CorreLog Server is a web-based system that contains a multitude of SIEM capabilities. It includes a high-speed message collector, indexed search engine, extensible dashboard facility, reporting and ticket facilities and a correlation engine, all packed into an easy-to-use web application.
Installation is simple and it takes only a few minutes to get the application up and running. After this is complete all configuration and management is done through the web-based management console. We found this console to be easy to navigate and intuitive to use. It has a tab-top navigation structure that allows users to easily find data, manage devices and view reports.
This product includes some powerful tools for correlating and analysing system event logs, syslogs and SNMP trap data against built-in rules and alerts that can be easily customised to meet individual needs. CorreLog Server also has a well-indexed search capability that provides quick browsing of data to locate information by device, facility, severity or message keywords. Also included are many security compliance tools.
Documentation provided included several PDF manuals. The installation guide details how to get the server software itself up and running and how to integrate the product with devices to start collecting data. There is a user manual that provides an explanation of the features and screens. However, we found this manual to be more of a basic outline due to the lack of step-by-step instructions and the focus on brief explanations in bullet points. There are also several other guides that provide detailed customisation and advanced tool set information.
CorreLog provides 24/7 phone and email technical support as a part of a licensing agreement and an online support portal. This contains many resources, including access to training videos, extra documentation and software add-ons.
At a price of £4,000 we find CorreLog Server to be good value for the money. It can provide a good amount of log and data correlation, as well as compliance and security alerting all in one easy to manage product.