CorreLog Enterprise Server v5.4.0
April 25, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Lightweight, self-contained installation; extremely simple to get started with.
- Weaknesses: User interface is slightly primitive, but functional.
- Verdict: An excellent log capturing and correlation tool.
The product was delivered to us as a self-extracting zip file. Upon running the executable, the product was extracted to a folder and several Windows services were registered. The product is completely contained within the initial extraction folder. We did have to manually create firewall rules to allow TCP port 80 and UDP port 514 traffic in - as the product did not create those rules during installation - but, outside of that, installation was extremely simple. Once installation was complete, we pointed several log sources toward it and message information began appearing within the product's web interface.
A pure software solution, the tool's system requirements scale with the number of messages it receives. Each server can handle more than 2,000 messages per second, with support for bursts of up to 5,000 messages per second with no hard upper limit on the number of devices sending it data. It can easily function as a log collection agent - gathering data, filtering and forwarding that data to an upstream collector - making the product almost infinitely scalable. Besides accepting syslog data, the product will also accept SNMP traps, and it attempts to translate those messages into a more readable form making them easier to understand. Additionally, the offering extends the syslog protocol itself. It allows users to define their own facility codes or override existing codes enabling users to, for example, assign a higher severity code to a particular message than the original product vendor intended.
The solution comes with the redistributable Windows Tool Set, which adds syslog functionality to Windows servers. This enables the product to capture data from Windows Event Logs, as well as any streaming Windows log file - for example, IIS logs. Configurable alerting and customisable actions can be set up using several built-in functions, such as relaying data to an upstream collector or creating a ticket in the product's built-in ticketing system. Also, custom scripts can be triggered or executables launched, providing endless flexibility in creating automatic responses to captured log messages. Several flexible reporting options are also available.
Correlog provides good documentation for its product. A number of guides are available, including quick-start, administration and advanced correlation features guides, as well as a separate manual documenting the Windows Tool Set. Each document is distributed as a PDF, which is well detailed and organised with bookmarks, screen shots and diagrams where appropriate.
Correlog Enterprise Server starts at £3,020. One year of standard support (phone, email and web aid Monday through Friday six to 18:00 US EST) is included, and is priced at 20 per cent of the current list price afterwards. The premium upgrade (24/7 assistance) is 25 per cent of the current list price.
Prices are US-based, thus indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry