One of the first things an IT manager must be clear about when evaluating a log management tool such as Quest Software Inc.s InTrust 9.0 is the main business purpose for the product. Because so many IT managers are struggling to get their hands around regulatory compliance, we spent most of our time testing InTrust 9.0 to see how well it could track events for an outside audit.
The trick to effectively using InTrust 9.0—and pretty much every other event-log management tool—is learning what data can be collected and how to turn that data into effective reports. eWEEK Labs spent a great deal of test time learning what information InTrust 9.0 could gather, including Linux account creation and deletion, as well as changes to group memberships. After collecting the data, we worked with InTrust to turn it into informative reports.
After using InTrust in our labs for a couple of weeks, it became clear that the built-in reports were more than sufficient to give us the insight we needed to successfully monitor our test machines. We struggled a bit when creating some custom reports, but, at the end of the day, the reports worked quite well for us.
This test scenario also showed the importance of testing log management tools against the actual systems IT managers will monitor in their production networks.
During our testing, we turned up several special cases where we needed to make adjustments to either the way we deployed monitoring agents or the frequency with which we generated reports.
We installed InTrust agents on all the systems in our testbed to thoroughly evaluate the usability of real-time reporting. When we made changes to user groups and other senders, we were immediately alerted.