If we want to start comparing enterprise products, you need to add RSA enVision to the list. The system is completely scalable in terms of how many events per second it can handle. We have an older HA series appliance, which can handle 7500 events per second sustained, with burst up to 9750. Newer enterprise level appliances from RSA enVision are simply limited by the number of collectors you purchase, with each collector capable of 10,000 sustained events per second. Can you tell I am biased? I love the features it has - enterprise reporting, alerting, ability to collect from windows, syslog, IIS, SQL, Oracle, and lots others. We haven't even tapped the potential of our system and we are loving what we can do with it. Of course, once you get into these products, you are talking about several hundred thousand dollars. Not for your average Small-medium sized business.
James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Gage Sent: Friday, February 01, 2008 11:26 AM To: [email protected] Subject: RE: Fwd: Centralizing Event Viewer Logs Check out Loglogic http://www.loglogic.com It will handle up to 4000 mps sustained and can handle spikes up to 30000 mps. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Winzenz Sent: Friday, February 01, 2008 12:28 PM To: [email protected] Subject: RE: Fwd: Centralizing Event Viewer Logs IMHO, you get what you pay for. Are you referring to this product? http://sourceforge.net/projects/eventlogmonitor/ If so, it looks like it can only deal with windows logs. That is not going to get you very far. If you want to know what is going on within your network, you really need something that can handle syslog messages as well (routers, firewalls, etc.). Although not pertinent to the product you mentioned, I remembered reading on GFI's website about their event log management product. They were *boasting* that their collector could handle up to 6 million events per hour. That boils down to a paltry 1667 events per second, which is absolutely pathetic. A couple of core routers/firewalls could easily overwhelm this. James Winzenz Infrastructure Engineer - Security Pulte Homes Information Services -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, February 01, 2008 9:08 AM To: [email protected] Subject: Re: Fwd: Centralizing Event Viewer Logs Is there someone who already tried the product SB Eventlog Monitor? I´m thinking about starting some tests in my network (all windows, 2000 machines) centralizing all the logs in one server, but I would like to hear from you any kind of experience with this product. I would like to know how the product behaves concerning network traffic, manageability and event correlation. CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you. CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message and any file attachments from your computer. Thank you.
