Network Intelligence unveils log appliance

Network Intelligence is unveiling a security appliance that collects, stores and correlates large volumes of log information.

Network Intelligence is unveiling a security appliance that collects, stores and correlates large volumes of log information.

The device, called LogSmart, is a 2U-high (3.5 inches) rack-mountable appliance that collects security information from other network devices such as firewalls, intrusion detection systems, routers and application servers.

LogSmart can collect information from up to 3,000 separate devices and capture logged events from source devices at a rate of more than 30,000 events per second (eps), Network Intelligence claimed.

The product is the sum of three separate, rack-mounted components: a LogSmart Collection server, database server and Envision LS server.

The Collection server receives high volumes of logs from the various network devices. That information is then compressed, encrypted and stored on one or more LogSmart database servers. The Envision LS server ties all three components together, providing an administrative interface as well as analysis, reporting and visualisation tools.

Because multiple databases can be deployed on a single network, all tied back as a "single database" to the Envision LS front end, LogSmart can scale much higher than its 30,000 eps rating - up to hundreds of thousands of events per second, according to Network Intelligence vice-president of technology Matt Stevens.

By deploying so-called Remote Collectors, customers can also retrieve log information from devices in remote offices. That information is forwarded in compressed format to conserve WAN bandwidth.

The heart of the latest technology is LogSmart's proprietary object-oriented database, which was specially designed for the purpose of storing logs.

Network Intelligence has provided SQL standard calls to get information from the LogSmart database.

Network Intelligence's other hardware product, the Network Intelligence Engine HA (high availability) is an enterprise product capable of capturing log messages at rates of between 2000 and 6000 eps.

Customers using Network Intelligence Engine HA appliances can upgrade those to act as LogSmart appliances or run the Network Intelligence Engine HA alongside LogSmart devices.

With a price tag between $150,000 (£95,000) and $300,000 for a LogSmart cluster, the product is designed for the upper end of the security hardware market - large companies and organisations with hundreds or even thousands of separate network devices that log information for network administrators to review.

LogSmart will be available for ordering on 12 December for delivery in January.

Read more on Antivirus, firewall and IDS products