Solarwinds log engine, logRhythm, Spluk?

DevilWAH

Looking for some help. have some money for a logging tool, had a demo of both logrhythm and solar winds, but not sure.

Does any one use Solarwinds, seems a decent tool but I am wondering how it compares to the likes of Logrhythm which is 3 times the price. I have been playing with it, and it seems OK, but not able to push it in a test environment really.

Cheers

Zartanasaurus

I've never even heard of Logrhythm before, which is not to be construed as anything other than my own ignorance.
I have used Solarwinds for quite a bit and I like it. One sentence summary is "it's like they know exactly what I do and are trying to make that easier for me".

They have lots of add-on tools, so you get a pay as you go functionality with them. SQL DB on the backend allows you to write your own custom reports that the management types like. NCM and NPM are probably the bread and butter. They have an open source like community behind them, so when new devices come out that NCM doesn't currently support, there's usually someone on the forums who can write a template for it to make it work. All in all I like it, although I have nothing to compare it to. I've read people on the forums complain about their aggressive sales staff once you purchase one of their products, but I've never had that problem, even after downloading trial software. Their products all seem very reasonably priced, except for the SAN monitoring tool which had a bit of sticker shock for me since they charge per physical disk.

DevilWAH

Cheers for the comments and sorry not reply sooner.

Any one use Splunk and have any comments, from what I see it looks a big learning curve and not much built in out of the box.

it_consultant

We use HP Arcsight, a little less expensive than Logrythm but a much larger PITA to use.

ccnxjr

Have you considered Logstash/Kibanna/Elasticsearch ?

Probably not as mature as some of the other systems out there, but there's an active OpenSource community and some of the maintainers are easily available over irc if you need assistance.

There might be a bit of tailoring involved, but it's a good excuse to learn a bit of ruby, which should help if your going to use Puppet/Chef later on.

DevilWAH

Honestly with out Ops team we have I want nice simple interface, and set up. Want to hand the daily tasks over ASAP!

for playing around at home I have nothing against opensource or scripting. But I find when you work as a developer unless you want to end up stuck managing every thing, its best to put in place systems that people with less technical and in depth knowledge will be able to pick up.

Playing with SPLUNK and its actually got some nice features, not much set up out of the box but quite quickly you can create nice dashboards, triggers and alert.

SteveO86

I'd go with Splunk for logging.

I will wave the SolarWinds flag all day long, I've worked with it for years and took the Cert test, it's great for monitoring/management.

However for Syslog capabilities, Splunk wins outright from my experience. It's quick, very customizable, and their are many different modules some specific for vendors and devices. (Cisco Security Suite for one). If you are really into SolarWinds and want to use them for Syslog then I would go with Kiwi. SolarWinds NPM has a syslog collector but under heavy load (a few hundred devices) it will get bogged down real quick in my experience.

If you are looking for normal device management then NPM, NCM, NTA are the way to go. You can't go wrong with SolarWinds.