The art of log management

Industry analysis by Beth Schultz, plus the latest news headlines.

Network devices hold a wealth of information in their logs.

And such log data can help network managers track compliance and security policies with real-time and historical records of access and activity on the devices. Log data can also provide a window into the cause of performance problems and help network managers make changes to networks, systems and applications that streamline operations.

Yet considering the number of logs spit out across an enterprise network, log management can represent an arduous manual task that even when completed provides little insight into what the data in the logs actually means. For that reason, management and security vendors provide log management capabilities and even some vendors such as LogLogic built a business around the art of log management and continues to get funding for its technology.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Network devices hold a wealth of information in their logs.

And such log data can help network managers track compliance and security policies with real-time and historical records of access and activity on the devices. Log data can also provide a window into the cause of performance problems and help network managers make changes to networks, systems and applications that streamline operations.

Yet considering the number of logs spit out across an enterprise network, log management can represent an arduous manual task that even when completed provides little insight into what the data in the logs actually means. For that reason, management and security vendors provide log management capabilities and even some vendors such as LogLogic built a business around the art of log management and continues to get funding for its technology.

The company recently updated its flagship product with new levels of analytics in LogLogic 4's Log Data Warehouse. The product, which comes packaged on an appliance, can now collect data from any log source without requiring network managers to do any coding work. In this release, LogLogic 4 includes a playback feature -- likened to TiVo -- that lets network managers select a block of data and bring it back online to perform business analysis against it.

"The multi-dimensional analytics provide search and indexing capabilities, reporting and alerting, and data categorization and automated reporting features," says Dominique Levin, LogLogic vice president of product management and business development. The analysis also includes pre-packaged taxonomy-based reports that allow network managers to "drill down on collected log data through the lens of common activities including identity and access management, user activity monitoring, change and configuration management, and continuity and availability management," she says.

This release also provides open log sharing via Web services and service-oriented architecture (SOA) API with a SOAP/XML interface that simplifies the log sharing process. "People have built compliance and risk dashboards and we can use our open log services API to publish data to those that can be shared with reports with auditors," Levin says.

The company offers a real-time collection and reporting appliance as well as a storage appliance. LogLogic 4 is available now and pricing begins at $25,000 for the base unit.

Separately, netForensics this week rounded out is security management suite with a log data management tool.

The company says it developed a log management tool to help customers more easily collect, consolidate and store enterprise security and systems log data. The tool, nFX Log One, gathers data from syslog servers and devices, looking for information the operator has earmarked as important. The product then digitally signs and archives the data, which provides a complete trail for audit or forensics work in the future, the company says.

"Log One is targeted at companies that need log analysis capabilities that might not want to roll out a full-blown security threat analysis log management system," says Tracy Hulver, vice president of marketing and product management at netForensics.

Schultz is a longtime IT journalist. You can email her or find her here.