Strengths: Top value, very easy deployment, price includes PCI DSS compliance suite, complete range of predefined PCI reports and alerts
Weaknesses: Support and maintenance are additional costs
Verdict: LogLogic’s MX-Virtual delivers a sophisticated log management and PCI DSS compliancy package that’s remarkably good value
LogLogic specialises in log data management, and its latest MX-Virtual offers a low-cost entry point into the world of regulatory compliance. It looks a good choice for businesses on a tight budget that need to be PCI DSS-compliant, as the price includes LogLogic's PCI reporting and alerting package.
Versions are available for both VMware Workstation 6.5 and ESX Server 3.5 and above, and MX-Virtual is limited to accepting log data from a maximum of 40 devices. Log storage space is also restricted to 500GB, but it can retain log data securely for up to a year and makes the most recent 90 days worth of data available for real-time and scheduled reports.
Pricing starts at £1,829, and this includes LogLogic's standard log management features, its PCI compliancy suite member and a licence for five log data sources. For MX-Virtual to support the maximum 40 log sources, the price goes up to just over £15,000.
You will need to factor in support and maintenance as they are additional charges - starting at £2,436.
We found installation on our ESX Server 4.0 host system only took a few minutes as we just had to import the supplied OVA file and power up the virtual appliance. A quick-start guide ran through the assigning of a fixed IP address to the virtual appliance, and then we were ready to go.
MX-Virtual can start gathering data immediately as any system generating logs just needs to be pointed to the appliance's address. Automatic device identification is enabled by default, but you can turn this off if you want to validate which systems or devices the appliance is to receive data from.
It can handle an impressive range of data sources and supports syslog, syslog-ng, SNMP, logs via HTTP and HTTPS streams, FTP, SFTP, SCP, Windows drive mapping and JDBC connectors for database logs. The big advantage of this method is that it is agentless; it can gather information from any device that is capable of generating log data.
LogLogic claims it is the only log management vendor that can facilitate compliancy for VMware environments. MX-Virtual can receive log data from all virtual machines and core VMware functions including vSheild, vDirector and vSphere. This feature gives LogLogic a handle on cloud computing as it enables service providers to prove compliancy not just to auditors, but to their customers as well. The Log Labels feature allows all LogLogic appliances to handle log data from sources such as proprietary applications/devices.
The optional Universal Collector is aimed at heterogeneous networks and can gather data from a range of sources including bespoke applications running on Linux and Unix systems and the Windows Event Log. For geographically distributed networks, there is no need to have a LogLogic appliance at each site as the Universal Collector can send logs to a central appliance at scheduled intervals.
LogLogic's Lasso Enterprise is provided specifically for collecting data from Windows Event Logs; the software is loaded on a Windows system and configured to use MX-Virtual as its destination host. You then create event log providers for each Windows system you want to gather data from.
The web interface opens with quick links to reports, data searches and alerts. Dashboards provide detailed views of current and historical activity, and the system dashboard shows messaging throughput, VM CPU utilisation, virtual storage usage, alerts and the number and types of incoming messages.
My Dashboard provides a display of current activity and can be customised by creating widgets that link to report and search results, alerts and appliance performance. The data can be displayed as summaries, trend graphs and tables.
A real-time viewer shows all log messages as they come in, and filters can be applied to look for particular information. You can choose specific source devices and types, filter by severity rating and use phrases and expressions.
A general index search using expressions is also provided, and all previous searches are retained for further use. More than 30 predefined PCI-specific searches can be run on demand or at scheduled intervals, and the results exported to PDF, HTML or CSV formats.
Alerts are used to provide early warnings of unusual activity on the network or specific events. Rules use search filters that define what to look for and from which devices, and when triggered can send alerts by email and SNMP trap, or to a syslog server.
MX-Virtual includes predefined PCI reports that take the data from various real-time reports and present it in the appropriate format for a compliance report. Logs stored on the appliance are also digitally signed, so it can be proved they haven't been subsequently tampered with.
Businesses that store payment account data must comply with the PCI DSS, but the means of proving compliance can be expensive for smaller merchants. LogLogic's MX-Virtual looks an ideal entry point into compliancy as it provides everything affordably.