Enterprise Log Manager

Compliant Log Collection, Storage and Management

NitroView Enterprise Log Manager (ELM) automates the log management and analysis for all log types, including Windows Event logs, Database Logs, Application Logs, and Syslogs. Logs are signed and validated, ensuring authenticity and integrity—a necessity for regulatory compliance. Out-of-the-box, compliance rule sets and reports ensure that it is simple to prove your organization is in compliance and policies are being enforced.

NitroView's performance and scalability allow security information and log management functions to be tightly integrated. When a security event is generated, the parsed event files are linked directly to the source log file and even to the specific log record—for instant access during the event management and forensic processes.

 

  • Overview
  • Key Features
  • Storage Options
  • Specifications
  • Use Cases

NitroView ELM is an optional, integrated part of NitroView ESM, and can be deployed together using a single "combination" appliance, or distributed both horizontally and hierarchically to support even the largest networks.  

In either case, NitroView ELM is easy to deploy: just select "enable logging" on any configured data source, and those logs will be digitally signed and stored, and retained in their original format for as long as is required for your specific compliance needs.  

Logs can also be fully parsed, normalized, and analyzed by NitroView ESM—just as easily, and with no alteration of the original log files, supporting chain of custody and non-repudiation efforts.

The result is a tightly integrated log collection, management, and analysis environment that will both strengthen your security profile and dramatically improve your ability comply with standards such as PCI-DSS, HIPAA, NERC-CIP, FISMA, GLBA, SOX and others.

Universal log collection to meet compliance log retention requirements

If it's a log file, NitroView ELM can collect, sign and store it. And because NitroView ELM and ESM are so closely integrated, most logs can also be deeply parsed and analyzed so that the information therein is immediately available for real=time security investigations and incident response.

Flexible storage and retention per log source

Information needs to be retained differently depending upon the log source and/or the varying compliance requirements that you need to satisfy. NitroView ELM uses easily customizable storage pools to ensure that your logs are stored correctly and for the right amount of time.

Provides log analysis and search capability

Log collection is handled intelligently, so that the right logs are stored for compliance, and/or parsed and analyzed for security.

Store logs locally or via a managed SAN

Choose the best storage option for your needs: with up to 7.5TB of usable HDD storage on the appliances, and optional fiber channel cards for high speed SAN storage.

Fully integrated with NitroView ESM

One-click access to original log files and even the specific log record from any point in the event management process.

NitroView Enterprise Log Manager Storage Options

ELM utilizes the concept of "Storage Pools" to add even more flexibility to how logs are kept long-term. Storage Pools are virtual groups of usable storage, that can be distributed across various groups of physical storage devices (Local storage, NFS, SAN, FTP, SCP, CIF, etc) to accomodate different log management needs.

A storage pool can consist of multiple devices, and data can be assigned to a particular pool based on the source device, so that logs can be stored in separate locations based on their relevance to security, compliance, confidentiality, or other criteria. For example, logs that are critical to compliance might be stored to a pool consisting of multiple, redundant network storage devices; less critical logs might be stored to less redundant systems; and logs that are most useful for forensics might be stored locally for more rapid analytics.

Model Description Collection Rates Analytical Performance Local Storage

Dedicated NitroView ELM Appliances
NS-ELM-5750-R NitroView ELM 5000 Enterprise Log Manager provides Compliant Log Management functions. 7 TB local storage. 3U appliance.

50,000 per second N/A 7 TB
NS-ELM-5510-R NitroView ELM 5000 Enterprise Log Manager provides Compliant Log Management functions. 3.0 TB local storage. 3U appliance.

35,000 per second N/A 3.75 TB
NS-ELM-5205-R NitroView ELM 5000 Enterprise Log Manager provides Compliant Log Management functions. 2.5 TB local storage. 3U appliance.

20,000 per second N/A 2.5 TB
NS-ELM-4245-R NitroView ELM 4000 Enterprise Log Manager provides Compliant Log Management functions. Supports network / SAN storage options. No local storage. 1U appliance.

40,000 per second N/A N/A

Combination ELM and Receiver Appliances
NS-NRCLM-4245-R NitroView ELM Receiver provides compliant Log Management and collects flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 10,000 events per second. (Raw log retention requires external storage. Optional SAN card sold separately) 10,000 per second N/A 2.5 TB
NS-NRCLM-2250-R NitroView ELM Receiver provides compliant Log Management and collects flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 8,000 events per second. (Raw log retention requires external storage. Optional SAN card sold separately) 8,000 per second N/A 1.5 TB
NS-NRCLM-2230-R NitroView ELM Receiver provides compliant Log Management and collects flow data for correlation and analysis by NitroView ESM. 1U Appliance. Rated for 5,000 events per second. (Raw log retention requires external storage. Optional SAN card sold separately) 5,000 per second N/A 1.5 TB

All-in-one NitroView ESM, ELM & Receiver Appliances
NS-ESMLM-5510-R NitroView ESM / ELM 5000 Enterprise Security Manager provides SIEM , Compliant Enterprise Log Management, and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. Rated for 5,000 EPS. 3.75 TB local storage. 3U appliance. (Raw log retention requires external storage. Optional SAN card sold separately) 5,000 per second Less than 4 minutes 2.5 TB
NS-ESMLM-5205-R NitroView ESM / ELM 5000 Enterprise Security Manager provides SIEM , Compliant Enterprise Log Management, and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. Rated for 2,500 EPS. 2.5 TB local storage. 3U appliance. (Raw log retention requires external storage. Optional SAN card sold separately) 2,500 per second Less than 4 minutes 2.5 TB
NS-ESMLM-4245-R NitroView ESM / ELM 4000 Enterprise Security Manager provides SIEM , Compliant Enterprise Log Management, and Network Analysis functions. Includes integrated NitroView Receiver for collection of third party feeds. Rated for 1,000 EPS. 1TB local storage. 1U Appliance. (Raw log retention requires external storage. Optional SAN card sold separately) 1,000 per second Less than 5 minutes 1 TB

NitroView ELM's advanced log management and retention capabilities support a variety of a use cases, including:

  • Establish and automate compliant data/log retention
  • Establish non-repudiation of evidence
  • Establish an audit trail for sensitive data access
  • Establish an audit trail for administrator activity
  • Establish an audit trail for user account activity and changes
  • Establish automated reporting
more use cases

For more detail on popular use cases, please visit our Use Cases page, or Contact Us to arrange a personal webinar, and see how NitroView can meet your individual requirements.