Prism Microsystems EventTracker 6.3
EventTracker delivers essential log management and analysis but does combining it with systems monitoring, change management and USB access controls complicate things?
For syslog monitoring we told our switches and security devices to use the EventTracker system as their log destination and we could see from the dashboard that it was receiving this data. We could also see events coming in about logins to monitored systems, hard disks with minimal free space, registry changes, software installs and removals and so on.
We would recommend a reasonably speedy system for EventTracker as it can be quite tedious waiting for it to fill the dashboard with all events for the selected category. The dashboard itself can't be filtered but you do get a slick log search facility, which offers basic and advanced options.
There are plenty of predefined event categories provided but you can create custom ones and decide on the event severity, event and log type plus the ID and search strings. These settings make EventTracker quite versatile as you can create a category to cover almost any type of alert and device. You have, for example, preconfigured categories for Cisco PIX devicesm, where you can watch out for a range of events such as authentication failures, intrusion detection and changes of privileges.
The Reports console provides an absolute heap of predefined reports, which includes well over 200 for PCI-DSS auditing alone. There's SOX and HIPPA too but if that's not enough you also get a wizard to help create custom on-demand and scheduled reports. There's more, as the WhatChanged module keeps you posted on changes to monitored systems such as critical system changes or files and registry keys being added, deleted or modified.
Pricing starts low with the Small Business Edition costing 3,115 and licensed to monitor ten systems. Move up to fifty monitored systems and the price jumps to 12,466 and going up to support for 100 devices pushes this to nearly 22,000.
If you're in the market for a point solution that focuses purely on log data management then take a closer look at LogRhythm, which costs less for the same number of log sources. However, that's all it does so if you want the extra system monitoring and change management tools plus USB access controls then EventTracker is a worthy candidate.
There’s a lot going on with EventTracker and as such it presents a steep learning curve. However, once we’d made it over the hill we found it very capable of making sense of the immense amount of information that log sources are capable of generating. It is more costly that point solutions but the extra cash gets you very good reporting facilities along with system and change monitoring plus USB access controls.
EventTracker Manager: Windows 2000 and above.
EventTracker Windows Agent: Windows 2000 and above.
EventTracker Solaris Agent: Solaris 9 and 10
In This Article
Choosing a collaboration platform
Eight questions every IT leader should askDownload now
Performance benchmark: PostgreSQL/ MongoDB
Helping developers choose a databaseDownload now
Customer service vs. customer experience
Three-step guide to modern customer experienceDownload now
Taking a proactive approach to cyber security
A complete guide to penetration testingDownload now