LogRhythm LR1000 XM
Strengths: Easy to use with strong reporting capabilities
Weaknesses: None that we found in this group test
Verdict: Powerful product with plenty of easy-to-use features, this one is our Best Buy
LogRhythm's LR1000 XM system is a powerful log aggregation tool available in hardware or software platforms, although the appliance is the most common deployment and the one we tested. It can collect information off a number of open and closed platforms including Unix system logs, Windows event logs and Cisco logs. Its search capabilities make it a powerful network forensic tool.
Collection can be done using customised agents on the monitored systems, giving an impressive range of systems it can monitor. It also has built-in features to assist with regulatory compliance. LogRhythm is capable of displaying an array of reports, from a general aggregated overview down to the individual events collected from logs. Many of the features are readily available and easy to use in a very clear and easy-to-analyse format.
The LogRhythm console starts up in a customisable interface with three main zones of focus: operational, security and audit events. The tail tool provides the ability to scan logs in near real-time for suspicious changes and the product features a digital fingerprinting system for authenticity verification. It can also analyse long-term trends with the one year of log data it stores by default. From almost any tool in the suite, you can quickly drill down to individual events.
The LR1000 XM appliance features dual quad-core Xeon CPUs and a Raid array stocked with drives to deliver top performance, even when handling large data sets. Setup was relatively painless.
Locating the documentation was a bit of a challenge, as it is solely available from LogRhythm's support site and covers all its products. The documentation itself is well-written and clear on what procedures need to occur for proper use and customisation.
The support system is top-notch, with setup assistance options and personable staff. LogRhythm can be easily reached on the phone, by email or using its help forum system. Starting at £12,600, depending upon which LR model you select, this product is very good value, especially considering its powerful network forensic capabilities.