[Thorpuse]

I agree that Eventia Analyser isn't great at correlating logs from multiple devices, but the flipside of this is that the volume of logs from Firewalls (particularly Check Point) can quickly dwarf all of the other logs on an ArcSight or NetForensics system, meaning that you need a dedicated system just for the Firewall logs anyway....

Having said that, Eventia is quite good with Check Point events. If correleation is important, I'd suggest that the Analyser could be used as a filter point, and the Events from this can be an output to an ArcSight or equivalent solution. I certainly would not recommend Eventia as a correlation tool for everything, but in the Check Point firewall space, it's improved quite a bit in the later versions.