LogVision™ solutions offers a scalable architecture that scales across hundred’s of devices. The architecture consists of two main components:

• Data Collection via eManager
  
• Data Analysis and Reporting via customer web-portal. Additional, Provisioning module is available for large enterprises and Managed Service Providers.

eManager

The ‘eManager’ component of the LogVision provides the data collection, parsing, normalization and Analysis function for the incoming event data stream. The analyzed events are then sent to the customer web-portal module for reporting. All the captured event data is stored in a local Relational Database Management System (RDBMS). The eManager component is made of:

• eSyslog Manager for processing syslog messages from devices such as Cisco PIX, Cisco Routers, SNORT, ISS, UNIX or NT/Win2K systems.
  
• eCheckPoint Manager for processing messages from CheckPoint firewalls and CheckPoint Managers such as Provider-1/SiteManager.

Summary of eManager Features:

• Intelligent filtering and data reduction through use of configurable agents.
  
• Events are normalized for correlation and analysis purposes
  
• Full range of security and network devices to manage enterprise environment
  
• Distributed log collector and batch processing allows for efficient traffic management.
  
• Global Policy and source specific Policy allows custom analysis of events from specific sources.
  
• Centralized Time Zone stamping for precision correlation across global event sources

Web Portal

LogVision Customer Portal provides a dynamic web-based view of the log reports and customer specific information based on the data collected from network-security devices.