ArcSight Logger

With ArcSight Logger you can improve everything from compliance and risk management to security intelligence to IT operations to efforts that prevent insider and advanced persistent threats. This universal log management solution collects machine data from any log-generating source and unifies the data for searching, indexing, reporting, analysis, and retention. And in the age of BYOD and mobility, it enables you to comprehensively manage an increasing volume of log data from an increasing number of sources.

Key features

  • Collect logs from any log generating source through 300+ connectors from any device and in any format
  • Unify the data across the IT through normalization and categorization, into a common event format (CEF registered)
  • Search through millions of events using a text-based search tool on a simple interface
  • Store years' worth of logs and events in an unified format through a high compression ratio at low cost
  • Automate analysis, alerting, reporting, intelligence of logs and events for IT security, IT operations, IT GRC and log analytics

ArcSight Logger Specifications (Software)

ModelDevicesMax log volumeMax search volume
L750MB 10 750 MB/day 500 GB
L5GB 50 5 GB/day 2.5 TB
L30GB 200 30 GB/day 8 TB
L80GB 500 80 GB/day 42 TB
L160GB Unrestricted 160 GB/day 42 TB
L250GB Unrestricted 250 GB/day 42 TB
Software Generic Spec

Supported OS:
Red Hat Enterprise Linux v6.2, 64-bit
Oracle Enterprise Linux, v6.1, 64-bit
CentOS, v6.2, 64-bit
Hyper-V on Windows Server 2008 R2, 64-bit
VMware Virtual Image

Recommended Minimum Hardware:
CPU: 1 or 2x Intel® Xeon® Quad Core or equivalent
Memory: 4–12 GB
Disk space: 4-12 GB

Average compression of 10:1 (depending on the data type and source)

ArcSight Logger Specifications (Appliance)

Devices 200 Unrestricted 500 Unrestricted
Max EPS 2000 75000 5000 100000
Capacity (compressed) 8TB 50TB 42TB
Hardware Spec 1x Intel Xeon, E5-2620 2.0GHz, 6-core Processor 2x Intel Xeon, 2648L, 1.8, GHZ 8-core Processor
Memory 32 GB, 1600 MHz RAM 64 GB, 1600 MHz RAM
Storage 4 x 500 GB (1.5 TB RAID-5) External – SAN 4 x 3 TB (9 TB - RAID 5)
Host Bus Adapter N/A 2 x 2-port 16 GB Emulex HBA N/A
Dimensions (DxWxH) 27.5" x 17.1" x 1.7" 29.5" x 17.1" x 1.7"
Connector Management Yes N/A
Generic Spec Management:
Web browser, CLI, Web Services API Supported OS:
Red Hat Enterprise Linux v6.2, 64-bit Supported Sources:
Raw Syslog (TCP/UDP), Raw File based logs (FTP, SCP, SFTP)
Analysis optimized collection using ArcSight SmartConnectors
FlexConnector framework for legacy event sources
ArcSight CEF (Common Event Format), ArcSight ESM Storage:
Average compression of 10:1 (dependent on data type and data source) Power:
2 x 460W CS Platinum Power Supply Ethernet Interfaces:
4 x 10/100/1000 Chassis: 1U

Centralized Security Management

ArcSight Management Center (ArcMC) is a centralized security management center that unifies management, configuration, and monitoring of ArcSight log management solution for large enterprises. ArcMC allows customers to manage large deployments of ArcSight Logger (appliance and software), SmartConnectors, FlexConnectors, and Connector Appliance (ConApp) through a single consolidated view. Management Center enables you to focus on your use cases, feeds, and threats effectively as opposed to managing log management solution.

Key benefits

  • Centralized security management console for ArcSight log analytics solution
  • Ease of deployment, management, and scalability
  • Manage large deployments easily enabling high scalability
  • Simplified change management through single console
  • Maximizes security investment delivering quick time to value

ArcSight Logger Overview

What It Does

ArcSight Logger collects information from any system that generates log data. It can process that information as much or as little as desired, and can produce ultra-fast searching across the data. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations , application development, and cybersecurity issues, and to simultaneously address multiple regulations.

How It's Different

Until now, log analysis was asset-centric and organizations purchased one product for security and compliance reporting, a different product for IT operations search and yet another one for application development. Today, the questions that need to be answered through log analysis are increasingly user-centric and can span any and all infrastructure. Traditional log management tools cannot be expanded to analyze logs across the enterprise because they are limited by the type of sources; have restricted search/reporting capabilities and are not scalable. ArcSight Logger is a universal log management solution that can capture and analyze ALL enterprise log data to answer questions of individual teams and can easily be expanded into an enterprise-wide log management solution when needed.