Strong Product - Has All that's needed. Still room for improvement.
What do you like best?
Logrhythm has everything you need in a SIEM product. Loads of different Log sources, customization, Pre-built rules, Easy search synax, Reporting, Archival.
Customization, in my opinion, is the single greatest asset the Logrhythm provides. The ability to create log sources for any log, no matter how non-standard or obscure it is, is hugely helpful. Similarly, the possibilities within the alarm/report builder are limitless. You can have extremely narrow and simple alarms/reports or be extremely broad and complex - to a level i've not seen in some competitors.
What do you dislike?
Missing some nice to have's. Very old school design (not very appealing). Relatively slow development. New log source development/updates take a long time. Not very scalable. In larger deployments of Logrhythm, it can struggle to handle the load of incoming logs. It can take quite a bit of work to configure everything in a way that it doesn't cause issues for the system to process everything and index it. It is not uncommon for a particular log source (debug often times) to cause processing or indexing issues that can completely bottleneck the entire system. Sometimes preventing virtually any log from getting processed/indexed. These situations can be monumentally frustrating as there is little you can do without extensive knowledge of the inner workings of the product. This probably isn't something every-day users or administrators should have to deal with. However, if you do learn how to deal with the issues, you can overcome these issues and configure things in a way where you are less likely to run into them or have a quicker response in resolving these issues when they inevitably come up.
Recommendations to others considering the product:
Have patience, the product has some difficulties in initial setup and build-out. However, the end game is worth it. If you become a 'power-user', the product can become so much more powerful than what you are initially presented with.
What problems are you solving with the product? What benefits have you realized?
There is no shortage of problems that we have thrown at logrhythm that we haven't been able to solve. Anything that can write an output to a file can be pulled in, provided you put in the work. With the ability to create custom log parsing, alarms and reports, we can take any output - pull it into logrhythm and do some level of analysis or archival of it. This is a huge benefit! It takes work to learn how to do everything, but once you do there are few limits. We output emails, text files, web logs and other non-standard things, create custom logic for them and are able to do all sorts of real-time analysis on them!
