In the second week of June, I was at HP DISCOVER 2011 in Las Vegas and I had the privilege of meeting many BTO customers. The week was packed with many customer meetings, 3 sessions and a keynote demo which I will talk about later. My sessions were about sharing the information across Security Operation Center (SOC) and Network Operation Center (NOC). Every customer in the room agreed that they could use some security background to do better analysis on alerts coming up on BTO products like OM, NNM and OMi.
Let us take an example, OM shows an alert that your web server is running low on resources. One obvious way to fix that problem would be to throw more resources at it and hope the problem does not reoccur. But before doing that, it might be a good idea to do some forensic analysis on the web server logs to see what is causing that problem. That is exactly the use case I cover in this keynote demo. On doing the detailed analysis, it was found that the web server was actually under a denial of service attack.
There are many other benefits of integrating your BTO products with a universal log management solution like ArcSight Logger. But before I list them, let us look at what is a universal log management solution. To make it very simple, a universal log management solution can:
- Collect EVERYTHING
- Analyze ANYTHING
- Be used EVERYWHERE
There are many log management solutions in the market designed for specific use cases but there isn’t one that can give you a comprehensive analysis on ALL IT logs and can be used for all use cases. ArcSight Logger does exactly that. Moreover, it is the ONLY log management solution that integrates with the BTO solutions like OM, OMi and NNMi.
I plan to cover more details on universal log management solution in other blog posts but for the time being, here are some of the benefits of integrating BTO solutions with ArcSight Logger:
- Use off the shelf 300+ ArcSight SmartConnectors to expand collection
- Using ArcSight Logger, route syslog data to NNMi from devices that cannot send SNMP traps
- Archive years worth of data from BTO products on ArcSight Logger as a single instance of it can store up to 42TB of data
- Use alerting logic of ArcSight Logger to expand capabilities of BTO products
There are many other benefits of integrating the BTO products with ArcSight Logger but instead of me telling you about them I thought it would be a good idea to hear from you. So, we are making a limited version of ArcSight Logger (a 49 USD value) available to you at no cost. Using this version of ArcSight Logger, you can collect up to 750 MB of logs daily from up to 10 devices and store up to 50 GB (500 GB of effective capacity as average compression on ArcSight Logger is 10:1) of logs.
HOW TO GET YOUR FREE VERSION OF ARCSIGHT LOGGER
- Go to http://www.arcsight.com/logger
- Click on “$49 Download Now” button
- Type the promo code “B-Loggers” (without quotes)
- Complete the process and you will get an email with instructions on how to download your FREE copy
After you have downloaded and installed ArcSight Logger, I would love to hear your feedback. Please add comments below.
Later, I will be posting more information on universal log management solution, use cases, integration with BTO products, etc.
Till then, love thy logs!!!