Vs. By pure accident I discovered today a free security product which addresses one of the fastest growing IT Security Management problem: security logs, events and incidents.  The name of the product is QRadar Simple Log and Information Management Free Edition (SLIM FE) and it’s been released by Q1 Labs.

Browsing the product documentation, I discovered that SLIM FE is a:

Free, Downloadable, Enterprise-Class Log Management Solution

which is able to:

collect, analyze, report, and store network, host, server, application, and event logs, via syslog, from a wide variety of network systems (e.g., routers, switches, security devices, etc.)

Sounds nice, right?  Especially the 100% discounted price but you should read between the lines. The free version has several limitations and restrictions and one of them I find it to be excessively restrictive: The software is limited to collecting syslog-generated events only.

This means that you won’t be able to collect events form many of today’s log generating devices such as:

• Enterprise firewalls (like Check Point)
• Various central management consoles for endpoint security which log into an SQL database
• Windows Servers and workstations (yes I know about the incomplete workaround to convert Win. Event logs into syslog)
• Application Servers which log into local files instead of syslog
• Devices / Applications which trigger SNMP Traps.

For a moment I thought that ArcSight ESM has a real competitor in the open source / free software market but I was wrong.

Besides the syslog-only collection mechanism, there are many other reasons for which I would never substitute ArcSight with  Q1 Labs SLIM FE but I won’t go into details because the two products address two different markets and needs .

Vendor diversity is good for the industry and I wish Q1 Labs would keep up the good work and invest in their product so that one day SLIM FE can step up and challenge the industry’s big names.

Here you can download and test the free edition of Q1 Labs SLIM FE .