When comparing Logstash vs SolarWinds Log & Event Manager, the Slant community recommends Logstash for most people. In the question“What are the best log management, aggregation & monitoring tools?” Logstash is ranked 1st while SolarWinds Log & Event Manager is ranked 38th. The most important reason people chose Logstash is:
There is an [official Docker image for Logstash](https://hub.docker.com/_/logstash/) which means it'll likely be well supported and maintained for a while.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Has an official Docker image
There is an official Docker image for Logstash which means it'll likely be well supported and maintained for a while.
Pro Free and open source
Logstash is licensed under Apache 2.0.
Pro Extended functionality via plugins
There is a rich repository of plugins available categorized as inputs, codecs, filters and outputs.
Pro Easy installation
No dependencies, it's a single .jar file. It's written in JRuby and only requires Java to be installed.
Pro Great integration with other Elastic products
Logstash is commonly used as part of ELK stack, that also includes ElasticSearch (a clustered search and storage system) and Kibana (a web frontend for ElasticSearch).
Pro Emphasizes flexibility and interoperability
Logstash is built to fit in your stack.
Pro Filters are code
Filters, also known as "groks", are used to query a log stream. They are provided in a configuration file, that also configures source stream and output streams. Since they are stored in a file, they can be under version control and changes can be reviewed (for example, as part of a Git pull request).
Pro Managed cloud version avaible
There is a cloud based managed version if you are prepared to pay a few bucks.
Pro Good performance
You can run on mediocre system without problems
Pro Has custom search for in-depth log analysis
The in-depth, custom search helps you search by IP addresses, user names, etc, enabling faster root cause analysis when troubleshooting network, system, application and database issues.
Pro Peripheral security for enhanced visibility into malicious activities
All-in-one security solution that includes file integrity monitoring (zero-day malware& APT detection), SQL Auditor and USB detection
Pro Active response to detect and respond to threats in real-time
Automated response to events, like deleting user account, sending warning messages, kill processes, log off user, adding user to privileged account groups, etc
Pro Reduced costs with straight-forward licensing
Licensed by nodes (not log volume). No add-on purchases, DBA or expensive consultant support required. Extensive number of free connectors. Reduces SIEM management, training and operational overhead for resource-sensitive security departments.
Pro Automated industry-standard rules and reports to meet compliance and audit requirements
Demonstrate compliance and meet audit requirements with out of the box compliance reports for HIPAA, SOX, PCI DSS, DISA STIG and many more. Beyond SIEM monitoring and remediation capabilities, Log & Event Manager includes stronger security and broader compliance capabilities – like, SQL Auditor, File Integrity Monitoring, Active Response and USB Defender.
Pro Intuitive interface
Graphical Web UI with easy to read customizable dashboards, and search functionality to find the right information among thousands of logs. Log data and events are represented in bar graphs, with respect to time, and you can easily drill down to the specific system or node that's generating excessive or suspicious traffic.
Pro Centralized threat detection improves security incident awareness
Real-time, in-memory event correlations, based on built-in and custom rules, for instantaneous detection of unauthorized application/user-activity, database, configuration changes and suspicious network traffic
Cons
Con Does not come bundled with a UI
Logstash does not come bundled with a UI, to visualize data you need to use a tool like Kibana or grafana as the UI.
Con Difficult to maintain
You have to host and maintain it yourself. This can be a challenge as log volume increases.
Con Filters can be hard to write
Simple filters seem easy enough with a pattern like %{SYNTAX:SEMANTIC}
but often RegEx is required. RegEx is a powerful backdoor but it is also dense and hard to learn.
Con No native alerts
Logstash does not have any native alerting capabilities.
Con Linux agent don't manage to read logs
Linux agent made do not manage to read system logs which are in the default format which LEM is supposed to manage and also the installer seems to mess up the system during install as it assumes you are using a sysv like init system.
Con Bad UI
UI is confusing and difficult to find the information from the logs which you are looking for
Con Windows only
SolarWinds Log & Event Manager only works on Windows.