Log management review: NitroSecurity NitroView ESM and ELM
NitroSecurity combines a wealth of log management functionality with outstanding versatility in graphs and viewsFollow @rogeragrimes
Unlike the other products in this review that combine log management and event management functionality, NitroSecurity wraps the two feature sets in two separate appliances. Because NitroSecurity's NitroView Enterprise Log Manager (ELM) data is viewable only through a linked NitroView Enterprise Security Manager (ESM), my review of its log management functionality required testing both appliances.
NitroSecurity sent me the 3U NitroView ESM 5000 (Model 5750), which combines an event receiver, log analysis, network analysis, SIEM functions, and console, and the 1U NitroView ELM 2000 (Model 2250), the log receiver appliance.
The orange-faced NitroSecurity appliances run Linux. Equipped with dual power supplies and multiple fans, the ESM was the loudest product of this review. Taking a phone call in the near vicinity was difficult, but the noise will not be a problem in most data centers.
The initial install was fairly easy and didn't require a locally attached keyboard or mouse. Simply put in the (required) static IP address information through the external LCD control buttons and log on via HTTPS. After logging on for the first time, it was just as easy to link the two appliances together.