Thursday, August 30, 2007

Still, I Stick to It or 'SIEM vs Log Management'

Even though I did talk about it at length before (e.g. here), this article reminded me to remind you :-) I think Forrester folks are a bit optimistic. Think about it: if you have logs - you need log management. If you are ... if you have ... ehhh, well - when do you need a SIEM?

A long time ago, in my previous life, somebody came to me and said "I want everybody to need SIEM, our SIEM! Make it happen" (well, not exactly these words, but you get the idea). I thought about it long and hard and you know what? - even back then it occurred to me that SIEM is not for everyone. Log management, on the other hand, is for everyone who has logs (well, more than a trivial amount of them ...)

2 comments:

Unknown said...

Hmmm.. whats the difference? Isn't SIEM just a fancy name for "Log Manager" without using the word "Log"?

Anton Chuvakin said...

Well, not really! Read the piece I linked from the above blog post; it will provide a bit more clarity.

Dr Anton Chuvakin