SN13: Best Practices for Scaling Log Management

Document created by jmerrill on Sep 10, 2010
Version 1Show Document
  • View in full screen mode

Best Practices for Scaling Log Management
John Bradshaw, Principal Federal Sales Engineer, ArcSight
Level: Basic
This session will discuss the differences between agent and agentless log collection, and how each provides capabilities and benefits to be considered before deploying a SIEM or log aggregation solution. The focus of this discussion will cover centralized vs. decentralized deployments, considerations for guaranteeing log/event delivery, and network performance issues administrators should consider when making deployment decisions.