Which system consolidates log files from various systems into a centralized database?

Centralized log collection and security monitoring is what a SIEM does. It gathers logs and security events from a wide range of sources—firewalls, endpoints, servers, applications—and brings them into one centralized database. It then normalizes different log formats, stores the data for analysis, and uses correlation rules and analytics to identify suspicious patterns, generating real-time alerts and enabling thorough investigations later. This is different from an SNMP manager, which focuses on monitoring device performance and status through SNMP polls and traps rather than aggregating and analyzing security logs. A network tap is a passive monitoring device that duplicatestraffic for analysis, not a log repository. The term break and inspect refers to inline inspection or traffic analysis tools rather than a centralized log database.