I just saw that this product was now available and I just happened to have been at a demo for Arcsight this week.
How does this compare to that product with the link to Arcsight solutions brief http://www.arcsight.com/collateral/briefs/ArcSight_SolutionBrief_LoggerITOps.pdf
We were very intersted it the capabilities of the arcsight logger and products but did not like the fact that we needed to run Snare on our servers to grab the logs or run a connector to send the logs to that and then to the logger appliance and then off to another aplliance for more functionality. I was aware of Solarwinds purchase of Trigeo and wanted to know what Solarwinds was going to do with that product but by the price below I am not sure of the value to what I get in comparison.
I was just trying to get a quote from the Solarwinds site and for the LEM2500 the quoted price is below is that actual? Seems a bit steep when watching the Youtube video it didn't seem to be worth that much.
1 5607 - SolarWinds Log & Event Manager LEM2500 (up to 2500 nodes) - License with 1st Year Maintenance $99,995 $99,995
Quote Total $99,995 <--- Jaw dropping price tag there.
|Qty||Product ID / Description||Unit List Price||Sub-Total|
|1||5607 - SolarWinds Log & Event Manager LEM2500 (up to 2500 nodes) - License with 1st Year Maintenance||$99,995||$99,995|
ArcSight Logger is a narrower solution than LEM. Logger is much more focused on log collection and search with some alerting capabilities, while LEM is a more holistic solution that includes log collection and storage along with correlation, alert/response, and other features that are more akin to things you see in the full ESM (though much easier to use).
LEM also has a native agent, not Snare, and it is not polling-based, it pulls directly from the Windows Event API to receive the events in real-time and forward them to the appliance. We've actually seen cases in the field where events weren't logged to disk (due to failing hardware) but were posted to the API, and thereby to LEM for response/notification (whereas something like Snare/Lasso or a WMI-based polling tool would not). This agent also provides USB device file/process monitoring and the ability to do responses (detach USB device, restart service, enable/disable accounts, etc) at the system level.
As a SIEM, we parse and categorize the data, presenting it in real-time and also storing for search. You can search both this data and the original log data in a flexible, drag and drop search builder - rather than just being presented with a big ol search box and having to type your own queries. A search box is handy if you know exactly what you're looking for - or live and breathe logs - but log data isn't always as straightforward as we'd wish, so you end up following threads and building complex search logic that we make easier.
So, to sum up: Logger is a narrower solution, going after pure log management (think more like Splunk, which is really what that data sheet is comparing itself to). Most of our customers need more than just to store and search logs - they need to use that information to empower the IT organisation to troubleshoot, respond to issues in real-time, and help meet compliance initiatives. It's the same person with 10 different jobs, and they need one tool to do it.
The youtube doesn't quite do the features justice. To be fair, you should probably get a tour of LEM.
Pricing, well, I'll leave that discussion to sales. 🙂
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.