Product Comments

As a service to our users, Loganalysis.org offers this page for comments on commercial products or service offerings. If you have a comment or brief review you'd like to make on a product, E-mail info@loganalysis.org. with your comment. Please comment on Good Points, Bad Points, and make sure you include some mention of how you are using it in your organization and the number of machines you use it on, if possible.
We will not post anonymous comments. If you believe in what you are saying enough to say it publicly, you should believe in what you are saying enough to say it under your own name.

I
TNT's ELM Log Manager http://www.tntsoftware.com

Comment by Fred Wilmot <security@internationaloccasions.com>:

Good points: Does not rely on BIOS resolution for Windows boxes, uses raw sockets. Allows IIS log file monitoring, or any flat text file. Deploys agents to Windows servers which may or may not cause heartache to update depending on deployment architecture. Has an SSL implementation for read-only web viewing of log data. Fairly scalable and we have tested up to 400 windows/syslog events per second without failure of the application. ELM allows ustomized
response real-time with good include and exclude filtering and even scripted response.

Bad points: The software is still pretty young; the product cycle turns out minor releases almost monthly. Runs on Windows Server or Advanced server only. I have found querying a database resident on the ELM server (how the product is touted) may cause performance problems for in depth queries. Reporting is also okay, but not great. Customized reporting is not quite available yet, although you can customize the views of canned reports. ELM works for my purposes; I am using it to collect event logs, collect syslog messages from UNIX devices and Network devices, and monitor IIS logs.
 
 
 
 

Note: The comments on this page are not edited (they may be reformatted) by Loganalysis.org. They represent the opinions of end-users of the products in question. Loganalysis.org does not make any effort to check the credentials of the users submitting comments; readers are invited to maintain an open mind and a healthy sense of skepticism.