ManageEngine Log360 review: SIEM for all seasons

ManageEngine shows log management needn’t cost a king’s ransom

IT Pro Value
Price
£452 exc VAT per year (starting price)
  • Superb value
  • Easy to deploy
  • Huge range of logging and auditing features
  • Centralized management
  • Very responsive support staff
  • Host is very resource-hungry

Part of ManageEngine’s burgeoning product portfolio, Log360 delivers a complete SIEM (security information and event management) solution that’s priced right for SMBs and mid-sized organizations. It teams up a choice selection of ManageEngine’s IT security management products, amalgamates them into a single web console for easy access and offers optional add-on products to further enhance its efficacy.

The Log360 web site is a tad vague about what is actually included in the suite so we asked ManageEngine support to clarify. It advised us that the base Log360 suite includes ADAudit Plus, EventLog Analyzer, O365 (Office 365) Manager Plus and Log360 UEBA (user and entity behavior analytics).

Add-ons include Exchange Reporter Plus for on-premises mail server auditing and ADManager Plus, which adds a heap of Active Directory reporting tools. DataSecurity Plus also provides file server auditing and DLP (data leak prevention) while Cloud Security Plus collects and analyzes log data from AWS, Azure, Google Cloud and SalesForce.

ManageEngine Log360 review: Pricing and getting started

Prices for Log360 start at around £452 but costs will depend entirely on what you want to monitor. We requested a quote from ManageEngine for 1 domain controller, 5 Windows servers, 5 syslog sources, 100 workstations, 5 Windows file servers, 5 application auditing licenses, AD reporting, an Exchange server, UEBA and a single Office 365 tenant and it came back the next day with annual subscription cost of only £4,078.

Initial installation of the base Log360 suite is simple, as it’s handled by a single routine. We loaded in on a Windows Server 2019 Hyper-V VM logged in as a domain member, and the suite was ready to go in 20 minutes.

Each individual component has its own web console with a dedicated port number and Log360 provides a single pane of glass for accessing them all. If you install more components later on, you can add them to the main Log360 console by entering their host name and service port number.

We suggest adhering to the recommended host hardware specification as the minimum requirement is nowhere near enough - our VM initially had 2 CPU cores plus 8GB of memory and Log360 ate the lot. In fact, we weren’t happy with performance until we had assigned 8 virtual Xeon Scalable Gold cores and 32GB of memory to the Log360 VM.

ManageEngine Log360 review: ADAudit Plus and EventLog Analyzer

The Log360 console opens with dashboard status overviews of all components, and each one can be quickly accessed from the side bar. ADAudit Plus presents graphs for at-a-glance views of user logon failures, account deletion, modification and creation activities, logon failure error reasons, logon activity, account lockouts and password changes.

It offers access to hundreds of exportable reports on all manner of AD activity (and Azure AD if configured), while the Compliance tab provides reports on regulatory standards including SOX, PCI-DSS, HIPAA and, of course, GDPR. You can peruse activity on Windows, NetApp, Dell EMC and Synology file servers, use analytics to spot anomalous activity and choose when to archive logs for 24 different AD categories

EventLog Analyzer supports over 750 log sources so you can integrate data from your core servers, firewalls, routers, switches, databases, VMware and Hyper-V hypervisors, web servers, vulnerability scanners and endpoint security products. Logs are easily managed as it provides full archiving facilities, where you specify intervals and retention periods and elect to have the files securely encrypted and time-stamped.

Log interrogation features are outstanding; you can use the console’s top search bar for fast results or create more complex queries using wild-cards, phrases, Boolean operators, groups and ranges. Log data can be correlated from multiple sources and reporting tools include a range of canned reports plus a full set for GDPR compliance.

ManageEngine Log360 review: O365 Manager Plus and Log360 UEBA

O365 Manager Plus just required us to enter our tenant details and we could then use its customisable dashboard to view mail traffic, malware and spam activity, top senders or receivers, mobile users, mailbox quotas and much more. The usage view required ManageEngine’s RESTful API access to be enabled and then we could view our user’s OneDrive, Skype and Teams activities.

Reports are available for all Office 365 functions and range from mailboxes and mail traffic to all things related to users, groups, contacts, account security and registered Azure AD devices. Extensive auditing for both Exchange Online and Azure AD is only a few clicks away and logs older than a set number of days can be archived and password protected.

Log360 UEBA opens with an informative dashboard showing how many events have been ingested, anomalies detected, trends over time plus users and devices being tracked. Each user and entity is assigned a risk score based on their activities, which you can view from the relevant dashboard to see why they have been marked up for attention and generate detailed anomaly reports on areas such as failed logins, registry activities, firewall changes and even USB device usage.

ManageEngine Log360 review: Optional add-ons

If you have an on-prem Exchange server then Exchange Reporter Plus is well worth considering. Its main dashboard shows all inbound and outbound mail activity along with a traffic summary and a sidebar which highlights alerts you need to investigate. Extensive predefined reports tell you everything you need to know about your organisation’s email while the auditing section keeps you informed of any changes to your Exchange databases along with mailbox permissions and properties.

Another add-on that’s worth a look is ADManager Plus, as this takes AD reporting to a higher level. However, note that this is a cut down version for Log360 that doesn’t include the AD object management tools provided by the full standalone version.

ManageEngine Log360 review: Verdict

Businesses worried about GDPR compliance can rest easy with Log360 at their side as it delivers an excellent range of event log and security management tools. Best installed on a dedicated host, it neatly integrates everything into one central console, more components can be added as required and it’s all offered at a competition-thrashing price.

ManageEngine Log360 system requirements (recommended)

CPU

3GHz, 8 cores

Memory

16GB

Disk space

150GB

OS

Windows 7, Server 2012 R2 upwards

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021
Netmask flaw allows hackers to bypass server access controls
Network & Internet

Netmask flaw allows hackers to bypass server access controls

29 Mar 2021
Ericsson’s 5G Core Policy Studio simplifies network policy management
5G

Ericsson’s 5G Core Policy Studio simplifies network policy management

23 Mar 2021
Modern networking for the borderless enterprise
Whitepaper

Modern networking for the borderless enterprise

3 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021