Enterprise Log Management - ArcSight Logger

Arcsight Logger - Simplifying log collection and analysis

Main goal of Arcsight Logger
Long term data retention requirements from regulations such as Sarbanes Oxley, PCI, FISMA, HIPAA and GLBA necessitate a cost effective means to collect and store audit-relevant log data from numerous sources ranging from networking equipment and security devices to databases and homegrown applications.

The Product
To address the growing need for collection, storage and analysis of enterprise-wide log data, ArcSight Logger is delivered as a turnkey appliance that supports high performance collection of logs from any source into a highly compressed yet easily searchable and self-managing log data repository. ArcSight Logger can function as a standalone appliance for log aggregation or can complement ArcSight ESM deployments. (Product Brochure)

Main Features

• High-Performance Log Aggregation ArcSight Logger can capture raw logs at sustained rates in excess of 75,000 events per second (EPS) per appliance.
  
• Broad Device Support ArcSight Logger supports collection from any raw syslog or log file source, It can use existing Arcsight SmartConnectors and Arcsight FlexCOnnector technology can also be leveraged.
  
• Cost Effective Storage Each ArcSight Logger appliance is equipped with 2 TB of secure and RAID enabled onboard storage. All log data is heavily compressed prior to storage yielding approximately 15 TB of raw data capacity per appliance.
  
• Dynamic and Distributed Querying The simple Webbased search interface in ArcSight Logger supports both simple-term searches as well as sophisticated queries powered by regular expressions and Boolean logic. Dynamic result sets are augmented by drill down and drill across capabilities.
  
• Ease of Deployment Log aggregation is seamless with ArcSight Logger's hardened 1U appliance form factor, optimized file storage and built-in monitoring. No database administration expertise is needed and a 100 percent Web-based GUI simplifies deployment further by eliminating the need for client installations.
  
• Audit Quality Log Data Numerous audit and litigation best practices have been incorporated into ArcSight Logger.
  
• Automated Retention Policies Multiple retention policies can be defined by source type to match regulatory data retention requirements. These policies are automatically enforced.

Why Log Management Matters

Nearly every major regulation affecting corporate security now demands continuous logging and effective log management. HIPAA, SOX, 357 and Even the Processing Card Industry (PCI) standard appears to demand it.

Organizations that have implemented log management systems have found that the systems provide far more value than simply meeting compliance requirements. So even if auditors and regulatory compliance demands are driving you to implement log management, it makes business sense to use that technology to improve security, as well.

Operating system and application logs are an untapped mine of vital information about the health and well-being of an organization's computer infrastructure. When properly configured, these logs record the day-to-day activity of system users; administrative changes made by the folks who manage critical production systems; and capture evidence produced by malicious activity. When log management is working, you can review changes to your operational environment made by system administrators and operators. You can see unusual activity from your authorized users; you will be able to monitor people without credentials who are trying to get in and you can track what they are doing when they do get in. Best of all, with the right logging configuration you'll capture the history of a hacker's activity on your machine, from the establishment of unauthorized accounts to the installation of back-doors, enabling you to quickly isolate and repair affected systems after an intrusion.