Strengths: Easy to deploy for smaller environments
Weaknesses: Device and log support is limited
Verdict: Good choice if it supports your environment
ManageEngine's EventLog Analyzer from Zoho is a little application that provides a lot of functionality. It takes an agentless approach to collecting and analysing machine-generated logs. It can collect and normalise event logs and machine data and make them available for analysis, searching, report generation and archive, all in an easy-to-use web-based interface.
We found installation to be just about as simple as it gets. The installation executable can be downloaded from the ManageEngine website. We ran it on one of our Windows servers, and after a short installation wizard we were up and running. The product itself is quite small and lightweight, so it can sit on almost any hardware. After this was complete, we were able to access the web-based management interface. We found this to be a little overwhelming at first, but after a few minutes of wandering around felt pretty comfortable using the controls.
Adding assets and log sources is quite easy and the product can scan an entire subnet, or devices can be added manually. In our Windows domain environment, we just had to provide administrator credentials and scan our subnet and we were collecting data in minutes. As for analysis, EventLog Analyzer features many charts and graphs in its default dashboard that provide a good overview of what is happening around the network. However, for a more detailed view, it comes preloaded with report templates, including many compliance-based reports, such as SOX, HIPAA, GLBA, PCI DSS and FISMA.
Documentation included a single help file that is built into the management interface itself. We found this to be quite detailed, but it actually felt more like an administrator guide. It included many screenshots, diagrams and step-by-step configuration and management instructions in a well-organised format. While we did not receive any other manuals, we found that this file did an exceptional job of providing the necessary information to configure and use the product.
Zoho ManageEngine provides no-cost support for the first 30 days of product use. After this, customers on the perpetual licence model must purchase support as part of a maintenance contract. Customers with a subscription model price have assistance included in their subscription cost. Customers receive email- and phone-based technical support, as well as access to a large online support area containing a knowledgebase, user forum, product video tutorials and documentation.
We found this product to be good value for the money. EventLog Analyzer provides some very solid SIEM functionality at a reasonable cost for smaller environments that want to get started with SIEM but cannot afford to invest in a full-scale product.