Log management review: NitroSecurity NitroView ESM and ELM

NitroSecurity combines a wealth of log management functionality with outstanding versatility in graphs and views

Unlike the other products in this review that combine log management and event management functionality, NitroSecurity wraps the two feature sets in two separate appliances. Because NitroSecurity's NitroView Enterprise Log Manager (ELM) data is viewable only through a linked NitroView Enterprise Security Manager (ESM), my review of its log management functionality required testing both appliances.

NitroSecurity sent me the 3U NitroView ESM 5000 (Model 5750), which combines an event receiver, log analysis, network analysis, SIEM functions, and console, and the 1U NitroView ELM 2000 (Model 2250), the log receiver appliance.

The orange-faced NitroSecurity appliances run Linux. Equipped with dual power supplies and multiple fans, the ESM was the loudest product of this review. Taking a phone call in the near vicinity was difficult, but the noise will not be a problem in most data centers.

The initial install was fairly easy and didn't require a locally attached keyboard or mouse. Simply put in the (required) static IP address information through the external LCD control buttons and log on via HTTPS. After logging on for the first time, it was just as easy to link the two appliances together.

NitroSecurity NitroView: Rich features, rich GUI

The NitroView console is based upon Adobe Flex, the open source, Flash-based rich Internet application framework, and NitroSecurity uses Flex's adaptability to the nth degree in this product line. The vendor claims that Flex allows the interface and results returned to be as snappy with many millions of records as it is with a few thousand, but testing this claim was not part of my review.

The default console is attractive if a bit busy, but also incredibly useful. The left side of the main console contains the source tree. Where you click on the tree determines which devices and event sources you end up querying and configuring. The right side of the console contains the filter window, which displays active filters for particular views. The downside of the feature-rich GUI is that it's among the most complicated I've used. I was often referring to help files to assist with options the first time around.

12378743815344.png
12391381375840.png
12804285655097.png
12372119206773.png
12355113543399.png
Test Center Scorecard
 
 40%20%20%20% 
NitroSecurity NitroView ESM 5750 and ELM 225010899

9.2

Excellent

1 2 3 Page 1
Page 1 of 3