ArcSight Logger Reviews

We use this solution for archiving log feeds.

The most valuable feature is the search capability, which is simple to use. We can easily search for certain events.

We have had problems with archiving.

The license for ArcSight Logger has given us problems.

I would like to see better integration with ArcSight ESM.

It would be helpful if this solution had some of the features from the ArcSight Command Center.

I have been using ArcSight Logger for three years.

This solution is stable. The availability depends on the nodes.

ArcSight Logger is scalable.

We have approximately 30 users over a 24-hour period for the whole network.

I am the technical support person for all of our on-site components.

My advice for anybody who is implementing this solution is to use ArcSight ESM to correlate the logs and display them on the dashboard.

I would rate this solution an eight out of ten.

ArcSight logger was used for storing your logs, long-term, in a structured way. You can search in it, you can structure your data in it, and you can generate simple reports. 

It's a robust, mature product and you can do some complex operations and analytics.

For correlation and structuring data, it's very good.

It's a secure platform.

ArcSight Logger is an outdated product. It hasn't been changed in the last ten years. I think that it's a product that will disappear and there are better platforms that you can use.

You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose. I would prefer to go with Elastic or Splunk.

You can do reporting but it's not up to date in terms of interactive reports that are presented well.

I was looking for a SIEM solution. ArcSight has ArcSight VSM, which is a pretty good product, but what I see on the market now is that is it being caught up by newer, more intuitive applications like Splunk. I wanted to have some deep technical insight in comparison of the two platforms.

If you have a product that hasn't evolved in 10 to 12 years then you have to start looking at other products. Many solutions were implemented and were useful at the time, but are outdated now.

In terms of features such as anomaly detection, or machine learning, or building apps on top of it, it's either not there or it's very limited.

With technical support, in the past when it was ArcSight, it was very good. However, when it moved to HP, then Micro Focus, the quality deteriorated. You could see that the knowledge was disappearing in the company.

They would benefit from having real clustering with some kind of high availability setup, but it's not clustering as it is in Elastic, where you put in a node and cluster and it all works together. It needs improvement and it should be much better. Also, the user interface is outdated, the search could be faster, and the integration with big data solutions isn't great for input and output.

I am an expert with ArcSight, in all of their products. I have been working with them for 15 years.

It's a stable product.

I don't call support as I have 15 years of experience. I have more experience than support, but it used to be good.

We are involved with technology that allows us to solve problems for clients that they cannot solve themselves. These are often complex environments.

This solution has still been in use over the past year. We have a client who has the full ArcSight Suite. We are working on a solution to phase out Logger in the coming year and replace it with Elastic or Splunk. We can replace ArcSight entirely by Splunk and use Elastic for fast search. We think that there is more progress in that platform.

I would rate this solution a six out of ten.

We focus mainly on the enterprise market where the customers have the requirement for log management and compliance. And most of the time we propose ESM along with the logger for SIEM requirements.

We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them.

Various log collecting methods helps customers to route logs from almost every application or device.In terms of ArcSight Logger's most valuable feature, it is their scalability and flexible log collecting options. ArcSight's real advantage is its scalability because they have two layers, Logger layer and correlation layer. So customers may benefit from this when it comes to licensing and designing. For example, let's say the customer wants to only have a logger requirement, they have the flexibility to only use the logger layer, instead of suggesting all the other layers. I don't see this kind of flexibility in other vendors.

A concern is that after their merger with Micro Focus I have some doubts. I don't see much development of the road map on ArcSight itself. The reason why I'm saying this is because we had a situation here in Sri Lanka which concerned us, where Arcsight suddenly decided to discontinue IBM as installation platform for the connectors. So in case of the road map and the technical improvements, I see the direction has changed somehow and now the customers and the distributors who are trying to implement it don't have as much visibility about the direction.

Arcsight should focus on inbuilt features like SOAR and UBEA features.

I have been working with ArcSight Logger for about two years.

The platform is very stable. We haven't experienced any unexpected failures at any circumstances.

As I mentioned, their scalability is one of their most valuable features.

I would rate the technical support only 5 out of 10. The technical support is not satisfactory. I think there is a lack of expertise when it comes to support . This appears to after merging with Micro Focus.

Log collection may seems tricky but if you have fundamental understanding about the product it's straight forward.

We implement arcsight solution for the customers. We posses skill set for the implementation.

We focus mainly on the enterprise market where the customers have the requirement for log management and SIEM. We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them. We see that those customers has compliance, security in depth and log management as their main ROI drivers.

We have an annual subscription license. I'd say the pricing is okay.

I would advise anyone looking to implement this solution to have a good understanding of your infrastructure and to verify your architecture. You should be able to get an idea of their road map for the next five years to just verify what sort of effect it will be making on your system.

On a scale of one to ten, I would rate it an eight.

We use the on-premise deployment model. Our primary use case is for monitoring. 

In the next release, I want to see more intelligence. 

We haven't had any crashes or bugs. It is stable.

Their technical support is good. 

We have a support group that helps with this. The setup isn't easy. The deployment took a month. 

I would rate it an eight out of ten. 

We primarily use the solution for monitoring all of our perimeter - from critical assets to less critical ones. It covers IT assets, networks, databases, servers, endpoints, etc.

The ability to customize the solution in great detail is its most valuable feature. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive. 

They should enhance and improve everything related to the graphical user interface. It needs to be more fluid and easy to use. Many think that ArcSight is complex and difficult. This is not something that my team feels but that's because we have acquired experience and expertise over time.

The solution should make it possible to integrate network analysis features.

The stability of the solution is good. There are very few bugs.

The scalability of the solution is very, very good.

Technical support is very responsive.

We didn't previously use a different solution.

The initial setup was straightforward. Deployment varies according to the scope of your technical parameters. Maintenance is a daily activity. I have a team of two people that are focused on the administration of the outside platform.

We implemented the solution through an integrator.

We evaluated QRadar before we implemented this solution.

We are using the on-premises deployment model.

There are people who say "Oh, ArcSight is losing its position and it's complex or it's not a good solution." I do not agree. I know that the biggest companies in the world are still working with ArcSight. It's the most comprehensive solution. It contains many features that are useful for enterprise-level organizations. 

If a company has a team that wants to go deeper and get the most features out of developing a real SOC, they should look for a very robust, scalable,  multi-tenant solution. The solution should also be able to manage data analytics and to offer User Behavior Analytics. Arcsight offers this. 

This particular solution is perfect for big companies. Smaller companies should look for integrated solutions that do not necessarily scale.

I would rate the solution nine out of ten.

We are a service provider and this solution is deployed on-premises for some of our customers. It is primarily used for firewall and Windows events. 

The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console.

The searching is very good, where you can search for the larger part of the event.

I would like to see better scheduling in the next release of this solution.

It would improve the solution if some of the features available in the console were implemented within the search. More things can be done in the console, while the logger is restricted to just a few of them.

The stability of this solution is fine, so far.

When you export a large number of events then it gets slower.

We have about fifty users for this solution. We do not yet have plans to increase usage.

Technical support for this solution has definitely been helpful.

We evaluated Splunk and IBM QRadar before choosing this solution.

The first time you set up this solution it is a little bit complex. But when you try it again and you know where the errors are, it is much more comfortable.

We have four administrators who maintain this solution.

We deployed this solution ourselves.

We did not use another solution prior to this one, although we have upgraded versions.

This is a solution that is straightforward and easy to use. It is user-friendly and not complex.

I would rate this solution an eight out of ten.

We use the on-premise version of ArcSight Logger.

In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating.

I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this.

A lot of people that compare this solution with QRadar or McAfee say that the other products in the market are more easier to use than ArcSight. After customers do the training to see how they can use it, they change their minds a little bit, but it still seems that Micro Focus should take some time to reduce the complexity in using Arcsight.

ArcSight should give each customer more visibility or a more useful presentation on the web product. There are a lot of customers that want to use the product in the web, especially to use the dashboard, but the dashboard is not so beautiful.

It has worked fine until now for whatever I needed. Sometimes an issue can occur when a client wants to upgrade the software to a major version. For the most part though, it is very stable.

Well before the last version I think it was a little bit difficult, but now with the new version that is integrated with the ESM it's little bit more efficient.

That is one of the bad things with Micro Focus. They are not so reactive and sometimes it takes more time to address the issue. There are many tickets that have not been resolved yet. We hope that Mirco Focus will be more reactive than they are at the moment.

The deployment doesn't take much time for the standard setup, but it can take more time when we need to integrate the device with the system. Sometimes we have found that we are not supported naturally and must do some tuning to integrate it. That can take some more time, but setup of the initial system does not taking more time. It's easy for me now to do this setup. I remember during my first year it took a little bit more time, but that's normal. It's easier to deploy the product in the basic standard, but in the complex module, it takes a little bit more time.

ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition.

I would rate this solution as ten out of ten.

Whenever I talk about the product I tell the user to start easy, not to take the whole package and to try to use it quickly. Start with the basics, then you can ramp up fluidly. Sometimes the client or customer wants to take it urgently so at that moment it will be more difficult to use. I prefer to take the product step by step.

We have several uses for this solution like retention storage. We use Logger for some queries since we are in Talco industries. We use it for IT, MSISDN, and mobile phone. For the SM we have communication for the infrastructures including security. Plus, we use ESM for prevention and for a couple of cases we use it for fraud prevention and some for the VIP members check.

The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution.

The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved.

They should improve the speed of the indexing and queries being dumped. Technical support's response time could also be slightly improved. Although these two issues are not something bad, it's just the only things that I think have any possibility to improve, but they're not necessarily something that is bad.

It is pretty much stable. From time to time we have cases of a connector crashing so the drama processing it is when it gets stuck but that is just an occasional case.

It's pretty much scalable. You can just add remote connectors and you can add remote log types. One of the best parts of the product is FlexConnector. Implementing them is easy to configure. 

We have twenty users using this solution that mostly compromise of information security guys and cybersecurity. There are IT infrastructure engineers like Windows Unix engineers and some Talco fraud prevention specialists.

We have two guys operating this solution in these three countries so we require two to three people to maintain the whole thing.

Their technical support is also good. Whenever we request anything they are arprompt and the guys are well trained. Any customer could say that it could be faster but I understand that we are not alone in this world. They have plenty of other customers so I completely understand. I would rate their support a nine out of ten. There is always room for more of a prompt response but I'm talking about hours, not days.

I was new to cybersecurity when I joined my company and they were implementing it at the time so the initial setup was a bit complex for me. When I got introduced to it for the first time and got thousands and thousands of pages of documentation it was a bit complex for me to fully understand how it works and how it functions. At this point, I don't think it's complex. It's pretty much straightforward and it's not complex for an experienced IT or security guy. 

The full implementation took one year, but there was a huge number of connectors that we implemented across three countries including Hungary, Serbia, and Montenegro. There were a huge number of connectors and a huge number of connector servers. I believe that that's why it took a year, it might have been a bit less. 

I would rate it a nine out of ten. I wouldn't give any solution a perfect ten.