The LogRhythm appliance is easy to setup and deploy. Since it is watching the network all the time in its role as a log correlator and analyzer, it will have everything you need to perform network forensics. It has the ability to take data from most types of logs found on a network. Additionally, its universal database log adapter allows it to gather logs from most types of database systems. This is a major forensic benefit.
If we were to pick a single feature that characterizes high performance for the forensic capabilities of this product it would be the Log Miner. This function provides multiple, innovative ways to view log data from multiple sources. The displays tell a story very quickly leading to drill-downs that access exactly what you are looking for. Newly improved handling of log metadata adds to the high performance.
LogRhythm provides good documentation to meet the needs of both administrators and end-users. The product comes with all user, administrator and appliance manuals to make operations and deployment straightforward. The supplied admin guide contains deployment and management documentation, as well as “how to” examples to assist users from start to finish. The documentation is well laid out and easy to follow with good examples and script code.
Support offers users the options of web, email, and phone support. Also, LogRhythm offers a support portal that includes specific resources to assist customers in troubleshooting problems. To round out the list, other available services offered by LogRhythm are deployment and implementation planning, custom configuration, training and managed services.
Starting at $20,000, this is a very good value, even if all you want it for is forensics. If you plan to implement the LogRhythm appliance as a full featured SIM, it’s an even better deal.