Logger is a log management solution that is optimized for extremely high event throughput, efficient long-term storage, and rapid data analysis. Logger receives and stores events; supports search, retrieval, and reporting; and can optionally forward selected events. Logger compresses raw data, but can always retrieve unmodified data on demand for forensics-quality litigation data.
Logger is available in Appliance and Software form factors. The appliance-based solution is a hardened, dedicated, enterprise-class system. The software-based solution is similar in feature and functionality to the appliance-based solution, however, the software solution enables you to install ArcSight Logger on a supported platform of your choice. The software version is available as a VMware virtual machine, as well as on Amazon Web Service (AWS), and Microsoft Azure cloud computing platforms.
You can have a single Logger or as many as you need. Multiple Loggers can work together to scale up to support extremely high event volume with search queries distributed across all Loggers. Logger can be managed by ArcSight Management Center and that includes license and configuration management.