Log management review: NitroSecurity NitroView ESM and ELM
NitroSecurity combines a wealth of log management functionality with outstanding versatility in graphs and views
Columnist, InfoWorld |
The product's central selling point is that multiple graphs and displays of data can be easily set out side-by-side, and the dozens of views can be highly customized. Admins will have no problem choosing what they want to see in a single view, and adding new charts and data views is a snap. Graphs and data in a single view can be related and synchronized, or completely unrelated -- it's your choice. Clicking on any point in one of the context-sensitive graphs updates any related graphs.
Any data element in a chart can be drilled into or out for more detail or context. For example, on a chart showing a weekly volume indicator, you can select a particular week to see the figures for each day. Select a particular day and see the figures for each hour. Select a particular hour to drill down to the individual events.
You can click the properties icon on any graph to see the data sorted a different way or to create a brand-new graph. You can choose the event sources, fields to include, filters, update interval, sort order, graph type, and more. Multiple graphs and data views can be combined and sized into a particular console view. Admins can easily create multiple views and switch among them with one mouse click. Each user can choose their own default view. Only one product in this review, LogRhythm, was in the same class as NitroSecurity in providing versatile views and graphs.
Data sources can be added to each NitroView receiver through the NitroView ESM console. NitroSecurity has prebuilt connectors to more than 325 data sources, handing the incoming data and normalizing it. NitroView uses WMI and individual per-host logon credentials to contact Windows machines, and it can act as a syslog server. Multiple hosts can be added all at once using an import file or a passive auto-learn functionality that utilizes a firewall for discovering valid hosts. However, NitroSecurity's auto-discovery process was not as seamless as its counterparts in some of the other products.
