LogLogic 4.0: A View to a Log
April 17, 2007 Alex Woodie
LogLogic has overhauled its cross-platform log monitoring and reporting solution, called LogLogic. With LogLogic version 4.0, the company has added a new engine for processing data from logs and queues and added the capability for users to consume reports generated from that data via the Web, among other new features.
LogLogic sells rack-mounted X86 servers preloaded with its log management and reporting software. The San Jose, California, company sells two appliances: a frontline LX series that collects log data from a range of platforms and applications, generates reports from short-term data, and performs real-time alerting and access control; and the backline ST series that provides longer-term storage and reporting for regulatory compliance, delivered via precanned reports for the major regulations IT shops are grappling with (Sarbanes-Oxley, PCI, GLBA, HIPAA, ITIL, COBIT, ISO, et al).
With version 4 of the LogLogic appliances, announced yesterday, the company has added a second data analysis engine, which it refers to as its multidimensional analytics engine. Instead of searching through reams of raw log data, IT managers can opt to put LogLogic to work by parsing and indexing the data, so that it is easier to create reports afterwards, says Michelle Johnson Cobb, LogLogic’s senior director of partners and product marketing.
“If a customer has a homegrown application for which nobody builds a specific parsing and normalizing tool, you can now build reports on that,” she says. “It saves time because they don’t have to create custom scripts.”
Version 4.0 also introduces a “log replay” feature that is useful for building reports on archived data, and for forensics purposes. With many log analysis tools, it can be difficult to go back and create a new report using archived data; reports are best created using relatively fresh data, Johnson Cobb says. “With other systems, once it’s archived, you can’t reprocess it. But with this, you can provide new reports on it,” she says. “It now lets you reparse and analyze the data again.”
Another major enhancement is the delivery of the “open log services” Web services API that will change how users consume reports in LogLogic. Typically, IT managers are the direct users of LogLogic. They get requests for reports from executives or others, and then use the LogLogic tools to create the reports.
With version 4.0, IT managers can now use the SOAP/XML API to create a Web page or a dashboard interface that enables other users, such as the chief financial officer, to go get the log data reports themselves. “Customers are saying, if that information is available, we want to give users limited access,” Johnson Cobb says.
Long term storage of log data has also been addressed with version 4.0. Some LogLogic customers, such as telecommunication companies, have terabytes of data to store, and prefer to use storage area networks (SANs). With version 4.0, these customers can now feel safe offloading their archives to SANs from EMC, Network Appliance, and NexSAN, which have been certified for use with LogLogic 4. Support for write once, read many (WORM) media has also been added, further boosting LogLogic’s compatibility in compliance environments.
LogLogic 4 also includes hardware enhancements. The Intel-based servers are faster–they can process more than 75,000 messages per second, LogLogic says. And they’re also more power efficient, consuming one-third less electricity.