Cyber Defence Library

A Comparative Analysis of Open-Source Log Management Solutions for Security Monitoring and Network Forensics

A Comparative Analysis of Open-Source Log Management Solutions for Security Monitoring and Network Forensics

This paper focuses on open-source solutions for log management and discusses recent developments in this field, covering novel technologies and solutions which have appeared during the past 2-3 years. First, the authors provide an overview of commonly used log collection protocols and log storing techniques. They then move on to an in-depth description of advanced event collection servers and graphical log management systems. The first contribution of this paper is an analytical comparison of presented tools; the second contribution is a detailed comparative performance evaluation of the tools. For this purpose, the authors have conducted a set of experiments for assessing resource consumption and event processing speed of the tools under a heavy load. To the best of the authors' knowledge, such performance evaluations have not been conducted recently for state-of-the-art open-source log management solutions.