Top 47 Log Management Tools

Operating systems, such as Windows and Unix, as well as networks such as Cisco, typically offer some native log management functionality. But these log and event management mechanisms fall short of consolidating the data in any meaningful way, leaving bits and pieces of event logs scattered across a network. Not to mention, many of those events are lost as a result of overwrites, creating a security and compliance problem.

Third-party, comprehensive log management tools, however, offer built-in consolidation, archiving, alerting and reporting — the functionality needed to actually turn log data into useful insights. Whether you need log management solutions for Windows, Linux or any other platform, and regardless of the number of log sources you need to monitor, there’s a log management solution that will meet your specific requirements.

Some solutions are a component of a larger SIEM platform, providing even more sophisticated analytics capabilities, long-term storage and data encryption, while others can be used with any SIEM solution or even as stand-alone appliances. Flexibility is a key consideration among log management tools; some appliances are exceptionally scalable and can instantly expand to accommodate additional devices, networks or log sources with minimal to no configuration.

NOTE: The following 47 log management tools are listed in random order, not in order of performance or capabilities. The numbers are provided as a simple reference tool, but are not meant to imply a quality-ranking system. Every enterprise and organization is different, and while some tools are more flexible than others, each organization will have distinct requirements and preferences. There are log management tools spanning practically every use scenario and configuration, so this list is intended to be a central resource for comparing various appliances against your unique specifications.

1. Splunk // @Splunk
Log Management Tools Splunk

Splunk, an industry-leading platform that automatically indexes all your machine and log data, including structured, unstructured, and complex multi-line application log data. Splunk aims to provide a deeper understanding of real-time data, with the ability to search all your data without custom connectors or scalability limitations. You can quickly search, report, and diagnose operations and security issues through a rapid, repeatable process. Splunk also has built-in reporting capabilities, with advanced charts and dashboards, and a pivot interface to generate visual reports with drag-and-drop ease.

Key Features:

  • Full-picture view across the organization
  • Install content, add-ons, and apps to further expand functionality
  • Setup standard searches as real-time alerts and trigger automatic responses
  • Scale from a single server to multiple data centers
  • Deployable to on premise sites, hybrid-cloud, and/or private and public cloud based infrastructures
  • Securely make data available to users without needing to grant access to production systems
  • Supports various use cases including log consolidation/retention, security, compliance reporting, and more
  • Works with Hadoop, NoSQL, and other enterprise data stores
  • Ability to perform ad hoc queries and and access historical data without the need for third-party software

Cost:

  • Core product include:
    • Enterprise – free download gives you indexing of up to 500MB per day
    • Cloud – free trial gives you 5GB of cloud storage per day
    • Light – cloud service includes a free trial with 1GB of cloud storage per day and software download includes up to 500MB of data per day
    • Hunk – free license to integrate with Apache Hadoop, Amazon EMR, and more
  • See downloads page for more free Splunk offerings

2. Loggly // @loggly
Log Management Tools loggly

A cloud-based log management service, Loggly makes the log management process much less cumbersome. With a simple set-up process and intuitive tools, Loggly doesn’t require a ton of on-ramping. Loggly provides immediate value by interpreting and making sense of data pouring in from your applications, platforms and systems instantly.

Key Features:

  • Unlimited custom dashboards based on any search
  • Built-in customizable alerts with triggers
  • Adaptable interface with multiple views, pages and workspaces
  • Full-system RESTful API to integrate with other applications
  • Unlimited saved searches and users
  • Automated filters and event parsing
  • Custom source groups
  • Point-and-click trending graphs
  • Text-based logs from any source

Cost:

  • Lite: FREE – 200 MB/day  (Centralized logging, search & filters, persistent workspaces)
  • Standard: $49/month and up – 1 GB/day (+ built-in alerts, customizable dashboards, Loggly support access)
  • Pro: $349/month and up – 7 GB/day (+ Peak overage protection, longer standard retention, higher volumes)

 

3. AlertLogic Log Manager
@alertlogic
alertlogic

Collecting and analyzing log data for an enterprise infrastructure doesn’t have to be an impossible feat. While the nature of enterprise infrastructure is shifting from traditional, on-premise models to cloud-based infrastructures with varied components and data sources, AlertLogic enables you to work with a single, streamlined flow of data with visibility that’s both broad and deep. Al this is delivered via an intuitive web interface that’s packed with useful tools and features.

Key Features:

  • Collects, aggregates and normalizes log data
  • Pulls data from on-premise, hosted and in-cloud origins
  • More than 100 built-in reports
  • Powerful analytics capabilities
  • Responsive search
  • Low-impact and flexible data collection options
  • Query predictions and suggestions
  • Correlate events, set automatic alerts and initiate rapid response to security events
  • Security-as-a-Service delivery

Cost: Contact for a quote

4. WhatsUpGold
@WhatsUpGold
whatsupgold

Looking for a log management solution that pretty much runs the gamut from collection to storage, back-ups, archiving, analyzing and reporting, without complex or tedious processes or trying to mesh together and make sense of data obtained from multiple sources? WhatsUpGold does precisely that, delivering and fully managing log data from Syslog, Windows events logs, or WC3 logs generated by web application servers, load balancers, proxy servers or content security appliances.

Key Features:

  • Real-time monitoring, alerts and notifications for intrusion and other threats
  • Filter, analyze and report on log data for deeper insights
  • Compliance-focused reports
  • Event Archiver automates log data collection, clearing and consolidation
  • Event Rover for in-depth forensics spanning multiple workstations and servers
  • Multi-year data storage
  • Point-and-click reporting

Cost:

  • Starts at $1,595
  • As low as $1.12 per interface
  • Contact for a quote

 

5. TIBCO
@TIBCO
tibco

TIBCO aims to solve the Machine Big Data problem faced by enterprises today, with the increased use of technology adding significantly to the amount of log and event data resulting from the actions of every individual throughout the day. By bringing your varied sources of data together in a single interface for more effective monitoring and analysis, as well as the ability to identify key connections between otherwise siloed and disjointed data.

Key Features:

  • Plug-and-play, centrally-managed platform
  • Interpret data to anticipate risks and uncover opportunities
  • Ingest, process and display Big Data from any source
  • Logging-as-a-Service delivery for IT
  • Enable real-time reactions to events with reduced event-to-action time
  • Sophisticated analytics for root-cause identification
  • Streamline internal/external policy audits and compliance reporting

Cost: Contact for a quote

 

6. GFI EventsManager
@GFISoftware
gfieventsmgr

GFI provides a comprehensive log data analysis platform for Security Information and Event Management (SIEM). When you need system reliability, security, availability and compliance, GFI offers the tools you need to maintain maximum performance.

Key Features:

  • Real-time event log monitoring
  • Periodic analysis of security-relevant logs
  • Real-time monitoring of security-relevant policies, mechanisms, activity and applications
  • Monitor availability, functionality and performance
  • Reduce downtime
  • Monitor IT asset usage
  • Three-layer log data consolidation
  • Access data through two-factor authentication
  • Forensic investigations and compliance-reporting capabilities

Cost:

  • GFI EventsManager (Active Monitoring and/ or Complete version): FREE
  • GFI EventsManager Complete including 1 year SMA: $279/unit
  • GFI EventsManager Active Monitoring including 1 year SMA: $99/unit

 

7. SolarWinds Log & Event Manager (LEM)
@solarwinds
solarwinds

Real-time log analysis and active intelligence is at your fingertips with SolarWinds Log & Event Manager. The platform provides full Security Information and Enterprise Management (SIEM) capabilities in a simple-to-deploy virtual appliance that automates and simplifies your log management, security monitoring and compliance needs.

Key Features:

  • Collects and catalogs log and event data in real-time
  • Able to collect data originating from anywhere within your infrastructure
  • Processes log data before it’s written to the interface
  • Enables immediate response to security threats and network issues
  • Flexible deployment options for scalable log collection and analysis
  • Hundreds of built-in reports; audit-proven templates
  • Built-in rules and reports; pre-configured response actions
  • All-in-one appliance with a web-based interface

Cost:

  • Low-cost, node-based pricing module
  • Starts at $4,495
  • Automatically recover unused agent licenses

 

8. ManageEngine EventLogAnalyzer
@manageengine
manageengine

Security Log Analytics is an everyday convenience with ManageEngines’s EventLogAnalyzer, which automates the otherwise painstaking process of collecting the appropriate data and analyzing it effectively in order to make more intelligent, data-driven decisions and ensure compliance.

Key Features:

  • Collect, analyze, correlate, search, report and archive data
  • Mitigate file integrity
  • Log forensics analysis
  • Monitor privileged users
  • Real-time event alerts
  • Log archiving and event log reports
  • Intelligent log analysis ensures regulatory compliance
  • Regulatory compliance audits
  • Instant report generation
  • Multiple report types: user activity, historical trends, and more

Cost:

  • Free Edition: FREE – monitor up to 5 hosts, no time-bound limitation
  • Distributed Edition: Starts at $795 – Supports up to 1,000 hosts
  • Premium Edition: Starts at $1,695 – Supports up to 1,000 hosts/apps (file integrity monitoring, real-time event correlation)
  •  Distributed Edition: Starts at $6,495 – Supports up to 20,000 hosts/apps (scalable architecture, re-branding and client-specific views)

 

9. Tripwire
@TripwireInc
tripwire

Risk-based security, compliance and vulnerability management solutions are Tripwire’s specialties. The Tripwire Log Center provides complete, secure and reliable log collection to ensure you’re meeting regulatory requirements and are prepared for compliance audits. With comprehensive backup and protection features, Tripwire ensures 100% of your data is secured and retained even in downed systems.

Key Features:

  • Rapidly respond to threats
  • Conduct forensic analysis
  • Search across all devices and platforms with ease
  • Capture, archive and report on log activities for regulatory compliance
  • Security root cause analysis
  • Standards-based classification of log messages
  • Drill-down and report-up with ease
  • Generate comprehensive, easy-to-understand reports
  • Rich, real-time dashboards with visualizations
  • Monitor system application availability

Cost: Contact for a quote

 

10. NetIQ
@NetIQ
NetIQ

Simplify and streamline your log management obligations, and never risk being out of compliance with NetIQ Sentinel Log Manager.  With a single, centralized, identity-aware platform that handles collection, storage, management and analysis of IT infrastructure event and security logs.

Key Features:

  • Real-time data collection and analysis
  • Scalable and flexible software appliance built with SUSE Studio
  • Leverage non-proprietary data storage systems
  • Out-of-the-box event collection capabilities
  • Self-updating to eliminate time-consuming maintenance
  • Distributed search capabilities provides full visibility across infrastructures
  • Turn search results into compliance reports with a single click
  • Cuts down on deployment, management and storage costs

Cost: Contact for a quote

 

11. InTrust
@Dell
intrust

InTrust is Dell’s venture into log management, which operated on Windows, Linux and Unix systems. InTrust enables you to ensure compliance with external regulations and internal policies, as well as standard security best practices to ensure log data integrity and validity. You can also gain deep insights into user activity and audit full system access from login to logout. Drastically improving efficiency and reducing both upfront and ongoing costs associated with log management, InTrust is a valuable platform for merging log management into a single, streamlined process.

Key Features:

  • Forensic analysis of user and system activity based on historical data
  • Ongoing reporting and ad-hoc analysis
  • Centralizes data from widely dispersed and diverse systems
  • Integrates with ChangeAuditor for deeper user insights
  • Privileged account auditing – correlates privileged and native accounts
  • Integration with SIEM solutions
  • Long-term data compression reduces storage costs
  • Real-time data collection and alerts with flexible reporting

Cost: Contact for a quote

 

12. SpectorSoft Server Manager
@SpectorSoft
spectorsoft

SpectorSoft’s Server Manager provides event log and server management at a fraction of the price of similar tools. You get much more than simple log management, with application and disk monitoring, security event reporting and resource monitoring, event log management and actions, alerts and reporting – all of this functionality is centrally managed via an intuitive interface that also delivers comprehensive reports for meeting PCI, HIPAA, and other regulatory compliance regulations.

Key Features:

  • Monitor, consolidate, archive, audit and report on logs
  • Real-time event monitoring
  • Monitors Windows server event logs, Syslogs and text files
  • Turnkey account and logon reports
  • Rapid issue identification
  • Monitor and control Windows services, applications and processes
  • Central monitoring of server resources
  • Monitor, predict and manage disk space utilization
  • Ensure maximum uptime and rapidly respond to issues

Cost:

  • Pricing based on Nodes
  • SSM-1HL-020 / Server Manager (20 Nodes): $425
  • SSM-1HL-050 / Server Manager (50 Nodes): $750
  • SSM-5HL-050 / Server Manager (50 Nodes) 5 Pack: $1,150
  • SSM-1HL-000 / Server Manager Unlimited: $2,150
  • SSM-5HL-000 / Server Manager Unlimited 5 Pack: $2,550
  • SSM-10H-000 / Server Manager Unlimited 10 Pack: $3,050
  • SSM-20H-000 / Server Manager Unlimited 20 Pack: $4,050

 

13. McAfee Enterprise Log Manager
@McAfee
mcafee

McAfee Enterprise Log Manager automates log management and analysis for all log types, signing and validating to ensure authenticity and integrity, a requirement for regulatory compliance. Compliance rule sets and reports are functional out-of-the-box, simplifying setup and configuration. All of this functionality serves to strengthen your company’s security profile and improves your ability to comply with more than 240 standards. McAfee Enterprise Log Manager is an integrated component of McAfee Enterprise Security Manager. Log Manager stores logs, while Enterprise Security Manager handles parsing, normalization and analysis.

Key Features:

  • Intelligent log management
  • Stores the correct logs to ensure compliance
  • Parses and analyzes logs for security
  • McAfee supports chain of custody and non-repudiation efforts
  • Adapt storage and retention by log source
  • Analyze and search logs
  • Differentiate logs stored for security and logs to be parses/analyzed
  • Store locally or via managed SAN
  • Up to 7.5 TB of usable HDD storage on the appliances
  • One-click access to log files or specific log files during any point

Cost:  Contact for a quote

15. LogRhythm
@LogRhythm

logrhtyhm

Are log management and event management two distinct processes within your organization? That means purchasing and managing two separate tools, but LogRhythm combines both into a single, centralized platform to streamline not only log management, but log analysis, event management and reporting as well.

Key Features:

  • Collects data from all log sources, including applications and databases
  • Automated log archiving and retrieval, simple, comprehensive search
  • Log classification, normalization, aggregation, and correlation automated
  • Advanced data mining for root cause analysis
  • Filtering and forensic search
  • Real-time monitoring and flexible, role-based alerts
  • Prioritize alerts based on impact potential
  • Packaged Compliance reports for SOX, PCI-DSS, FISMA, GLBA, and more
  • Automated or on-the-fly report generation
  • Tailor or customize reports
  • Intelligent search in real-time
  • One-click correlation from any search

Cost: Contact for a quote

 

16. ELM Enterprise Manager

@tntsoftware1
tntsoftware

Capture the rich operational and security data that you need without the frustrating process of collecting, consolidating and analyzing log data across siloed systems. ELM Enterprise Manager can collect logs from hundreds of servers, workstations and syslog/SNMP supported devices, in real-time, and across multiple domains.

Key Features:

  • Trigger email alerts for critical events
  • Server status monitoring and reporting
  • Advanced event filtering with multiple views
  • Reporting and compliance
  • Secure event archiving and storage
  • Event correlation and forensic investigation

Cost:

  • Contact for a quote
  • Class I and Class II licenses
  • Event, Network, Core, System, Log and Performance options

 

17. Alien Vault
@alienvault
AlienVault

AlienVault is the creator of OSSIM, a leading provider of unified security management that aims to provide complete, centralized and affordable security visibility. AlienVault Unified Security Management (USM) provides an essential monitoring tool by combining log management and monitoring with the security features you need to comply with PCI DSS Requirement 10: Track and Monitor All Access to Network Resources & Cardholder Data.

Key Features:

  • Out-of-the-box PCI dashboards and reports
  • Rapid deployment
  • Asset discovery and behavior monitoring
  • Log collection and netflow analysis
  • Service availability monitoring
  • Continuous vulnerability assessment
  • Threat detection and file integrity monitoring
  • Multiple security functions and consoles
  • Ongoing, continuous threat intelligence
  • Unified security monitoring
  • Simple event management and reporting

Cost: Contact for a quote

 

18. Netwrix Auditor
@Netwrix
netwrix

Netwrix Auditor offers built-in consolidation, archiving, alerting and reporting features, gathering data from multiple computers across networks to provide alerts on critical events, archiving events in a compressed format for simpler and more effective analysis. With support for an unlimited number of servers and long-term archiving storage and distributed data collection, Netwrix Auditor is a high-performance log management tool suitable for both small and large enterprises.

Key Features: 

  • Event log archiving
  • Distributed data collection
  • Real-time alerts for critical events
  • Automatic device discovery
  • Pre-configured reports for compliance
  • Supports a variety of systems

Cost: Contact for a quote

19. Arcsight ESM
@hpnews
arcsightesm

Arcsight ESM is an enterprise log management solution for identifying and prioritizing both current and potential security threats. Arcsight also provides Arcsight Logger, a tool for collecting and unifying data. HP Arcsight ESM offers multiple service levels with the capacity to handle between 1,000 to 12,500 sustained events per second, providing options for both small and large enterprises as well as scalability for growing companies.

Key Features: 

  • Analyze logs from multiple devices
  • Link events to detect threats and allocate resources
  • Automatically collects machine data from 350+ sources
  • Unify all data for full visibility
  • Add-on compliance packs for PCI, SOX, and IT governance
  • 500 built-in compliance reports
  • Encrypts data in-transit
  • 42TB of log stored centrally
  • 10:1 compression ratio

Cost: Contact for a quote

 

20. Sumo Logic
@SumoLogic
sumologic

A cloud-based log management solution, Sumo Logic is comprised of several components each providing a specific service. Each service operates using a set of lower-level modules that make use of common functionality, resulting in a top-level seamless solution while enabling segmented scalability — meaning it’s completely customizable to provide just the right capacity and functionality at the lowest possible cost.

Key Features: 

  • Full-text indexing pipeline
  • Interactive analytics platform
  • Each model runs as an independent executable
  • Asynchronous messaging decouples all senders/receivers
  • Customer log data is always tagged and differentiated
  • Unified underlying stream processing engine

Cost: 

  • FREE
  • Enterprise plans (larger data volumes): Contact for a quote

 

21. Novell Sentinel Log Manager
@NOVELL
novell

Compliance and security are simplified with Novell’s Sentinel Log Manager, the industry’s first log management solution available as a software appliance. Built with SUSE Studio, Sentinel Log Manager can be deployed quickly and offers out-of-the-box event collection capabilities.  Distributed search means rapid and intuitive searching and filtering across multiple devices spanning the globe, while one-click reporting streamlines compliance.

Key Features: 

  • Simple, intelligent One-Click Reporting
  • Quickly generate compliance reports based on search results
  • Distributed search capabilities for seamless reporting
  • Predefined reports for PCI-DSS, HIPAA, SOX and more
  • AJAX-based Interface
  • Powerful, text-based searching
  • Support for non-proprietary storage systems
  • Auto-detection of syslog sources
  • Forward data for real-time processing with Sentinel Link

Cost: Contact for a quote

 

22. Tenable Log Correlation Engine
@TenableSecurity
tenable

Collecting log data is one thing, but putting it to use is another. Tenable Log Correlation Engine provides you with the tools you need to derive actionable insights via a single console. Normalize, correlate and analyze all in the same dashboard, without wasting hours of precious time collecting and making sense of disjointed data from multiple log sources.

Key Features: 

  • Full-text search
  • Detect malware and other threats
  • Flexible reporting and consistent metrics
  • Collects and aggregates data from many sources:
    • Firewalls
    • Intrusion detection and prevention systems
    • Data loss prevention solutions
    • Raw network traffic
    • Application logs
    • User activity
  • Centralized client administration and management
  • Real-time event correlation
  • Rapid query performance
  • Customizable analytics 

Cost: Contact for a quote

 

23. EventTracker
@LogTalk
eventtracker

EventTracker provides a streamlined console for aggregating and analyzing log data from every corner of your organization, encompassing all systems, including Firewalls, Linux, Unix, Syslog and Windows Event Logs – Security Logs, Application Logs and Error Logs. With real-time alerting and in-memory correlation, you’ll benefit from full visibility and complete accuracy with minimal effort.

Key Features: 

  • Process millions of events daily
  • Configure custom retention periods
  • Tamper-evident archive
  • Agentless monitoring across most systems
  • Generates compliance reports for PCI DSS , GLBA, HIPAA and more
  • More than 1,500 pre-configured reports
  • 90% compression ratio

Cost: 

  • Cloud:
    • FREE
    • Bronze: $10/server/month (+ automatic incident response, advanced customization rules)
    • Silver: $20/server/month (+ risk assignment)
    • Gold: $30/server/month (+100 million logs/day capacity, pre-configured compliance reports)
    • Additional costs apply per endpoint and per application
  • On-Premise:
    • Log Manager: From $1,999 (up to 250 log source counts)
    • Security Center: From $4,795 (50 to 5,000 log source counts)
    • Enterprise: Contact for a quote (unlimited log source counts)

 

24. Konica Minolta Log Management Utility 
@KonicaMinoltaUS
konica

Konica Minolta’s Log Management Utility is designed to compliment an MFP’s device audit log function with a longer log data retention period combined with streamlined browsing and searching capabilities. Collect, save, browse and search MFP audit logs over extended periods of time, enabling more comprehensive analysis and management.

Key Features: 

  • Designed for MFPs
  • Collect, save, browse and search
  • Extended retention periods
  • More time for comprehensive analysis
  • Transfer Audit Logs to PC for analysis

Cost: FREE

 

25. Snare – Auditing and Event Log Management

@ia_snare

snare

Snare is a SIEM (Security Information & Event Management) Solution that’s actually comprised of two individually licensed components: the Snare server and individual Snare agents. The server is the central control panel that enables the administrator to define, gather, index, track and report on critical IT events from the server and agents. Snare agents are not limited to use with the Snare server; they’re compatible with a wide range of SIEM servers. 

Key Features: 

  • Server and agents are individual components
  • Agents compatible with many SIEM servers
  • Receives data from a variety of sources:
    • Windows and Linux/UNIX/OSX/AIX operating systems
    • Snare Epilog files
    • switches
    • routers
    • firewalls
    • Syslog sources
    • authentication servers
  • Filter and refine agent log collection
  • Simplifies internal compliance audits
  • Adheres to a range of compliance standards
  • Snare Server:
    • 100+ interactive reports
    • Email reporting
    • Configuration checking
    • Network device reporting
    • Reflector technology sends data in real-time
    • Click-through deep-dive into logged data

Cost: 

  • Snare OpenSource Agent (OSA) – Limited Version: FREE (Download link)
  • Note Snare OSA does not adhere to compliance regulations
  • Snare Enterprise: Contact for a quote

 

26. Elasticsearch ELK Stack 
@elasticsearch
elasticsearch

Elastisearch ELK Stack offers a set of applications and utilities, each serving a distinct purpose, which combine to create a powerful, end-to-end search and analytics platform. Logstash captures log data in a central location, Elastisearch takes it a step further with real-time analysis and Kibana transforms data into powerful visualizations for actionable insights. This comprehensive platform is built on Apache Lucene and offered under an Apache 2 Open-Source License.

Key Features: 

  • Distributed restful search
  • Scale horizontally by adding nodes
  • Stacked solution with powerful components
  • Powerful analytics with instant insights
  • Visualize data with Kibana
  • Resistant clusters for security and reliability
  • Full-text search
  • Document-oriented
  • No Schema; automatic interpretation
  • Conflict management with optimistic version control
  • Multi-tenancy with individual or group queries
  • Redundancy for data security

Cost: FREE

 

27. Logscape
@logscape
logscape

Logscape allows you to search, visualize and analyze an unlimited amount of log files and operational data from a single, central dashboard. With out-of-the-box functionality for many common platforms, Logscape comes at a fixed cost coupled with massive scalability.

Key Features: 

  • Custom dashboards, workspaces and reports
  • Data from any network input, syslog
  • Real-time event detection
  • Triggers and alerts
  • LDAP for user- and role-based access control
  • Scale on existing or dedicated infrastructure
  • Apps for syslog monitoring on Windows, Unix, Java, Cisco devices and more

Cost: 

  • Logscape Manager: FREE (indexing and searching data)
  • Local Indexer: $5,000/year/10-pack (search data in place)
  • Central Index Store: $10,000/year (search forwarded data and unlimited servers)

 

28. Sawmill
@sawmill
sawmill

Sawmill is a universal log file analysis and reporting solution providing analysis, monitoring and alerts across a wide range of systems. Extensive reporting features and precise analysis in a fully scalable package enables you to get more out of your data, and a ton of available plug-ins can be used to expand capabilities.

Key Features: 

  • Supports more than 900 log formats
  • Log formats are extendable and customizable
  • User management and role-based access control
  • LDAP Authentication
  • Scheduler, database filters and customizable overview
  • Runs on Windows, Linux and a variety of platforms
  • Store data in Sawmill’s internal database or a number of 3rd-party databases
  • Memory management settings for better performance

Cost: 

  • Prices scaled by edition and number of profiles
  • Lite: $99-$199 (1-5 profiles)
  • Professional: $199-$5,999 (1-1,000 profiles)
  • Enterprise: $599-$35,000 (1-unlimited profiles)
  • Additional support packages available

 

29. Event Sentry 
@netikus
eventsentry

Consolidating all your logs in a central location — and in real-time — is simple with Event Sentry’s Log Management solution. Using sophisticated rule sets, you can limit your alerts to those that you need, while eliminating extraneous messages that distract you from more important tasks. And because it’s automated, that means you can actually be doing those other tasks that matter while performing comprehensive log management at the same time.

Key Features: 

  • Countless configuration options
  • Powerful, flexible filtering
  • Send event log messages in multiple formats
  • Trigger actions in response to events
  • Events matched by basis properties or custom strings
  • Wild card and expression matching
  • Custom event logs
  • Trigger alerts with filter thresholds
  • Network / SNMP Monitoring
  • ARP monitoring
  • Non-delimited and delimited log files
  • Correlate events between log types

Cost: 

  • Pricing scaled based on number of hosts
  • 1 license: $85.00/host
  • 5 licenses: $71.60/host
  • 10 licenses: $69.80/host
  • 50 licenses: $53.76/host
  • 100 licenses: $43.98/host
  • 500 licenses: $31.00/host
  • 1,000 licenses: $24.00/host
  • Costs apply for support and maintenance, environment monitoring and other services

 

30. BalaBit syslog-ng
@balabit
balabit

Businesses rely on syslog-ng to collect, process and store log messages across IT environments. There are three editions, including the open-source syslogd, which has minimal features and is operating-system dependent, the Premium and Store Box editions. All have reliable message filters, content-based filtering and message parsing and rewriting, while the paid versions offer more comprehensive encryption and customization.

Key Features: 

  • Collect, filter and normalize
  • Forward or store log messages
  • Disk-based message buffering
  • Flow control
  • Extreme message rate collection
  • Collect data from thousands of log sources
  • Secure, encrypted storage
  • Supports more than 50 server platforms
  • Filter, parse and re-write data
  • Read logs from any text file

Cost: Contact for a quote

 

31. CorreLog
@CorreLog
correlog

Real-time log management and multi-platform security correlation in one, CorreLog is a streamlined central control panel for collecting, managing and acting on log data. CorreLog features comprehensive SIEM capabilities as well as automated event management and self-learning algorithms for more efficient alerts on internal threats. CorreLog offers a full suite of solutions, agents, components and plugins meeting a range of business and enterprise needs, so you can find a solution that suits your requirements with the option of scaling up to a familiar platform later.

Key Features: 

  • Standards-based components
  • Accommodate virtually combination of environment architectures
  • Works with existing SIEM solutions
  • 100% web-based CorreLog Enterprise Server
  • Create actionable tickets based on events
  • Aggregates and correlates log data
  • Real-time data collection and analysis
  • Policy compliance solutions

Cost: Contact for a quote

 

32. Papertrail
@papertrailapp
Papertrail

Time-saving tools and flexible system groups, along with full-team access, long-term log data retention, sophisticated analytics with visualizations and exporting options are just a few of the features that work seamlessly together to create Papertrail’s comprehensive and streamlined solution for frustration-free log management. In just 45 seconds, Papertrail enables businesses to effectively monitor two servers — or 200.

Key Features: 

  • Derive value from the data you already collect
  • Works with all common log methods and formats
  • App logs, text log files, syslogs aggreated in one place
  • Aggregates data from a multitude of log sources
  • Real-time functionality from browser, command line or API
  • Instant alerts
  • Custom alerts on any event configuration 
  • Search and filter with long-term data retention
  • Save useful and frequently-used searches
  • View related events together in dashboard
  • Unlimited systems and users

Cost: 

  • FREE: 100 MB/month
  • $7: 1 GB/month (1 week search, 1 year archive)
  • $18: 2 GB/month (1 week search, 1 year archive)
  • $35: 4 GB/month (2 weeks search, 1  year archive)
  • $75: 8 GB/month (2 weeks search, 1  year archive)
  • $150: 16 GB/month (2 weeks search, 1  year archive)
  • $230: 25 GB/month (2 weeks search, 1  year archive)

 

33. Assuria Log Manager 
@AssuriaLTD
Assuria

Assuria Log Manager is a a CESG CCTM Accredited Forensic SIEM/Log Management solution. It’s most often used by government organizations, major commercial enterprises, and IT service providers delivering intelligence and system activity visibility to clients. It supports not only log management, but a variety of other valuable activities such as analysis and alerting, security and compliance reporting, and forensic readiness.

Key Features:

  • On-premise, cloud or managed services delivery
  • Automatic rules-driven analysis
  • Data visualization and querying
  • Anomaly detection engine
  • Real-time event alerts sent by Email and/or SNMP traps
  • Flexible analysis, correlation, aggregation and reporting
  • Secured storage with digital signature for authentication
  • Supports multiple collection points
  • Role-based access control
  • Scalable, modular architecture adapts to any size IT environment

Cost: Contact for a quote

 

34. LOG Storm 
@BlackStratusInc
blackstratus

LOG Storm combines log management and security information management in a single, highly-functional and highly-flexible appliance. LOG Storm offers the fastest events-per-second (EPS) performance, greatest flexibility and most available live data storage available in a cost-effective solution with simple installation and low overhead and maintenance requirements.

Key Features: 

  • In-depth threat analysis
  • Flexible deployment options
  • Intuitive graphical user interface
  • Incident response, forensics, and discovery
  • Built-in support for 1,000+ devices
  • Simple device integration tool
  • Reporting packs for major regulatory compliance standards
  • Master console for centralized log management
  • MetaRules Correlation

Cost: 

  • LOG Storm Virtual SIEM Appliance: FREE
  • Other deployment options and advanced solutions: Contact for a quote

 

35. PowerBroker Event Vault for Windows
@BeyondTrust
PowerBroker

PowerBroker Event Vault for Windows consolidates log data into one central repository, eliminated the distributed nature of log data that once made log management such a time-consuming and ineffective task. PowerBroker Event Vault automates and completely streamlines the process of log data collection from Windows 2000 through Windows Server 2008 and Windows 7. It’s scalable and flexible, with centralized storage in the PowerBroker event database, and it’s easy to deploy either with Agents or Agent-less.

Key Features: 

  • Auditor and Recovery files not requiring an agent use a single footprint
  • Modular architecture
  • Single agent, single console
  • Track, manage and protect any event from a single dashboard
  • Add new module with no workflow disruptions
  • Real-time, customizable data views
  • Fully indexed archive searching
  • Massive library of security and compliance reports
  • Flexible targeting, filtering and scheduling policies

Cost: Contact for a quote

 

36. SemaText Logsene
@sematext
sematext

Sending and extracting log data can become a simple, straightforward and even automated process thanks to Sema Text Logsene, a Log Management & Analytics solution with a myriad of ways to configure dashboard views of data to derive deeper insights and identify key relationships between otherwise distributed log data and events.

Key Features: 

  • Full-log accessibility in a central dashboard
  • Minutes to configure, no installation or maintenance
  • Integrates with SPM performance monitoring and SSA site search analytics solutions
  • Kibana aids with powerful data visualizations
  • Send data from a variety of sources
  • Correlate logs with practically any data point: KPIs, events, custom metrics, etc.
  • Integrates with all standard logging facilities and agents
  • Exposes Elasticsearch API
  • Spot trends and identify root causes

Cost: 

  • Logsene On-Premise: Contact for a quote
  • Basic: FREE (1 million log events)
  • Standard: $1/day (10 million log events)
  • Pro: $8/day (100 million log events)
  • Pro Silver: $50/day (1 billion log events)
  • Custom: Contact for a quote

 

37. Kiwi Syslog Server
@solarwinds
kiwi

Need to collect, analyze and react to syslog server data on Unix/Linux, routers, firewalls, switches and the like? Kiwi Syslog Server caters to this sub-segment of the log management landscape with a functional appliance that can capture messages from across a variety of devices in real-time while maintaining compliance with regulatory standards.

Key Features: 

  • Unlimited data sources
  • Can handle millions of messages per hour
  • Run as-a-Service on most Windows OS
  • Real-time log display in multiple windows
  •  Split written logs by device, IP, hostname, date or other message or time variables
  • Trend analysis graphs
  • Traffic statistics
  • Forward logs to syslog servers, SNMP servers or databases
  • Included Kiwi Secure Tunnel secures syslog data in-transit
  • Manage log archives with rules and filters

Cost: $295 (one-time fee)

 

38. SecureVue Log Management/SIEM
@EiQNetworks
securevueEiQ

Event and log collection isn’t just simpler, but it has far more potential with SecureVue Log Management/SIEM. With powerful tools and functionality to help you meet all 8500.2 and 800-53 Audit Log Management requirements, regulatory compliance doesn’t have to be an ongoing headache. SecureVue’s compliance features are tailored specifically to DoD and federal agencies with built-in compliance reports, alerts, filtering and monitors to maintain full compliance and easily generate the necessary documentation.

Key Features: 

  • Supports network infrastructure, security solutions, operating systems, and applications
  • Automatically correlates and filters events
  • Highlights suspicious events or those requiring attention
  • 600+ alerts, can be tailored via a GUI
  • Out-of-the-box alerts for common thresholds
  • 50+ dashboards
  • Easily visualize risk and overall picture
  • Controls for event and state data sets
  • ForensiceVue identifies root cause with simple search functionality
  • No Agents required; easy setup and no ongoing maintenance

Cost: Contact for a quote

 

39. LOGalyze
@LOGalyze
Logalyze

LOGalyze offers solutions for system admins, network managers and security teams. Centralized log management, network monitoring, real-time data collection and analysis, among other features, LOGalyze provides a range of functionality used across several disciplines to maintain tighter security and derive more accurate insights from data that’s distributed in siloes across the infrastructure.

Key Features: 

  • Collect event logs from distributed Windows hosts or syslogs and many other sources
  • Analyze log data
  • Multi-dimensional statistics
  • Pre-defined compliance reports
  • Custom report generation
  • Plug-in-style alert modules
  • Classifies logs by source host, severity, type
  • Filters logs into categories for easy analysis
  • Correlate data to define events and alerts

Cost: FREE (unlimited, for everyone including commercial use)

 

40. CloudAccess Log Management
@CloudAccess_
cloudaccess

A turnkey solution that integrates seamlessly with CloudAccess SIEM, CloudAccess Log Management boasts cryptographicstorage and military‐grade data destruction that keeps your records in accordance with government policies. It can manage any volume of data over any span of time, making it the perfect scalable log management tool for rapidly growing businesses and enterprises. CloudAccess’ Log Management solution keeps data so iron-clad that it’s admissible in a court of law.

Key Features: 

  • AES 3DES Encrypted transport encrypted transport
  • Compatabile with SAN and NAS storage systems
  • Stores events in raw form, digitally signed and time-stamped
  • Unlimited number of events
  • Ensures optimal “chain of custody” management
  • 10:1 compression
  • Run detailed queries across years of data

Cost: Contact for a quote

 

41. MonitorIT Log Management
@GoliathSolution
goliath

MonitorIT is a powerful log management appliance from Goliath Technologies. It’s so robust and comprehensive that it satisfies FISMA (Federal Information Security Management Act) requirements, as well as NIST-800 and NISPOM (Chapter 8) standards. But it’s not so advanced that it loses its basic, essential usability. Use MonitorIT to generate daily security reports, perform daily operations analysis and compliance auditing in addition to maintaining a watchful eye over your complete infrastructure without a ton of legwork and tedious monitoring.

Key Features: 

  • Central console with log analysis, search and drill-down
  • Security analysis and real-time alerts
  • Set thresholds based on specific events and patterns
  • Templates for compliance reports
  • Rapid search functionality for instant troubleshooting
  • Log Management Plus can monitor server applications and health
  • Comprehensive event log management
  • View, filter, alert, report, forward or archive syslog data

Cost: Priced by Agent, Controller or Service 

 

42. Logging and Status Software Blade featuring SmartLog
@checkpointsw
checkpoint

CheckPoint’s Logging and Status Software Blade features SmartLog, an advanced log analyzer that delivers split-second search results and provides real-time visibility into log data through a simple, Google-like search experience. If you require a log management solution for use with Check Point and OPSEC log-generating products,  SmartLog is flexible and scalable to meet the needs of modern enterprises.

Key Features: 

  • Reads logs created by Check Point and OPSEC log-generating products
  • Textual search
  • Real-time log indexing
  • Scalable architecture can read billions of logs
  • Analyze patterns or drill-down to specific records
  • Useful timeline view provides more insights
  • Multiple log and event notification types
  • Customizable log fields
  • Backup log servers

Cost: Contact for a quote

 

43. ApexSQL Log
@ApexSQL
apexsql

A streamlined discovery and recovery tool, ApexSQL enables full exploration of the SQL transaction log as well as the ability to undo transactions, audit schema and make data changes. It serves as an added layer of protection for SQL security, along with some enhanced functionality that adds user identification, point-in-time restores and human-decipherable data presentation.

Key Features: 

  • Forensics data investigations
  • Disaster recovery without full database restore
  • Identify and track users based on login
  • Track permissions and trigger state alerts with surveys
  • Schedule periodic, automatic audits
  • Isolate specific transactions by user, date, object, change type and more
  • Generate end-user reports documenting environmental changes

Cost: $1,599 and up

 44. AccelOps Security Information and Event Management (SIEM) 

@AccelOps
AccelOps

Providing IT and operational analytics for the  modern enterprise, AccelOps Security Information and Event Management (SIEM) is much more than just a log management tool. With automatic log collection across the entire network in real-time, AccelOps makes quick work of what would otherwise be a frustrating, time-consuming and all-encompassing task. By enabling fast, accurate and comprehensive network intelligence, issues can be addressed before they ever impact the end user, providing a seamless customer perception.

Key Features: 

  • Prevents future blind security spots
  • Unlimited online data retention
  • Add user and application context to every event
  • Powerful, layer 7 rules engine
  • Extends to on-premise, off-premise, private and public cloud environments
  • One-click access to deep data reduces resolution time
  • Single, software-based log management solution
  • Automated compliance reports for HIPAA, PCI DSS, SOX and more
  • Enrich with knowledge and patterns through a simple GUI
  • Comprehensive, extensible analytics

Cost: Contact for a quote

 

45. Scalyr

 

scalyr

Scalyr gives you all the tools you need to monitor all your servers — in one central platform. From log aggregation to search and analysis, alerts and more, Scalyr is a cloud-based solution that not only extends your functionality significantly, it doesn’t add to your IT or overhead costs.

Key Features: 

  • Redact sensitive data from logs
  • Easy set-up Agent or API
  • Central log management
  • Dashboards and alerts
  • Import logs and metrics from third-party services
  • Aggregate data from all servers centrally
  • Manage log volume through selective collection
  • Explore data with clicks; no queries needed
  • Comprehensive reports and data visualizations

Cost: 

  • Silver: $99/month
  • Gold: $249/month
  • Platinum: $499/month
  • Enterprise: Contact for a quote

 

46. Graylog2
@graylog2
Graylog2

An open-source data analytics system that’s been field-tested around the globe, Graylog2 collects and aggregates events from a multitude of sources and presents your data in a streamlines, simplified interface where you can drill down to important metrics, identify key relationships, generate powerful data visualizations and derive actionable insights.

Key Features: 

  • Leverages Java, Scala and ElasticSearch technologies
  • Central syslog monitoring
  • Interactive API browser
  • Application debugging
  • Exception monitoring
  • API analytics
  • Intuitive search interface
  • Comprehensive dashboard

Cost: FREE

 

47. fluentd
@fluentd
Fluentd

An open-source data collector for processing data streams, fluentd offers more than 150 plugins for extended functionality, more robust log management and additional uses. It works with more than 125 types of systems and is designed for high-volume data streams. You don’t need any ad-hoc scripts to use fluentd; the functionality is built in out of the box. It’s similar to syslogd but uses JSON for log messages.

Key Features: 

  • Handles up to 50,000 messages per second at peak time
  • Data filtering and alerting
  • Apache 2.0 License project
  • Simplify and scale data pipeline management with tags
  • More than 200 community-contributed plugins
  • Real-time monitoring and alerts system
  • Store data in multiple systems
  • Collect and correlate web server access logs and application error logs

Cost: FREE