Graylog vs. Security Onion

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Graylog
Score 8.7 out of 10
N/A
Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.N/A
Security Onion
Score 9.0 out of 10
N/A
Security Onion is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management, developed by the company of the same name in Evans. Their products include both the Security Onion software and specialized hardware appliances that are built and tested to run Security Onion. The company also offers paid support and training services.N/A
Pricing
GraylogSecurity Onion
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
GraylogSecurity Onion
Free Trial
NoNo
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
GraylogSecurity Onion
Top Pros

No answers on this topic

Top Cons

No answers on this topic

Best Alternatives
GraylogSecurity Onion
Small Businesses
SolarWinds Papertrail
SolarWinds Papertrail
Score 8.8 out of 10
AlienVault USM
AlienVault USM
Score 8.0 out of 10
Medium-sized Companies
SolarWinds Papertrail
SolarWinds Papertrail
Score 8.8 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Enterprises
Splunk Log Observer
Splunk Log Observer
Score 8.6 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
GraylogSecurity Onion
Likelihood to Recommend
7.8
(7 ratings)
8.0
(1 ratings)
Support Rating
3.6
(3 ratings)
-
(0 ratings)
User Testimonials
GraylogSecurity Onion
Likelihood to Recommend
Graylog
For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.
Read full review
Security Onion Solutions, LLC
Security Onion works well for setting up within a Linux environment. This brings a new platform to run and maintain though. The application its self has helped to keep track of logs and vulnerabilities in the environment. Alert triage and case creation is simple to start and follow through to the end.
Read full review
Pros
Graylog
  • Graylog does a great job of its core function: log aggregation, retention, and searching.
  • Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
  • Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
Read full review
Security Onion Solutions, LLC
  • GUI
  • Support
  • Easy of use
Read full review
Cons
Graylog
  • Support for more log sources
  • Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
  • API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit
Read full review
Security Onion Solutions, LLC
  • Requires Linux
  • Training
Read full review
Support Rating
Graylog
Community support does not give simple straightforward answers; simply search up Graylog Issues and look at some of the responses on the forums. The documentation is your only hope if you are on the free version, as you can NOT purchase only support. The few times I have worked with Graylog Enterprise support they were great though.
Read full review
Security Onion Solutions, LLC
No answers on this topic
Alternatives Considered
Graylog
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used the threat exchange stuff or correlation. But with regex searches, we have created function dashboards that show threat theater pictures of our network based on logs from our firewall.
Read full review
Security Onion Solutions, LLC
Other vendors may have a more robust solution but for our needs, Security Onion was the one to move forward with. We have tested some of the others but the cost of those platforms makes the ROI not as desirable. There is a learning curve with Security Onion but it is worth it for the value provided.
Read full review
Return on Investment
Graylog
  • Graylog is just less expensive than some other options which meant it fit into our budget otherwise we might not be able to justify a higher cost.
  • Being able to track issues that we normally couldn't track using other tools is a bonus to help us know of any issues we have and can fix before an outage or failure that could potentially cost money.
  • We have had to spend more time than I would like to understand and customize Graylog which has taken time away from other tasks and projects.
Read full review
Security Onion Solutions, LLC
  • Makes Alert Triage easier to handle
  • Analysis of threats simple
Read full review
ScreenShots