Logger

Scalable, Flexible Log Management

The AlienVault Logger performs a simple, but critical, task – it forensically stores all of the logs an organization produces. Regardless of the numerous compliance obligations to maintain raw log data, it is important for forensic purposes to have full visibility into the historical record. The AlienVault Logger provides this capability and is fully integrated into the AlienVault Console making for seamless access to historical log data from the same user interface used for SIEM incident management.

Summary Display of a Logger Search

The AlienVault Console also exposes the ability to configure retention policies allowing for corporate or regulatory retention requirements to be centrally managed.

The AlienVault Logger is built to be highly-scalable. It leverages a file-system based storage mechanism and allows you to leverage your existing NAS or SAN storage systems. Providing this type of storage mechanism means that storage capacity linearly scales with your disk capacity.

Raw log data that is stored is first encrypted and compressed to make the most efficient use of disk capacity. In addition to being able to deploy highly-scalable single nodes, it is possible to configure the AlienVault Console to distribute queries across a number of AlienVault Logger installations making for easy horizontal scalability and geographic isolation to ensure regulatory compliance.

Searches can span multiple Logger installations for complete results

Learn more about AlienVault architecture components – the  SIEM Correlation Engine, the SIEM Console, Agent, and Sensor.