We just raised a $30M Series A: Read our story

ArcSight Logger OverviewUNIXBusinessApplication

ArcSight Logger is the #14 ranked solution in our list of Log Management Software. It is most often compared to ELK Logstash: ArcSight Logger vs ELK Logstash

What is ArcSight Logger?
HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.

ArcSight Logger is also known as Micro Focus Arcsight Logger, HPE Arcsight Logger.

ArcSight Logger Buyer's Guide

Download the ArcSight Logger Buyer's Guide including reviews and more. Updated: October 2021

ArcSight Logger Customers
China Merchants Bank, Bank AlJazira, Banca Intesa
ArcSight Logger Video

Pricing Advice

What users are saying about ArcSight Logger pricing:
  • "It's not cheap at all as it's a big product and has been in the market for quite some time now."
  • "The pricing is quite harsh."

ArcSight Logger Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
HM
Chief Information Security Officer and Founder at a insurance company with 201-500 employees
Real User
Top 5Leaderboard
Passes compliance thresholds and standard requirements and has good performance

Pros and Cons

  • "It's an efficient solution."
  • "The console in older versions is not user-friendly."

What is most valuable?

The solution offers very good performance and is efficient.

The provider offered excellent training to help us successfully launch the project.

The interface is user-friendly.

The solution passed compliance thresholds and standard requirements which we hoped to satisfy at the time of launch. At our first audit, we presented the roadmap to our auditor and on the second audit, we presented plans to help us re-conduct our certification. They were able to verify the parameters and reporting. It was very successful.

What needs improvement?

The console in older versions is not user-friendly.

At one point, we experienced an RMA. However, they sent an expert to do an SDN check. Someone came to the company to verify the hardware and try to access the log just to verify what the root cause of the incident was. The hardware was replaced without incident for us.

The solution could benefit from adding in machine learning.

What do I think about the stability of the solution?

The solution is stable. We haven't faced any incidents after deployment.

What do I think about the scalability of the solution?

The solution is scalable, but it depends on the license you acquire. You can expand your license as needed if you need to integrate more infrastructure. 

For us, our goal was to integrate all the infrastructure so we acquired a license with the expansion option so that we could integrate all the infrastructure that we wanted to. 

In order to expand, users should expect to pay additional fees.

We  are in the digital transformation space. This transformation means that very quickly we may need to be able to add more and more servers into our infrastructure. It was important that the solution we chose had a license that covered that capability.

How are customer service and technical support?

We've been in touch with technical support twice. Once was for the RMA when we needed some hardware replaced. I had to check the platform to verify it was done.

Technical support was helpful. For the RMA they sent an engineer to be on-site to verify the hardware and to verify also the root cause about that incident. It didn't take a lot of time to replace the hardware. At that time, we were only the second client to acquire Arcsight in Morocco.

How was the initial setup?

Deployment for the solution took a month, or four weeks, in total. The first week was spent installing the firmware and logging the hardware. We updated to the latest supported version as well. The following weeks were spent deploying the agent to the target systems.

The installation itself was easy, but you needed to be trained to use it because the administration console is a bit difficult. It's not like QRadar or Splunk which both have easy to use consoles. ArcSight is efficient but it wasn't until the last version that they started to use a simpler console.

We did all of the training in order to use the solution. The first was technical - for example, how to install and deploy the system. The second training was admin related - for example, how to manage the solution. There was also training on how to manage the parameters, configure the solution, integrate the agent, and handle reporting.

What's my experience with pricing, setup cost, and licensing?

In our case, we bought a license for a three year period. The technology itself is expensive.

Which other solutions did I evaluate?

At the time we were evaluating other solutions, we looked at Splunk and LogLogic. ArcSight was the first one that positioned itself as a market leader, which was a big reason we chose it.

What other advice do I have?

Arcsight was a technology we used for CM security information event management. We deployed it when I was an Information Security Senior Engineer in a company that provided electricity and water for Casablanca and neighboring cities. Arcsight was a requirement for the ISO27001 standard. It was a requirement because the company was certified. For the first audit, we presented the roadmap that contained the deployment of that kind of solution. After that, we launched an offering to different information system providers. We choose Arcsight as the CM solution.

A requirement of our local regulator, due to the fact that we manipulate sensitive data, was that all data needed to be on-premises which is why we use that deployment model and not a cloud or a hybrid deployment.

ArcSight is a good solution. I'd recommend it. However, I'd advise other companies to acquire a solution that responds to their needs.

I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SA
Security Professional at a tech services company with 501-1,000 employees
Real User
Top 20
Has very fast search operations but is not easy to implement and maintain

Pros and Cons

  • "It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
  • "It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."

What is our primary use case?

Our primary use case was to catch malicious activity happening inside our organization.

What is most valuable?

As the name suggests, it's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data.

The search operations are very fast, and you can get reports very easily for a huge number of events. You can export the search operations.

It's very easy when you want to further forward the logs as well. For example, from the end device if I'm receiving logs in an outside logger and I want to forward those to some other product, which will do something for me, I can easily do it. That's one thing that I like about it.

What needs improvement?

It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult.

There is a storage problem, and some improvement can be made at the search mechanism.

If you want to do a search, then you have to obtain a couple of criteria to get the exact amount of data. Let's say you have hundreds and thousands of servers in your environment, which will ultimately populate billions of events in a single day, especially the network devices. In this case, if you want to search a specific event, you have to be very, very specific with that query. That's something that can be generalized a bit.

Apart from that, it's a very complex tool and is not easy to implement and maintain. It requires a dedicated team.

Another thing that I think can be improved is the performance issue. When you are ingesting data in ArcSight and also you are forwarding the data from ArcSight to some other products, I have seen some performance issues.

ArcSight, does not perform well in this case. It takes time to process the data. The load is too much. At times, the logger crashes.

The UI can be improved as well.

For how long have I used the solution?

I used it for close to two years.

What do I think about the stability of the solution?

The overall stability is good, and I'd rate it as fine.

What do I think about the scalability of the solution?

To scale it, it again comes down to how are you using it. You need to identify the areas which are taking too much load or requiring too many resources from the logger. Area identification needs to be there. Once you do that, then it is easier to scale.

If you are not looking at the right place, then it would be difficult to scale because the bigger the organization, the bigger is the architecture of ArcSight Logger. This is because you need to have multiple loggers so that ArcSight Logger can withhold all the data that I want to feed into it.

We had 20 to 30 users who used ArcSight Logger logger on a daily basis.

How are customer service and technical support?

Technical support is good. Depending on the agreement with the vendor, such as gold support, platinum support, etc., the support can differ. However, overall, it is good.

How was the initial setup?

The initial setup is complex.

What about the implementation team?

We got help from the vendor during implementation. Without the vendor's help, I would say it's very, very difficult to implement ArcSight Logger and maintain. It's a very complex tool, so we need to have vendor support for implementation.

What's my experience with pricing, setup cost, and licensing?

It's not cheap at all as it's a big product and has been in the market for quite some time now.

What other advice do I have?

I would recommend ArcSight Logger and rate it at seven on a scale from one to ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about ArcSight Logger. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.
KL
Team Lead at a tech services company with 51-200 employees
Reseller
Top 20
Strong scalability options, Flexible log collection and has an easy setup

Pros and Cons

  • "In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."
  • "I would rate the technical support only 5 out of 10. The technical support is not satisfactory."

What is our primary use case?

We focus mainly on the enterprise market where the customers have the requirement for log management and compliance. And most of the time we propose ESM along with the logger for SIEM requirements.

We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them.

What is most valuable?


Various log collecting methods helps customers to route logs from almost every application or device.In terms of ArcSight Logger's most valuable feature, it is their scalability and flexible log collecting options. ArcSight's real advantage is its scalability because they have two layers, Logger layer and correlation layer. So customers may benefit from this when it comes to licensing and designing. For example, let's say the customer wants to only have a logger requirement, they have the flexibility to only use the logger layer, instead of suggesting all the other layers. I don't see this kind of flexibility in other vendors.

What needs improvement?

A concern is that after their merger with Micro Focus I have some doubts. I don't see much development of the road map on ArcSight itself. The reason why I'm saying this is because we had a situation here in Sri Lanka which concerned us, where Arcsight suddenly decided to discontinue IBM as installation platform for the connectors. So in case of the road map and the technical improvements, I see the direction has changed somehow and now the customers and the distributors who are trying to implement it don't have as much visibility about the direction.

Arcsight should focus on inbuilt features like SOAR and UBEA features.

For how long have I used the solution?

I have been working with ArcSight Logger for about two years.

What do I think about the stability of the solution?

The platform is very stable. We haven't experienced any unexpected failures at any circumstances.

What do I think about the scalability of the solution?

As I mentioned, their scalability is one of their most valuable features.

How are customer service and technical support?

I would rate the technical support only 5 out of 10. The technical support is not satisfactory. I think there is a lack of expertise when it comes to support . This appears to after merging with Micro Focus.

How was the initial setup?

Log collection may seems tricky but if you have fundamental understanding about the product it's straight forward.

What about the implementation team?

We implement arcsight solution for the customers. We posses skill set for the implementation.

What was our ROI?

We focus mainly on the enterprise market where the customers have the requirement for log management and SIEM. We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them. We see that those customers has compliance, security in depth and log management as their main ROI drivers.

What's my experience with pricing, setup cost, and licensing?

We have an annual subscription license. I'd say the pricing is okay.

What other advice do I have?

I would advise anyone looking to implement this solution to have a good understanding of your infrastructure and to verify your architecture. You should be able to get an idea of their road map for the next five years to just verify what sort of effect it will be making on your system.

On a scale of one to ten, I would rate it an eight.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
SV
Founder & CEO at a security firm with 10,001+ employees
Real User
Top 20
A robust solution than can handle complex operations and analytics, but the reporting capabilities are limited

Pros and Cons

  • "It's a robust, mature product and you can do some really complex operations and analytics."
  • "You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."

What is our primary use case?

ArcSight logger was used for storing your logs, long-term, in a structured way. You can search in it, you can structure your data in it, and you can generate simple reports. 

What is most valuable?

It's a robust, mature product and you can do some complex operations and analytics.

For correlation and structuring data, it's very good.

It's a secure platform.

What needs improvement?

ArcSight Logger is an outdated product. It hasn't been changed in the last ten years. I think that it's a product that will disappear and there are better platforms that you can use.

You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose. I would prefer to go with Elastic or Splunk.

You can do reporting but it's not up to date in terms of interactive reports that are presented well.

I was looking for a SIEM solution. ArcSight has ArcSight VSM, which is a pretty good product, but what I see on the market now is that is it being caught up by newer, more intuitive applications like Splunk. I wanted to have some deep technical insight in comparison of the two platforms.

If you have a product that hasn't evolved in 10 to 12 years then you have to start looking at other products. Many solutions were implemented and were useful at the time, but are outdated now.

In terms of features such as anomaly detection, or machine learning, or building apps on top of it, it's either not there or it's very limited.

With technical support, in the past when it was ArcSight, it was very good. However, when it moved to HP, then Micro Focus, the quality deteriorated. You could see that the knowledge was disappearing in the company.

They would benefit from having real clustering with some kind of high availability setup, but it's not clustering as it is in Elastic, where you put in a node and cluster and it all works together. It needs improvement and it should be much better. Also, the user interface is outdated, the search could be faster, and the integration with big data solutions isn't great for input and output.

For how long have I used the solution?

I am an expert with ArcSight, in all of their products. I have been working with them for 15 years.

What do I think about the stability of the solution?

It's a stable product.

How are customer service and technical support?

I don't call support as I have 15 years of experience. I have more experience than support, but it used to be good.

What other advice do I have?

We are involved with technology that allows us to solve problems for clients that they cannot solve themselves. These are often complex environments.

This solution has still been in use over the past year. We have a client who has the full ArcSight Suite. We are working on a solution to phase out Logger in the coming year and replace it with Elastic or Splunk. We can replace ArcSight entirely by Splunk and use Elastic for fast search. We think that there is more progress in that platform.

I would rate this solution a six out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
ShilpaSingh
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 10
High performance, easy query creation, and straightforward documents

Pros and Cons

  • "Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
  • "The solution could be improved in maintenance settings."

What is most valuable?

Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query. Additionally, it is user friendly and the automatic graph creation feature is beneficial. 

What needs improvement?

The solution could be improved in maintenance settings.

Some of the additional features I would like to see in the next release is an automated dashboard of the logs that has information that is more detailed. 

For how long have I used the solution?

I have used this solution for one and a half years. 

What do I think about the stability of the solution?

It is a stable solution. 

What do I think about the scalability of the solution?

It is a scalable solution. 

How are customer service and technical support?

The technical support is very good providing accurate answers and I have never experienced problems with them.

How was the initial setup?

The initial setup to be straightforward, you just have to stick to the documents and it is really easy.

What about the implementation team?

My current deployment was not a complex environment. It was very easy to deploy and connect with the different connectors. I had deployed the solution approximately three times in my career. 

With a complex environment, the deployment was approximately two days whereas with a really complex environment the setup would require around 15-20 connectors.

What other advice do I have?

I would recommend it to others because the performance of the solution is overall great. One of the significant features are its high search capacity and if you know the query language you will be more comfortable.

I rate ArcSight Logger a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PN
Senior Information Security Analyst – GRC at a transportation company with 1,001-5,000 employees
Real User
Top 20
Expensive with poor support, but it gives us the basic information we want

Pros and Cons

  • "ArcSight provides the basic information that we want."
  • "The integration with other systems could be improved."

What is our primary use case?

We have just upgraded to Splunk, so we're currently in the process of converting everything over from ArcSight to Splunk.

What is most valuable?

ArcSight provides the basic information that we want.

What needs improvement?

The support structure is not very good.

They are not 100% up to date with the current technology.

ArcSight does not provide the advanced details that we require.

AI and analytics are one of the major things that are needed for better analysis.

The integration with other systems could be improved.

The interface could be improved with a better GUI.

For how long have I used the solution?

The company has been using ArcSight Logger for between six and seven years. I joined the company six months ago, which was my first experience with it.

What do I think about the stability of the solution?

The stability is alright.

What do I think about the scalability of the solution?

Scaling this product is painful.

Staff-wise, we're not very big but scale-wise, we're right across the whole world. We operate in EMEA, Mexico, and APAC.

How are customer service and technical support?

We are not satisfied with the support.

Which solution did I use previously and why did I switch?

We are now using Splunk and are moving away from ArcSight.

What's my experience with pricing, setup cost, and licensing?

The pricing is quite harsh.

What other advice do I have?

I would rate this solution a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MS
Senior Security Analyst at a government with 201-500 employees
Real User
Top 20
Good search capability that is simple to use

Pros and Cons

  • "The most valuable feature is the search capability, which is simple to use."
  • "We have had problems with archiving."

What is our primary use case?

We use this solution for archiving log feeds.

What is most valuable?

The most valuable feature is the search capability, which is simple to use. We can easily search for certain events.

What needs improvement?

We have had problems with archiving.

The license for ArcSight Logger has given us problems.

I would like to see better integration with ArcSight ESM.

It would be helpful if this solution had some of the features from the ArcSight Command Center.

For how long have I used the solution?

I have been using ArcSight Logger for three years.

What do I think about the stability of the solution?

This solution is stable. The availability depends on the nodes.

What do I think about the scalability of the solution?

ArcSight Logger is scalable.

We have approximately 30 users over a 24-hour period for the whole network.

What other advice do I have?

I am the technical support person for all of our on-site components.

My advice for anybody who is implementing this solution is to use ArcSight ESM to correlate the logs and display them on the dashboard.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.