NitroView Product Specs

NitroView ESM model NS-NRCLM-2230-R

The NS-NRCLM-2230 provides NitroView ELM and NitroView Receiver functionality in a single appliance.

NitroView ELM is a reliable and scalable log management solution. NitroView ELM accepts any log file, and provides absolute control over how each log file is handled, allowing you to select whether a particular log should be signed and stored for compliance and/or parsed and normalized for analysis by NitroView ESM. Logs can also be handled conditionally based on their contents: if a printer log file contains a social security number, for example, to save storage space and avoid event clutter, you may wish to only manage certain log sources if they contain sensitive information, such as a credit card or social security number.

NitroView ELM is an essential tool in managing the data needed for regulatory compliance efforts, including GLBA, HIPAA, FERPA, FISMA, SoX, and PCI. Easily use NitroView's granular data stores to generate compliance reports using pre-defined templates or custom reports. Because NitroView preserves more data over time than most SIEM systems, the validity of each report is maintained over the entire audit history.

The NitroView Receiver collects all relevant security data from the many diverse areas of your infrastructure. Alerts, Network flows, and logs are collected by the Receiver for use by NitroView ESM. NitroView Receivers are able to collect a multitude of security information, including but not limited to:

  • server and host, OS and application logs
  • security device alerts (firewalls, IPSs, VPNs, etc)
  • network flows (NetFlow, sFlow, etc)
  • virtually any other device via advanced syslog parsing

 

Specifications

  • 3 TB local HDD storage (1.5 TB usable), RAID 101
  • Supports up to 5,000 events per second2

1 Local storage is only available for raw log retention on dedicated ELM appliances. Raw log retention on ESMLM and NRCLM models requires external storage. Optional SAN card sold separately.
2 Represents raw log rates, without compression or aggregation. Log collection and management is supported directly on the NS-NRCLM-2230-R. Note: Receiver/ELM Combination appliances do not support indexed log search.

Hardware

  • Dimensions: 17.2"W x 25.6"D x 1.75" (1 rack unit)
  • Weight: 52 lbs
  • Power Supplies: 2
  • Power Supply Rating: 100/240 VAC, 50/60Hz, 650W* max 3A
  • Power Consumption: 413W at 120VAC, 397W at 240VAC **

* per power supply

** under normal NitroSecurity software operating conditions

Environmental

  • Altitude (Max): -45 to 9500ft (operating), -45 to 25,000ft (non-operating)
  • Temperature (Max): 10° to 35° C (operating), -40° to 70° C (non-operating)
  • BTU/hr: 1475**
  • Humidity: 10% to 85% (operating), 10% to 90% (non-operating)*

* non condensing

** under normal NitroSecurity software operating conditions

Feature Summary

Log Collection

  • Supports any log format from any source  *
  • Supports log compression ratios up to 15:1

Log Retention & Storage

  • Supports customizable storage pools for maximum efficiency
  • Easily add storage to defined pools as your network scales
  • Assign retention periods per storage pool for easy mapping to individual compliance requirements
  • All logs are hashed and signed for non-repudiation

Log Analysis & Search

  • Filter logs prior to storage or analysis  *
  • Fully Integrated with NitroView ESM for robust parsing and analytics  **
  • Search through log contents using keyword search or regular expressions  **

 * For full parsing and log analysis using NitroView ESM, see the supported device list.      ** Excludes binary log files only.

Log / Event Parsing

  • Indexes logs across over 30 relevant indices for rapid analysis and search
  • Parsed logs retain the full log contents, with no truncation of log details
  • All parsed logs include a direct link to the original raw source log record  *
  • Optional aggregation of events to reduce event noise is performed locally on the Recevier, prior to delivery to the ESM
  • Local HDD cache of all parsed events preserves reliability in the event of a network link failure

 * Only available when the raw log is stored using NitroView ELM.

© 2010 NitroSecurity, Inc. NitroSecurity, NitroView, and NitroGuard are registered trademarks of NitroSecurity, Inc. Product information is subject to change without notice.