LogLogic’s LX 2000 is an excellent log analysis tool.
It is powerful, can be distributed, and is a mature and useful product. But it is not for the faint-hearted. While its user interface is excellent, it has many hidden capabilities that require some time to understand.
We wanted to feed the product our log test set, but found that challenging since the LX 2000 is intended to analyse logs in near real-time. While it is quite capable of batch analysis, it takes an effort to import the logs for analysis, although once imported, analysis is intuitive and the user has a large variety of options. Some of these depend on the type of log and the LX 2000 offers an immediately available chart for every type of log that specifies what analysis features the log type supports.
The LX 2000 is as feature-rich as anyone could wish. Its displays are straightforward and one can perform a wide variety of analyses with relative ease. Coupled with the ST 3000 large-scale storage appliance, the LX 2000 becomes an extremely powerful tool for managing, analysing and archiving huge amounts of data.
Documentation comes as a set of PDF files in a CD. The manuals are clear and comprehensive, with all the detail needed for most tasks. Specialised tasks need to be referred to LogLogic support, and we found support for the LX 2000 to be first rate.
It doesn’t come cheap, although given the high-end environment for which it is intended, we feel the price is reasonable.
A product such as the LX 2000, as well as being an important network forensic analysis tool, is
a key ingredient in managing the overall security of all sizes of networks. The LX 2000 alone is suitable for small to mid-sized enterprises, while the addition of other LogLogic family products allows scaling to virtually any size.