An in-depth look at 3 log managers

Each log manager offers a unique way of gathering, compiling and making sense of syslogs and Windows Events.

040615 log managers 1

Breaking the log jam

In this review, we compared three log managers: VMware’s Log Insight, Balabit’s Syslog-ng Professional Edition, and SpectorSoft’s SpectorSoft Server Manager. Each offers a unique way of gathering, compiling and making sense of syslogs and Windows Events. (Read the full review.)

040615 log managers 2

Syslog-ng Pro

As a log consolidation engine, open source syslog-ng has a long and positive reputation in the Linux, AIX, and BSD communities. Syslog-ng Pro has astoundingly heterogeneous support for varying operating systems. Balabit differentiates the open source version from the Pro edition by including support, and Windows-specific hosting and client-side communications for log consolidation from Unix-based and Windows hosts alike. The “ng” stands for “next generation”.

040615 log managers 3

Syslog-ng Pro

For syslog and messaging tracking, Syslog-ng Pro is tough to beat as it digests almost anything, works on a vast number of platforms, and has highly tunable message filters. It does not, however, do any analysis—although it will happily cram popular database packages to the gills, at high speed, with filtered, time-stamped log messages.

040615 log managers 4

Log Insight

VMware’s Log Insight can be an almost-must have for VMware infrastructure. It handles a wide variety of log sources via host-installed agents, and has free agent add-ins that add specific brand/model/OS/app details. What’s missing: a larger number of partner/product-specific plug-ins, at least for now. The upshot is that its analysis and dashboard representation of the analysis is very strong.

040615 log managers 5

Log Insight

The Log Insight 2.5 package comprises log compilation and very good analysis for the devices it covers. That list includes VMware (of course), Windows, Linux, Cisco and Palo Alto products, popular database applications, and this list grows. Agents are free, and installable by a menu pick. It works well for the products covered, and gives great promise to Situation Room analysts of many types. It’s configurable, redundant, and firmly VMware-like.

040615 log managers 6

SpectorSoft Server Manager

SpectorSoft Server Manager is hosted on Windows, but Linux or any other server capable of transmitting syslog information can play just as easily. It’s a good candidate for SMBs and branch offices, and its GUI and feel will be familiar to Windows admins, and without the overhead of Microsoft’s gargantuan Systems Center.

040615 log managers 7

SpectorSoft Server Manager

This application felt more to us like a traditional server management system in that it accepts logs from Windows, Linux (or other syslog hosts), as well as SNMP messages, merging them in a console app that can also publish systems health status reports to web pages. It doesn’t have the vast heterogeneous log sources as VMware Log Insight or Balabits Syslog-ng Pro, but for many in especially smaller, but busy networks, its look and feel will be familiar.