EventLog Analyzer is a web-based, real-time, log monitoring and compliance management solution for Security Information and Event Management (SIEM) that improves network security and helps you comply with the IT audit requirements. Using an agent less architecture, EventLog Analyzer can collect, analyze, search, report on, and archive logs received from systems (Windows, Linux/UNIX), network devices (routers, switches, firewalls, and IDS/IP), applications (Oracle, SQL and Apache). It provides important insights into user activities, policy violations, network anomalies, system downtime, and internal threats. It can be used by network administrators and IT managers to perform audits for regulations such as SOX, HIPAA, PCI DSS, GLBA, etc.
You can use EventLog Analyzer to:
- Monitor activities of servers, workstations, devices, and applications spread across geographies.
- Monitor user activities like logons/logoffs and objects accessed.
- Generate reports for security events of interest.
- Generate compliance reports for PCI DSS, HIPAA, FISMA, SOX, GLBA and other regulatory mandates.
- Perform log forensics by swiftly searching the log database and save the search results as reports.
- Configure automatic e-mail or SMS alerts for indicators of compromise, such as network anomalies or compliance threshold violations.
- Execute workflows upon alert generation to respond to security threats automatically.
- Secure and tamper-proof archival of log data for forensic analysis and compliance audits.
Get log data from devices and applications
ManageEngine EventLog Analyzer collects, analyzes, searches, reports on, and archives event logs from distributed Windows devices; syslogs from Linux/UNIX devices, routers, switches and other syslog devices; and application logs from IIS web/FTP servers, print servers, MS SQL and Oracle database servers, DHCP Windows/Linux servers, and more.
- For real-time Windows event log collection, DCOM, WMI, and RPC have to be enabled in the remote windows machine for the logs to be collected by EventLog Analyzer.
- For real-time syslog collection ensure that the syslog listener ports in EventLog Analyzer are configured to listen to the port where the syslog or syslog-ng service is running on that particular (Cisco device, UNIX, HP-UX, Solaris or IBM AIX) machine.
- For application logs, EventLog Analyzer can be scheduled to import logs (HTTP or FTP) periodically from the application devices. You can also import and analyze the older logs from Windows and Linux machines.
Search log data and extract new fields to extend search
EventLog Analyzer provides a powerful log search engine for all types of logs. Universal log search is made possible with the help of the field extraction procedure, which allows you to define/extract new fields from your log data, in addition to the set of default fields that EventLog Analyzer automatically parses and indexes. Once new fields have been extracted, EventLog Analyzer automatically parses and indexes them from the new logs that are subsequently received; this drastically improves your search performance and helps EventLog Analyzer handle any kind of log format.
Generate IT audit reports to assess network security and comply with IT regulations
EventLog Analyzer provides a set of canned reports addressing important aspects of internal security. The software has the flexibility to create custom reports to address your IT department’s complex requirements. Over and above the set of canned reports for SOX, HIPAA, GLBA, FISMA and PCI DSS, EventLog Analyzer also allows you to create customized reports for other compliance requirements.With this software you can schedule periodic report generation and distribute them to various users in different formats.
Real-time event correlation, instant alert notification and quick remediation
EventLog Analyzer comes with a robust event correlation and alerting moduleThe software can correlate events occurring across systems and applications and generate alerts. You can get instant notification via email and SMS. You can also execute workflows upon the generation of alerts to take quick remedial action.