mag72

13 Best Event Log Monitor Tools for Analyzing SIEM

best event log monitor and siem tools and software

Event logging has two distinct halves, both of which are invaluable to maintaining a smooth and reliably functioning environment. One half is troubleshooting – whenever there's an issue the event log is, bar none, the best place to look to ferret out exactly where the problem lies. Just as important as repairing, however, is prevention! Accurate monitoring and real-time analysis of event logs can provide clues to upcoming problems well before they strike. Even strict regulatory needs, such as HIPAA, can be carefully monitored and audited using event logs. There's almost no part of a computer environment that cannot be better maintained or, when the time comes, repaired than with the avid use and management of event logs.

Event logging is not a thorn without its rose, and that's why Event Log Management tools and programs are powerful. Systems, both client and server, generate a huge number of events, and it's incredibly easy for the useful information to be completely lost in the signal to noise ratio; there's quite a lot of noise. Too often important information can be lost in the sea of superfluous errors without the help of management software to sift through it all.

On the software-focused side of things, event logging is incredibly useful when applications just aren't cooperating with the user. Whether it's a program faulting on a client machine, in which cause the event log will quickly point you to the offending DLL or other failure point, or an unhappy Exchange server that isn't transmitting the way you'd expect, at which point the event log will get you zeroed in quickly on where to put your troubleshooting efforts.

Ultimately event logs tend to be just too unwieldy and time consuming to peruse in their raw state. That's where Event Log Management makes any technician's life, and job, easier – software that can quickly, intelligently, and reliably make the proverbial needle in a haystack search far easier while simultaneously monitoring in real-time for hints of issues to come.

SolarWinds Event Log Consolidator / Manager – Download FREE Version

SolarWinds Event Log Consolidator and Manager for SIEM

SolarWinds has a two-part offering for handling event logs. The Event Log Consolidator is completely free and can be considered a light version of the more robust Manager. It can view logs across multiple Windows systems and even filter the logs by ID as well as patterns in the event data – not a huge amount of functionality, but for freeware, not just a free trial, it does an excellent job!

The Log & Event Manager, which does have a free trial, has all the same features as the Consolidator but also much more! It can store and asses historical log data, send alerts via email based on log data or triggers to help predict and prevent upcoming problems, and correlate data from devices across your network, even security devices! In that same vein, it can assure that compliance is met via scheduling automated audits to keep security concerns on lockdown.

Price: Event Log Consolidator is completely Free, Log & Event Manager is $4495+
Download link: http://www.solarwinds.com/products/freetools/event-log-consolidator.aspx

LogFusion

logfusion screenshot

LogFusion is somewhat basic in what it does, but it does it in a way that's clean and concise. It handles text based log dumps, event logs, remote logging, and even event and remote event channels as well! The free version has much of the same features as the licensed versions, but many of the convenience and ease-of-use features are locked from free, such as search-as-you-type filtering, customizable columns, tabbed interface, and other more quality-of-life based functionality.

Price: Free version is available, Pro version also available starting as low as $9 per license
Download link: https://www.logfusion.ca/Download/

Netwrix Event Log Manager

netwrix auditor for siem

The Netwrix Event Log Manager can be considered a simpler and light version of their Auditor software. The Log Manager is freeware and handles all the basic needs such as consolidation of events from an entire network in a single place for review, real-time e-mail alerting of critical events, some limited amount of alert criteria filtering, and some archiving ability (limited to one month.) A larger network of systems or one where security and prompt alerting are key would have a hard time getting by on the freeware version alone, however.

Price: Freeware, Netwrix also has a trial for a more robust Auditor software for event logs
Download: http://www.netwrix.com/event_log_archiving.html

Splunk

splunk log monitoring and siem

Splunk is a log management program which does a great job encapsulating data from an entire range of devices across a network. It also has the ability to be expanded via add-ons and plugin apps to increase its already powerful core functionality! Splunk is also unusually flexible by merit of being able to work fully on-site, hybrid on-site/cloud, or fully in a cloud environment to ease remote management, all while scaling excellently all the way from small offices to multiple datacenters!

Price: Free
Download: http://www.splunk.com/en_us/solutions/solution-areas/log-management.html

WhatsUpGold

whatsupgold event logging gui

This software boasts a powerful amount of automation above all else – it tries to do as much of the thinking, consolidating, archiving, and other leg work for you. Its focus is heavily upon network log management and viewing but it also has excellent logging capabilities for Windows events as well. Also includes real-time monitoring capabilities with expansive abilities to filter and analyze gathered logs from consolidated network data.

Price: 30 day free trial, must request quote for pricing information but cheaper license in the $1,700+ range for enterprise

Download: https://www.ipswitch.com/application-and-network-monitoring/log-management

Tripwire Log Center

tripwire log managment center

TripWire's Log Center is focused more on the security-minded with tools that excel at identifying and responding to threats while swiftly assuring that all devices and traffic meet proper compliance, even for the most strict regulatory needs! This software is less of an all encompassing tool and is more of a precision one for making sure that your environment is compliant and secure, and helps assure that by merit of extensive backup and protection features on top of log management and analysis.

Price: Free demo on website, must request quote for pricing information but ballparks in the $7,000 range for the core with additional cost per server/desktop monitored
Download: http://www.tripwire.com/it-security-software/tripwire-log-center/

Quest InTrust

dell intrust

InTrust's aim is to help make managing large amounts of information in a broad environment easier and, ultimately, cheaper as well. It helps reduce storage and data management costs with intelligent compression and also has excellent features for auditing security practices to be certain regulatory needs are met. InTrust also has a broad ability to perform analysis on logged events on almost any scale.

Price: Free trial, must request quote for pricing information
Download: https://www.quest.com/products/intrust/

Veriato Server Manager

Veriato Server Manager

Previously under the moniker SpectorSoft, Veriato's Server Manager is a very cost effective tool, even at the enterprise level, that still offers much of the same power and versatility as some of the other options. It has a centralized management console for disk monitoring, log management, reporting and alerts. The program even boasts reports specifically for meeting HIPAA, PCA, and other tough regulatory guidelines that some software would shy away from.

Price: Free trial, 10 node perpetual license as low as $212.50
Download: http://www.veriato.com/products/veriato-server-manager

LogRhythm

log rhythm monitor

LogRhythm is a program that beautifully marries management of logs and events into a single smooth interface. It handles the gathering of log data from applications and databases alike from all sources available and even has automated archival and retrieval for searching. A great deal of the management aspect is fully automated, though still able to be manually adjusted as needed.

Price: Online demo available, must request quote for pricing information
Download: https://logrhythm.com/products/log-management/

SumoLogic

sumo logic monitoring

SumoLogic is somewhat unique in that it is a primarily cloud-based tool, which means that access need not be restricted by availability of a particular system or operating environment, and grants a great deal more freedom for a technician often traveling. One of its more unique features is that forensics are run as separate threads which can help to spread and isolate resource use in cloud space. Lastly, SumoLogic is intelligently segmented, meaning it's incredibly easy to add, and remove, whatever is necessary to have the perfect sized solution for supporting your environment without wasting resources.

Price: Free trial, also data-volume limited version freely available, price starts at $90 per 1GB/day, with an annual pre-pay of $108 on monthly billing; different pricing available for enterprise level
Download: https://www.sumologic.com/pricing/

EventTracker Log Manager

eventracker log manager

EventTracker's Log Manager goes beyond Windows and server logs and encompasses everything it can grab – Linux, Unix, Syslog, and Windows logs, which is goes deeper into than other programs by grabbing all the Security, Application, and Error logs for analysis. All of this ties up neatly with a powerful visual front end which fits perfectly the technician who works better with an interface littered with intuitive graphs and charts.

Price: Free trial, starting at $2,995 per year for 50 logged sources and 1000 events/second
Download: http://www.eventtracker.com/etlm/free-download.php

Logscape

logscape manager

Logscape is a somewhat specialized tool but it makes up for that by merit of being quite powerful. It has almost unlimited ability to visualize, analyze, and search log information of nearly any size, which is something that other programs start to slow down or balk at the prospect of doing! It's front-end is heavily customizable to make it easier to quickly glimpse the information that is only most pertinent to your needs.

Price: Free trial with daily data limit, must request quote for pricing information
Download: http://logscape.com/get.html

CorreLog

CorreLog SIEM Tool

CorreLog takes an approach focused more heavily on the real-time management aspect. The software carefully grabs and assesses every bit of event information as it happens and quickly brings to your attention things of concern. Coupled with a centralized control interface for managing and collecting data makes it a powerful piece of software. Most interestingly, CorreLog even boasts algorithms that self-learn, making it capable of gradually improving at the tasks it is assigned with regards to event management.

Pricing: Free trial, must request quote for pricing information
Download: https://www.correlog.com/download.html

Across any environment the amount of logged information is positively staggered – in smaller offices or lesser enterprise situations it may be possible for a capable team of technicians to stay on top of it all, but even then it's ultimately a waste of time. Having a solid solution for Event Management removes all the guess work and grunt work from sorting through the vast swathes of data, and powerful real-time analytics and forensics cannot be underestimated when it comes to keeping things running smoothly without dramatic outages or security flaws. Any environment lacking a reliable solution for keeping a close watch on Event Logs is one that is dangerously unaware of what trouble could already be brewing unseen.

Editors Rating

Overall