Intel Security
open

Overview

McAfee is a leader in the Gartner Magic Quadrant for SIEM

Read Report

Reduce compliance costs with automated log collection, storage, and management

McAfee Enterprise Log Manager collects, compresses, signs, and stores all original events with a clear audit trail of activity that can’t be repudiated.

  • Universal event log collection and retention meets compliance requirements.
  • Flexible storage and retention appropriate to each log source.
  • Supports chain of custody and forensics.
  • Provides event log management, analysis, and search functions.
  • Stores logs locally or via a managed storage area network.
  • Fully integrated with McAfee Enterprise Security Manager.
  • Flexible, hybrid delivery options include physical and virtual appliances.
Download Data Sheet

Automate event log management and analysis

Intelligent event log management

McAfee Enterprise Log Manager collects logs intelligently, storing the right logs for compliance, and parsing and analyzing the right logs for security.

Meet compliance log retention requirements

Collect, sign, and store any log type in its original format to support specific compliance needs. Unaltered original log files support chain of custody and non-repudiation efforts.

Store logs locally or via a managed SAN

Customizable storage pools ensure logs are stored correctly, for the right amount of time. Choose from flexible storage options, including HDD appliance storage, and optional DAS and SAN storage.

Rich context for analysis

McAfee Enterprise Log Manager is an optional, integrated component of McAfee Enterprise Security Manager. Together, they provide context to every log, delivering critical information for security investigations and incident response.

Staying ahead of threats with SIEM intelligence

Watch Webcast
ESG SC Magazine Gartner

Product Reviews

Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.

When Minutes Count

When Minutes Count

According to an Evalueserve survey, companies with early attack detection skills are faring best against targeted attacks. See how you can fight advanced threats with real-time SIEM and by identifying eight key indicators of attack.

Download Infographic Download Report

Resources

System Requirements

McAfee Enterprise Log Manager can be deployed as a physical or virtual appliance. Specific McAfee Enterprise Log Manager models require McAfee Enterprise Security Manager (ESM) and McAfee Event Receiver (ERC). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.

Model Number Maximum EPS1 Appliance Size Local Storage2 Network Interfaces (10/100/1000) System Requirements
ELM-VM-8 1,500 VM Recommended 250GB VM (AWS, ESX, KVM) 8 processor cores, 4GB of memory
ELM-VM-12 30,000 VM Recommended 500GB+240GB SSD3 VM (AWS, ESX, KVM) 12 processor cores, 64GB of memory
ELM-VM-32 70,000 VM Recommended 2TB+480GB SSD3 VM (AWS, ESX, KVM) 32 processor cores, 96GB of memory
ELM-4600 48,000 2U 1.8TB 24 Requires ESM and ERC
ELM-5600 60,000 2U 8TB + 240GB SSD 24 Requires ESM and ERC
ELM-6000 90,000 2U 14TB + 240GB SSD 24 Requires ESM and ERC

1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
4IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.

Need additional technical resources? Visit the McAfee Expert Center