When comparing SolarWinds Log & Event Manager vs Sumo Logic, the Slant community recommends Sumo Logic for most people. In the question“What are the best log management, aggregation & monitoring tools?” Sumo Logic is ranked 12th while SolarWinds Log & Event Manager is ranked 38th. The most important reason people chose Sumo Logic is:
Sumo logic is entirely cloud based and very scalable.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Has custom search for in-depth log analysis
The in-depth, custom search helps you search by IP addresses, user names, etc, enabling faster root cause analysis when troubleshooting network, system, application and database issues.
Pro Peripheral security for enhanced visibility into malicious activities
All-in-one security solution that includes file integrity monitoring (zero-day malware& APT detection), SQL Auditor and USB detection
Pro Active response to detect and respond to threats in real-time
Automated response to events, like deleting user account, sending warning messages, kill processes, log off user, adding user to privileged account groups, etc
Pro Reduced costs with straight-forward licensing
Licensed by nodes (not log volume). No add-on purchases, DBA or expensive consultant support required. Extensive number of free connectors. Reduces SIEM management, training and operational overhead for resource-sensitive security departments.
Pro Automated industry-standard rules and reports to meet compliance and audit requirements
Demonstrate compliance and meet audit requirements with out of the box compliance reports for HIPAA, SOX, PCI DSS, DISA STIG and many more. Beyond SIEM monitoring and remediation capabilities, Log & Event Manager includes stronger security and broader compliance capabilities – like, SQL Auditor, File Integrity Monitoring, Active Response and USB Defender.
Pro Intuitive interface
Graphical Web UI with easy to read customizable dashboards, and search functionality to find the right information among thousands of logs. Log data and events are represented in bar graphs, with respect to time, and you can easily drill down to the specific system or node that's generating excessive or suspicious traffic.
Pro Centralized threat detection improves security incident awareness
Real-time, in-memory event correlations, based on built-in and custom rules, for instantaneous detection of unauthorized application/user-activity, database, configuration changes and suspicious network traffic
Pro Scalable
Sumo logic is entirely cloud based and very scalable.
Pro Flexible licensing model
Licensing cost is primarily determined by daily ingest of logs, however this is averaged out over 30 days instead of locking a user out of their own data after an arbitrary number of license breaches.
Pro Truly multi-tenant
Sumo Logic is truly multi-tenant, a single instance running on the server can serve multiple groups of users.
Pro A large set of supporting Apps
Allows customers to quickly setup and start getting actionable insights from their infrastructure by using Apps that integrate with various different platforms out of the box.
Cons
Con Linux agent don't manage to read logs
Linux agent made do not manage to read system logs which are in the default format which LEM is supposed to manage and also the installer seems to mess up the system during install as it assumes you are using a sysv like init system.
Con Bad UI
UI is confusing and difficult to find the information from the logs which you are looking for
Con Windows only
SolarWinds Log & Event Manager only works on Windows.
Con Useless need for collectors
You have to install a plugin on each host to collect logs, the collector is 89MBs and is written in Java. there's no reason to install a Java tool to send syslog data when Linux already does that natively. The memory footprint for Java-based apps is way too high and, in this case, completely unnecessary.
Con Does not support structured data
They don't support RFC5424 standard events
Con Install is very painful
Con Search is very difficult
Here's an example:_sourceCategory=*windows* _sourceName=Security (4771 OR 4768 OR 4776 OR 4625) | parse regex "EventIdentifier = (?<event_id>\d+?);" | parse regex "ComputerName = \"(?<hostname>.+?)\"" | parse regex "(?:Result|Failure|Error) Code:.+?(?<result_code>0x[A-Fa-f\d]+)\b" nodrop | where result_code !="0x0" AND event_id in ("4771", "4768", "4776","4625") | count by hostname
Con Indexing and search are very slow
Sending around 45000 events to it may take more than 3 minutes to show up in the interface.
Once they show up, a search may take up to 32 seconds to return results. On only 45000 events, the search should return in milliseconds.
Con Difficult / Confusing Interface
The service and interface are very confusing.
Con There can be issues with smaller vendors
There may be some issues when using devices and services for smaller vendors which are not officially supported by Sumo Logic.