Log360 Evaluator FAQ

Thank you for your interest in ManageEngine Log360. This page gives details to help you successfully evaluate and implement Log360.

What is Log360?

Log360 is ManageEngine's comprehensive security information and event management (SIEM) solution. Log360 can monitor your entire network, provide visibility into crucial security events, and help you detect and mitigate security threats at an early stage. The solution can also help you meet various compliance regulations such as the PCI DSS, HIPAA, SOX, GDPR, and more.

What are the log sources supported by Log360?

Log360 supports a wide range of log sources out-of-the-box. Additionally, logs from legacy systems and in-house applications can be parsed using the custom log parser. Below are the commonly added log sources to Log360:

  • Domain Controllers
  • Windows/Unix servers
  • Workstations
  • Databases
  • Network devices: firewalls, IDS/IPS, routers, switches
  • File systems
  • Security solutions such as vulnerability scanners and threat solutions
  • Cloud infrastructure such as AWS, Azure, and Google Cloud Platform
  • SaaS such as Office 365 and Salesforce

What are the key features of Log360?

Log360's key features are listed below:

  • Comprehensive log monitoring
  • Real-time Active Directory change auditing
  • Robust behavior analytics
  • Integrated IT compliance management
  • Data protection
  • Threat intelligence and analytics
  • End-to-end incident detection, management, and response

Why Log360?

Log360 is a comprehensive SIEM solution that can be used by enterprises of all sizes across industries. Below are the USPs of the solution:

  • Single console for monitoring and securing your entire IT infrastructure
  • Easy to deploy, manage, upgrade, and scale up
  • Wide range of out-of-the-box report and alert profiles
  • Advanced attack mitigation capabilities: cutting-edge analytics, threat intelligence, and response workflows
  • Affordable pricing: You pay for only what you need by licensing and enabling the components as per your requirements.

Log360 has been positioned in the Gartner Magic Quadrant for SIEM for four years in a row. Read the latest report here.

What are the components of Log360?

Log360 is an integrated SIEM solution with components focused on securing different parts of your infrastructure. Listed below are the components that make Log360:

  • EventLog Analyzer: Log monitoring for the network perimeter, servers, applications, and security solutions.
  • ADAudit Plus: Real-time Active Directory auditing
  • Cloud Security Plus: Public cloud infrastructure auditing
  • Exchange Reporter Plus: Dedicated monitoring of Exchange servers
  • O365 Manager Plus: Dedicated monitoring for Office 365
  • ADManager Plus: Reporting on Active Directory risks
  • DataSecurity Plus: Data visibility, auditing, and protection
  • Log360 UEBA: Machine-learning-based analytics and risk scoring

How is Log360 licensed?

Licensing is based on the log sources and add-ons required. Pricing is based on the number of:

  • Domain Controllers
  • Member servers
  • Applications
  • Syslog devices
  • Workstations

The following add-ons are available for addressing specific needs:

  • SQL and IIS auditing
  • File integrity monitoring (FIM)
  • Exchange auditing
  • Office 365 auditing
  • UEBA
  • Advanced threat analytics

Get a price quote right away here.

How do I install Log360?

Log360 can be downloaded here. The solution can then be installed as an application (by default) or as a Windows service. The standard installation downloads all the components of Log360. Alternatively, you can customize the installation by choosing the components of Log360 that you would like to download.

Can we upgrade an individual component to Log360?

Yes, an individual component can be upgraded to Log360. If you are already using one of the components of Log360, you can easily license other components/add-ons and upgrade your Log360 installation. The components can be integrated in the Admin Settings of Log360.

What are the system requirements for Log360?

Hardware Requirements:

A dedicated server with the following hardware configuration,

Hardware Minimum Recommended
Processor 2.4 Ghz 3 Ghz
Core Dual core 8 core
RAM 8 GB 16 GB
Disk Space 60 GB 150 GB

Software Requirements:

ManageEngine Log360 supports the following Microsoft Windows operating system versions:

  • Windows 2003
  • Windows 2008
  • Windows 2008 R2
  • Windows 2012
  • Windows 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows 7
  • Windows 8
  • Windows 10

Note: ManageEngine O365 Manager Plus does not support Windows OS versions 2003,2008, XP, and Vista. And it supports Windows OS versions 7 and 2008 R2 only when Service Pack 1 (SP1) is installed.

Supported Browsers

ManageEngine Log360 requires one of the following browsers to be installed on the system to access the Log360 web client.

  • Internet Explorer 9 and above
  • Firefox 4 and above
  • Chrome 10 and above
  • Safari 5 and above

Supported Databases

Bundled with the product

  • PostgreSQL

External databases

  • Microsoft SQL Server 2000
  • Microsoft SQL Server 2005
  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2017

How to secure the installation of Log360?

Best practices for securing your installation can be found in this guide.

Can Log360's components run on different remote servers?

Yes, individual components of Log360 can run on different servers. This is particularly useful for optimizing performance. Below are the steps to move Log360's components to different servers:

  • Login to ManageEngine Log360 as an administrator.
  • Navigate to Admin > Log360 Integration and choose the component that you want to move to a different server. Click on Remove to remove the component.
  • Wait until the component is removed and the sync gets completed.
  • If the component is still running, open the Command Prompt as an administrator. Navigate to the path / bin and execute the command: shutdown.bat
  • Copy the component's folder to the desired remote server.
  • Start the product on the server by opening Command Prompt as an administrator. Navigate to the path /bin and execute the command: .\wrapper ..\conf\wrapper.conf
  • Once the component is up, choose the desired component by navigating to Admin > Log360 Integration.
  • Enter the name or IP address and the port number of the server on which that component is running. Select the connection Protocol from the drop down menu.
  • Select the authorization checkbox and provide the credentials of the server. Then, click on Integrate Now. This will integrate the component and synchronization will start.

How to avoid high CPU utilization?

CPU utilization depends on various parameters. The following can be tried to reduce abnormally high CPU utilization:

  • Try moving a component of Log360 to a different server.
  • Enable an optimal audit policy to generate log records only for the required events of interest.
  • Set up log collection filters.
  • Review alerting and correlation rules that have been enabled.

How to migrate the database from PostgreSQL to Microsoft SQL?

The database can be migrated with or without data as required. Below are the steps to migrate the database with data:

Note: SQL native client must be installed in the server. Supported MS SQL database versions are 2005 and above.

  • Log into Log360 as an administrator. Navigate to Admin > General Settings > Database Settings > Database Migration.
  • Select Log360 under Component Name. Enter the name of the database.
  • Under database configuration, select MS SQL server.
  • Enter the host name or IP address and the port number of the MS SQL server.
  • Select the SQL server instance that you want to use.
  • Browse and select the appropriate bcp.exe and bcp.rll files.
  • You can either use Windows credentials or a SQL server user account for authentication.
  • Check the box against Migrate Existing Data to copy the data from your old database to the new database.
  • Test the connection and click Configure to migrate the database. The product will restart with the new database.

Below are the steps to migrate the database without data. Ensure you stop Log360 before proceeding:

Note: SQL native client must be installed in the server. Supported MS SQL database versions are 2005 and above.

  • Copy the bcp.exe and bcp.rll files from the SQL Server installation directory and paste them in the Log360 bin folder (<Log360_installed_directory/bin).
  • Open Command Prompt as Administrator.
  • Navigate to the Log360 bin folder and run: ChangeDb.bat
  • Once the database setup wizard opens, change the server type to MS SQL.
  • Enter the MS SQL server name in the host name field and select the SQL Server instance you want to use.
  • Enter the new database name which will be created for Log360.
  • You can either use Windows credentials or a SQL server user account for authentication.
  • Click Test to verify the connection and then save. The changes will be updated once you start Log360.