ManageEngine Log360 review: SIEM for all seasons

ManageEngine shows log management needn’t cost a king’s ransom

IT Pro Value
Price
£452 exc VAT per year (starting price)
  • Superb value
  • Easy to deploy
  • Huge range of logging and auditing features
  • Centralized management
  • Very responsive support staff
  • Host is very resource-hungry

Part of ManageEngine’s burgeoning product portfolio, Log360 delivers a complete SIEM (security information and event management) solution that’s priced right for SMBs and mid-sized organizations. It teams up a choice selection of ManageEngine’s IT security management products, amalgamates them into a single web console for easy access and offers optional add-on products to further enhance its efficacy.

The Log360 web site is a tad vague about what is actually included in the suite so we asked ManageEngine support to clarify. It advised us that the base Log360 suite includes ADAudit Plus, EventLog Analyzer, O365 (Office 365) Manager Plus and Log360 UEBA (user and entity behavior analytics).

Add-ons include Exchange Reporter Plus for on-premises mail server auditing and ADManager Plus, which adds a heap of Active Directory reporting tools. DataSecurity Plus also provides file server auditing and DLP (data leak prevention) while Cloud Security Plus collects and analyzes log data from AWS, Azure, Google Cloud and SalesForce.

ManageEngine Log360 review: Pricing and getting started

Prices for Log360 start at around £452 but costs will depend entirely on what you want to monitor. We requested a quote from ManageEngine for 1 domain controller, 5 Windows servers, 5 syslog sources, 100 workstations, 5 Windows file servers, 5 application auditing licenses, AD reporting, an Exchange server, UEBA and a single Office 365 tenant and it came back the next day with annual subscription cost of only £4,078.

Initial installation of the base Log360 suite is simple, as it’s handled by a single routine. We loaded in on a Windows Server 2019 Hyper-V VM logged in as a domain member, and the suite was ready to go in 20 minutes.

Each individual component has its own web console with a dedicated port number and Log360 provides a single pane of glass for accessing them all. If you install more components later on, you can add them to the main Log360 console by entering their host name and service port number.

We suggest adhering to the recommended host hardware specification as the minimum requirement is nowhere near enough - our VM initially had 2 CPU cores plus 8GB of memory and Log360 ate the lot. In fact, we weren’t happy with performance until we had assigned 8 virtual Xeon Scalable Gold cores and 32GB of memory to the Log360 VM.

ManageEngine Log360 review: ADAudit Plus and EventLog Analyzer

The Log360 console opens with dashboard status overviews of all components, and each one can be quickly accessed from the side bar. ADAudit Plus presents graphs for at-a-glance views of user logon failures, account deletion, modification and creation activities, logon failure error reasons, logon activity, account lockouts and password changes.

It offers access to hundreds of exportable reports on all manner of AD activity (and Azure AD if configured), while the Compliance tab provides reports on regulatory standards including SOX, PCI-DSS, HIPAA and, of course, GDPR. You can peruse activity on Windows, NetApp, Dell EMC and Synology file servers, use analytics to spot anomalous activity and choose when to archive logs for 24 different AD categories

EventLog Analyzer supports over 750 log sources so you can integrate data from your core servers, firewalls, routers, switches, databases, VMware and Hyper-V hypervisors, web servers, vulnerability scanners and endpoint security products. Logs are easily managed as it provides full archiving facilities, where you specify intervals and retention periods and elect to have the files securely encrypted and time-stamped.

Log interrogation features are outstanding; you can use the console’s top search bar for fast results or create more complex queries using wild-cards, phrases, Boolean operators, groups and ranges. Log data can be correlated from multiple sources and reporting tools include a range of canned reports plus a full set for GDPR compliance.

ManageEngine Log360 review: O365 Manager Plus and Log360 UEBA

O365 Manager Plus just required us to enter our tenant details and we could then use its customisable dashboard to view mail traffic, malware and spam activity, top senders or receivers, mobile users, mailbox quotas and much more. The usage view required ManageEngine’s RESTful API access to be enabled and then we could view our user’s OneDrive, Skype and Teams activities.

Reports are available for all Office 365 functions and range from mailboxes and mail traffic to all things related to users, groups, contacts, account security and registered Azure AD devices. Extensive auditing for both Exchange Online and Azure AD is only a few clicks away and logs older than a set number of days can be archived and password protected.

Log360 UEBA opens with an informative dashboard showing how many events have been ingested, anomalies detected, trends over time plus users and devices being tracked. Each user and entity is assigned a risk score based on their activities, which you can view from the relevant dashboard to see why they have been marked up for attention and generate detailed anomaly reports on areas such as failed logins, registry activities, firewall changes and even USB device usage.

ManageEngine Log360 review: Optional add-ons

If you have an on-prem Exchange server then Exchange Reporter Plus is well worth considering. Its main dashboard shows all inbound and outbound mail activity along with a traffic summary and a sidebar which highlights alerts you need to investigate. Extensive predefined reports tell you everything you need to know about your organisation’s email while the auditing section keeps you informed of any changes to your Exchange databases along with mailbox permissions and properties.

Another add-on that’s worth a look is ADManager Plus, as this takes AD reporting to a higher level. However, note that this is a cut down version for Log360 that doesn’t include the AD object management tools provided by the full standalone version.

ManageEngine Log360 review: Verdict

Businesses worried about GDPR compliance can rest easy with Log360 at their side as it delivers an excellent range of event log and security management tools. Best installed on a dedicated host, it neatly integrates everything into one central console, more components can be added as required and it’s all offered at a competition-thrashing price.

ManageEngine Log360 system requirements (recommended)

CPU

3GHz, 8 cores

Memory

16GB

Disk space

150GB

OS

Windows 7, Server 2012 R2 upwards

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Paessler PRTG Network Monitor 19.4 review: Outstanding cloud monitoring
Network & Internet

Paessler PRTG Network Monitor 19.4 review: Outstanding cloud monitoring

29 Jan 2020
SolarWinds NPM 2019.4 review: A monitoring masterclass
Network & Internet

SolarWinds NPM 2019.4 review: A monitoring masterclass

23 Jan 2020
ManageEngine OpManager Plus 12.4 review: Ideal for VM monitoring
Network & Internet

ManageEngine OpManager Plus 12.4 review: Ideal for VM monitoring

21 Jan 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020