I am looking for a Even Log application that will help me comply with PCI DSS compliance. I have not used LEM but have used ManageEngine AD Audit Plus. Can anyone compare and contrast the applications or just give me some good feedback on LEM on how it can be used for my environment to help me reach PCI DSS compliance?
Here are some requirements/questions I have about the product:
Requirements:
2 general requirements for the IIS logs:
- web traffic reporting – this hasn't been used for the past few years because we use Google Analytics, although several browser add-ons allow suppressing Google Analytics so we don't actually log every web request.
- debugging individual calls from a specific IP address – Gus uses this feature on syslog01 frequently and extensively: when we see an exception in the GA online store, for example, and we do not know how to reproduce it, Gus will plug in the end-user's IP address into the syslog01 screen and track every page and action that the user performed.
Questions:
Can I retain logs for X number of years?
What is the HA of this product?
Does it use SQL Database?
Can it be used to collect Network Device syslog messages?