LogLogic is one of the first vendors of a drop-in log management appliance, and an Interop Best-of-Show winner. Offered in two flavors -- ST for long-term archival storage and LX for short-term storage, analysis, and alerting -- these devices are one-U boxes that set up in minutes. You configure them to accept SYSLOG records from routers, switches, servers, firewalls, and the like, and they then automatically manage these logs without further attention.

A LogLogic appliance processes entries in realtime, adding digital signatures and compressing them, then spooling the entries into an indexed store. LogLogic units can have their own 2.5 terabyte storage, or they can work with a third-party network attached storage (NAS) device. LogLogic claims compression ratios as high as 12:1, which is believable since log files often contain a great deal of repetitive data. You have the option of rolling the oldest log entries to DVD or tape, making this a virtually inexhaustible data sink.

The ST version lets you archive prodigious amounts of log data while retaining the ability to search and retrieve entries via a Web browser interface. The LX version lacks the vast storage abilities of the ST, but provides realtime log analysis, alerting for pre-selected conditions, and extensive reporting capabilities. As with the ST, you can view entries with a Web browser; but the LX also supports a live viewer application to let you watch log entries stream by as they occur.

The LX only holds 90 days of data, but you can team an LX box with an ST for long-term storage. In fact, you can mix and match versions to extend logging capabilities to everywhere in your enterprise, making this solution very scalable.

The products have list prices starting at about $20,000, so they're aimed at enterprises rather than small shops. But if you're in a mid-sized enterprise facing serious labor costs to comply with data retention mandates, a log management appliance may well be the cheapest solution available.

http://www.loglogic.com