[j-nsp] STRM/Logg management

sfouant at shortestpathfirst.net sfouant at shortestpathfirst.net
Tue Aug 24 12:52:19 EDT 2010


> Does any one have an opinion on Junipers STRM-boxes? I'm looking for way
> to
> handle traffic-logging for SRX-firewall but the STRM feels is very
> expensive
> and the smallest box only handles 500 evens/s, according to my sales
> person
> one connection is one logg event...?
>
> Is there perhaps better solutions out there?

STRM is basically a rebranded Q1 Labs box - it's a decent solution for log
collection and event correlation, but if you strictly need something for
log collection it's probably a bit overkill.  I believe Q1 Labs is rated
as the #2 vendor in the SIEM market, right behind Arcsight.  While
Arcsight is a good solution and might appear to be the cheaper solution
initially, it's *REALLY* difficult to get set up and you'll likely end up
blowing your OpEx budget just to get it up and running and constantly
fine-tuned.

If you just need logging and are on a tighter budget, and have any
moderate coding experience, why not take a look at Splunk -
http://www.splunk.com/

Stefan Fouant
www.shortestpathfirst.net




More information about the juniper-nsp mailing list