Lasso Enterprise
Lasso Enterprise is the industry’s premier, enterprise-class Microsoft Windows Event Collector. And best of all, it is free.
More than 70 percent of LogLogic customers’ devices are composed of Windows systems. Windows-based events are essential for a number of IT tasks performed on a daily basis, including troubleshooting email, investigating security incidents, maintaining compliance and optimizing IT infrastructure.
Flexibility and interoperability is what makes Lasso Enterprise unique. Companies can use it either for collecting Windows events, converting them to industry standard syslog, and then forwarding them directly to third party technologies for compliance, security event management, IT operations, and more. Or, events can be sent to LogLogic’s award-winning IT Data Management solution where they can be captured, indexed, compressed, centrally and securely stored, then alerted and reported on along with other log sources and flow data– transforming them into actionable intelligence.
Lasso Enterprise has two methods of Windows event collection – agent mode or collector mode, as illustrated in the diagram. In agent mode, Lasso Enterprise collects and forwards events from the Windows host servers on which it is installed. In collector mode, events are collected via Windows Management Interface API (WMI) from multiple remote Windows systems. In both agent and collector modes, events are forwarded to LogLogic’s data warehouse solution or any third-party syslog application using the syslog protocol.
Agent mode is ideal for point-of-sale systems, Microsoft Active Directory servers, and other environments where an agent is easy to install and operate on the system. Collector mode is preferred if there are a multitude of Windows systems and deploying an agent on each system could be difficult.
Lasso Enterprise provides a range of capabilities that include the following:
- Collects from system, security, application, DNS, Active Directory, file replication service and custom events
- Allows filtering of event logs before they are converted to syslog and forwarded to other systems
- Converts Windows Events into complete, easy-to-read, syslog
- Sends event log messages to LogLogic systems and many third party syslog servers and systems
- Provides Microsoft Management Console (MMC) based user interface and CLI administrative management tools
- Provides trace functionality for debugging purposes, including four levels of event log tracing
- Includes multi-domain support which allows users to capture events from hosts not on the domain that Lasso Enterprise is running on
- Allows secure log forwarding to LogLogic’s data warehouse solution via SSH
Supported Systems
|
Windows Platforms |
Agent Mode |
Collector Mode |
|
XP |
Supported |
Not Supported |
|
2003 Server 32bit |
Supported |
Supported |
|
2003 Server 64bit |
Supported |
Supported |
|
Vista 32bit |
Supported |
Not Supported |
|
Vista 64bit |
Supported |
Not Supported |
|
2008 Server 32bit |
Supported |
Supported |
|
2008 Server 64bit |
Supported |
Supported |
Platform Requirements
|
Resource |
Agent Mode |
Collector Mode |
|
RAM |
19MB |
2GB min (4GB recommended) |
|
Disk Space |
134MB |
20GB minimum |
|
CPU |
2.1GHz minimum (2+ CPUs recommended) |
2.1GHz minimum (2+ CPUs recommended) |
|
Network Interface |
100 Mbps minimum (1 Gbps recommended) |
100 Mbps minimum (1 Gbps recommended) |
Microsoft .NET is required. LogLogic recommends using .NET 3.5 for optimum performance.
