1 Reply Latest reply on Jan 15, 2015 8:07 AM by curtisi

    LEM vs ManageEngine

    stevenjwilliams83

      I am looking for a Even Log application that will help me comply with PCI DSS compliance. I have not used LEM but have used ManageEngine AD Audit Plus. Can anyone compare and contrast the applications or just give me some good feedback on LEM on how it can be used for my environment to help me reach PCI DSS compliance?

       

      Here are some requirements/questions I have about the product:

       

      Requirements:

       

      2 general requirements for the IIS logs:

       

      1. web traffic reporting – this hasn't been used for the past few years because we use Google Analytics, although several browser add-ons allow suppressing Google Analytics so we don't actually log every web request.
      2. debugging individual calls from a specific IP address – Gus uses this feature on syslog01 frequently and extensively: when we see an exception in the GA online store, for example, and we do not know how to reproduce it, Gus will plug in the end-user's IP address into the syslog01 screen and track every page and action that the user performed.

        

      Questions:

       

      Can I retain logs for X number of years?

      What is the HA of this product?

      Does it use SQL Database?

      Can it be used to collect Network Device syslog messages?

        • Re: LEM vs ManageEngine
          curtisi

          As far as requirements, the LEM can parse and bring in data from IIS logs.  We have a stock report in the Reports console "Network Traffic Audit - Web Traffic by Source Machine" that can be customized with whatever end-user IP and show all accessed URLs for a time-span, so I think we can meet both requirements that you have.

           

          As for questions:

          Q: Can I retain logs for X number of years?

          A: Yes.  You set retention by balancing traffic against the size of the disk.  In Hyper-V 2012 and VMWare 5.5, the maximum disk size is 64TB, and the LEM can use a disk that size to retain data if required, though many customers are satisfied with the default 250GB disk size.  You can also setup tasks to roll data to a cold-store on another server instead of keeping it all in the actively-searchable database if that is preferred.

           

          Q: What is the HA of this product?

          A: The LEM is a virtual appliance, so we rely on your VM infrastructure to provide HA in the event of a system failure/disaster recovery.

           

          Q: Does it use SQL Database?

          A:  No, the LEM virtual appliance runs a proprietary database internally.  This architecture was chosen to address the auditing/compliance concern of companies potentially tampering with or altering the data they show auditors.  By setting up the database and running it internally, the end-user isn't granted rights or permissions to alter the database.  This allows auditors to trust reports and output from the LEM.

           

          Q: Can it be used to collect Network Device syslog messages?

          A:  Yes.  The list of supported products is constantly growing, but some segment of it can be found on the Solarwinds Website. (CTRL + F for "Data Sources")

          1 of 1 people found this helpful