TrustRadius
Level Up Your LoggingGraylog is used to aggregate logs and SNMP traps from our network devices and Linux servers. We not only aggregate and store logs but extract values to make logging more searchable than using flat files with BASH utilities (grep, cut, awk, etc) to search. For our critical devices, we also use it to forward logs to a room in our private chat service via a custom integration.,Graylog does a great job of its core function: log aggregation, retention, and searching. Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes. Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).,Some aspects of Graylog are less than intuitive. For example, if you want to run different extractor rules on different device types due to format differences, you need to create different inputs. Since inputs are their own processes that require ports to be bound to them, you either need different IP addresses for each input or a different (read: non-standard) port, which can make the device configuration more complicated. Although Graylog abstracts quite a bit of Elasticsearch management away, it is by no means a turnkey solution. Upgrades to Graylog can require upgrades to Elasticsearch, which occasionally requires manual intervention to Elasticsearch. Same goes for mongo. If you're looking to scale out, there is some documentation to get you started, but the heavy lifting is on you. As everything is stored in Elasticsearch, there are no more flat files to tail; moving from a "traditional" logging aggregator like Syslog(-ng), a culture change is going to be required.,7,We do not purchase support, so the only operational cost is that of the time it takes to maintain it. All the components of Graylog that we use are free and open source, so there was no capital expense other than that of servers (repurposed from another recently-decommissioned project). If there is a software crash that doesn't recover gracefully, it's usually something obscure that will take a while to diagnose and fix. Unless you build out a distributed and more resilient system with no single points of failure, that may have an impact on the organization or industry requirements for compliance.,Graylog is GREATWe use Graylog to view all of our system logs in one place. We use this software to back up our logs so in the event we need to review them we can go back as far as we need to. This software allows us to collect all our data easily.,Manages logs for a variety of devices Easy to set up A great open source solution,If you don't know your way around Linux setup would be tricky. Some step by step videos would be helpful.,9,This is a perfect solution for us and didn't cost us a dime.,,Cisco VoIP PBX, Microsoft Exchange, Microsoft ProjectGraylog2 ReviewI actually implemented this on my own at home using Graylog 1.x back in 2014~. I then actually rebuilt this to use CentOS 7 and the latest version in the past 2 years. I love it. I am able to send Netflow and a syslog to this application. I then set it up using the threat detection (which is still experimental) and now gives me the ability to see where attackers are coming from around the world.,Syslog capturing Threat detection IP Geolocation Netflow,Better instructions when adding the geolocation database for city and country,10,Needs lots of resources,Logstash,10,1,DDoS Threat protection Log analysis,To help analyze where attacks are coming from Where the majority of them start,Infinite,10
Unspecified
Graylog
8 Ratings
Score 8.1 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Graylog Reviews

Graylog
8 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.1 out of 101
Show Filters 
Hide Filters 
Filter 8 vetted Graylog reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-3 of 3)

  Vendors can't alter or remove reviews. Here's why.
No photo available
June 30, 2019

Graylog Review: "Level Up Your Logging"

Score 7 out of 10
Vetted Review
Verified User
Review Source
Graylog is used to aggregate logs and SNMP traps from our network devices and Linux servers. We not only aggregate and store logs but extract values to make logging more searchable than using flat files with BASH utilities (grep, cut, awk, etc) to search. For our critical devices, we also use it to forward logs to a room in our private chat service via a custom integration.
  • Graylog does a great job of its core function: log aggregation, retention, and searching.
  • Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
  • Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
  • Some aspects of Graylog are less than intuitive. For example, if you want to run different extractor rules on different device types due to format differences, you need to create different inputs. Since inputs are their own processes that require ports to be bound to them, you either need different IP addresses for each input or a different (read: non-standard) port, which can make the device configuration more complicated.
  • Although Graylog abstracts quite a bit of Elasticsearch management away, it is by no means a turnkey solution. Upgrades to Graylog can require upgrades to Elasticsearch, which occasionally requires manual intervention to Elasticsearch. Same goes for mongo. If you're looking to scale out, there is some documentation to get you started, but the heavy lifting is on you.
  • As everything is stored in Elasticsearch, there are no more flat files to tail; moving from a "traditional" logging aggregator like Syslog(-ng), a culture change is going to be required.
If you already have a basic understanding of Elasticsearch and/or MongoDB, Graylog will be a great fit when it comes to log aggregation. It will be a decent option even if you don't have any experience but have the time and willingness to roll up your sleeves that learning those tools will require. Graylog supports plugins to extend functionality for things like SNMP traps, telemetry collection, and solar flares. As is the case with most software with plugins, if the core functionality for which you are looking (i.e. not logging) is based on a plugin, Graylog probably isn't for you. The majority of the plugins in the marketplace are developed by third-parties looking to solve their specific use case so bug fixes and new features are not a given.
Read this authenticated review
No photo available
December 05, 2018

User Review: "Graylog is GREAT"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Graylog to view all of our system logs in one place. We use this software to back up our logs so in the event we need to review them we can go back as far as we need to. This software allows us to collect all our data easily.
  • Manages logs for a variety of devices
  • Easy to set up
  • A great open source solution
  • If you don't know your way around Linux setup would be tricky. Some step by step videos would be helpful.
This is well suited for a small to medium sized environment where you are looking to collect all your system logs. In larger scale environments it would be trickier to pull this software off. The software can only handle a certain amount of logs per second, if you have lots of devices you should invest in a more premium product.
Read this authenticated review
Andrew Meyer profile photo
June 08, 2017

"Graylog2 Review"

Score 10 out of 10
Vetted Review
Verified User
Review Source
I actually implemented this on my own at home using Graylog 1.x back in 2014~. I then actually rebuilt this to use CentOS 7 and the latest version in the past 2 years. I love it. I am able to send Netflow and a syslog to this application. I then set it up using the threat detection (which is still experimental) and now gives me the ability to see where attackers are coming from around the world.
  • Syslog capturing
  • Threat detection
  • IP Geolocation
  • Netflow
  • Better instructions when adding the geolocation database for city and country
Graylog would be best for organizations that want to monitor threats for DDoS initially. However, this would be great to use for log analysis for internal switching to diagnose problems!
Read Andrew Meyer's full review

About Graylog

Categories:  Log Management

Graylog Technical Details

Operating Systems: Unspecified
Mobile Application:No