our switches and security devices to use the EventTracker system as their log destination and we could see from the dashboard that it was receiving this data. We could also see events coming in about logins to monitored systems, hard disks with minimal free space, registry changes, software installs and removals and so on.

We would recommend a reasonably speedy system for EventTracker as it can be quite tedious waiting for it to fill the dashboard with all events for the selected category. The dashboard itself can’t be filtered but you do get a slick log search facility, which offers basic and advanced options.

There are plenty of predefined event categories provided but you can create custom ones and decide on the event severity, event and log type plus the ID and search strings. These settings make EventTracker quite versatile as you can create a category to cover almost any type of alert and device. You have, for example, preconfigured categories for Cisco PIX devicesm, where you can watch out for a range of events such as authentication failures, intrusion detection and changes of privileges.

The Reports console provides an absolute heap of predefined reports, which includes well over 200 for PCI-DSS auditing alone. There’s SOX and HIPPA too but if that’s not enough you also get a wizard to help create custom on-demand and scheduled reports. There’s more, as the WhatChanged module keeps you posted on changes to monitored systems such as critical system changes or files and registry keys being added, deleted or modified.

Pricing starts low with the Small Business Edition costing £3,115 and licensed to monitor ten systems. Move up to fifty monitored systems and the price jumps to £12,466 and going up to support for 100 devices pushes this to nearly £22,000.

If you’re in the market for a point solution that focuses purely on log data management then take a closer look at LogRhythm, which costs less for the same number of log sources. However, that’s all it does so if you want the extra system monitoring and change management tools plus USB access controls then EventTracker is a worthy candidate.