LogRhythm v4.0

In a forensic environment you would save the raw logs in a chain of custody and perform all analysis on LogRhythm's archived data, never taking the chance of corrupting actual evidence.

The appliance is easy to set up and deploy. Since it is watching the network all the time in its role as a log correlator and analyser, it will have everything you need to perform network forensics.

It can take data from most types of logs found on a network. Plus, its Universal Database Log Adapter lets it gather logs from most types of database systems. This is a major forensic benefit.

One of LogRhythm's best features is the Log Miner. This function provides multiple, innovative ways to view log data from multiple sources. The displays tell a story very quickly, leading to drill-downs that access exactly what you are looking for. Newly improved handling of log metadata adds to the high performance.

LogRhythm provides good documentation to meet the needs of both administrators and end users. The product comes with all user, administrator and appliance manuals to make operations and deployment straightforward.

The administrator's guide contains deployment and management documentation as well as "how to" examples to assist users from start to finish. The documentation is well laid out and easy to follow, with good examples and script code.

Support offerings include web, email and phone assistance. LogRhythm also offers a support portal with specific resources to help customers troubleshoot problems. Other available services provided by LogRhythm are deployment and implementation planning, custom configuration, training and managed services.

Starting at US$20,000, this is a very good value, even if all you want it for is forensics. If you plan to implement the LogRhythm appliance as a full featured SIM, it’s an even better deal.