McAfee Enterprise Log Manager
Intelligent log management
McAfee Enterprise Log Manager collects, compresses, signs, and stores all original events with a clear audit trail of activity that can’t be repudiated.
McAfee Enterprise Log Manager collects logs intelligently, storing the right logs for compliance, and parsing and analyzing the right logs for security.
Collect, sign, and store any log type in its original format to support specific compliance needs. Unaltered original log files support chain of custody and non-repudiation efforts.
Customizable storage pools ensure logs are stored correctly, for the right amount of time. Choose from flexible storage options, including HDD appliance storage, and optional DAS and SAN storage.
McAfee Enterprise Log Manager is an optional, integrated component of McAfee Enterprise Security Manager. Together, they provide context to every log, delivering critical information for security investigations and incident response.
Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.
McAfee Enterprise Log Manager can be deployed as a physical or virtual appliance. Specific McAfee Enterprise Log Manager models require McAfee Enterprise Security Manager (ESM) and McAfee Event Receiver (ERC). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
|Model Number||Maximum EPS1||Appliance Size||Local Storage2||Network Interfaces (10/100/1000)||System Requirements|
|ELM-VM-8||1,500||VM||Recommended 250GB||VM (AWS, ESX, KVM)||8 processor cores, 4GB of memory|
|ELM-VM-12||30,000||VM||Recommended 500GB+240GB SSD3||VM (AWS, ESX, KVM)||12 processor cores, 64GB of memory|
|ELM-VM-32||70,000||VM||Recommended 2TB+480GB SSD3||VM (AWS, ESX, KVM)||32 processor cores, 96GB of memory|
|ELM-4600||48,000||2U||1.8TB||24||Requires ESM and ERC|
|ELM-5600||60,000||2U||8TB + 240GB SSD||24||Requires ESM and ERC|
|ELM-6000||90,000||2U||14TB + 240GB SSD||24||Requires ESM and ERC|
1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
4IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.
Need additional technical resources? Visit the McAfee Expert Center