The first paragraph gives a nice summary of the log management dilemma:
IT managers–and system admins, for that matter–hate logs, because they seemingly go on forever and often provide an overabundance of useless information. Administrators get lost looking for one or two important log entries scattered through a log file with tens of thousands of entries.It goes on to discuss how LogLogic and LogRythym attempt to deal with the problem.
We (NetVision) don't compete with these vendors because we don't take a horizontal approach attempting to cover every system under the sun that can produce a log. We're focused on core network directories (Active Directory and eDirectory) and related file systems. But, we take a different approach to the overabundance problem.
Rather than trying to streamline the search into a huge mountain of useless information, we process events very carefully so that you never even create a mountain. Instead, you create a streamlined set of highly relevant information.
Because of our focus on core platforms, we're able to really excel at depth and provide unparalleled filters and capabilities -- such as capturing lots of information that doesn't even exist in the logs. We get user names, before and after values, any combination of objects or attributes, and even failed attempts.
And if you're enterprise still needs enterprise log management, we can contribute highly relevant event information about arguably the most important security component in the environment - the network directory (Active Directory) and its related file system (Windows). ...which ultimately makes the mountain easier to navigate.
Events we cover? User accounts, access rights, administrative changes, and user activity. In addition to platform focus, we're also focused on what events we care about -- identity and access. We answer Who Has Access to What? and monitor any changes that affect the answer to that question.