Skip to main content
TrustRadius
Graylog

Graylog

Overview

What is Graylog?

Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business…

Read more

Learn from top reviewers

Useful and free SIEM tool

Rating: 8 out of 10
June 16, 2022
IncentivizedVetted ReviewVerified User
Allows insight into logs from various systems and products that would otherwise be time consuming to access and identify. Dashboards can be customised to your preferences and ...
Continue reading
Verified user
Professional
Graylog3 years of experience

Clean, robust and intuitive central logging

Rating: 7 out of 10
January 18, 2022
IncentivizedVetted ReviewVerified User
We have more than 60 applications, ranging from websites, Winforms, windows services, API's and console executables. All of them need to log their tracing and/or error informa...
Continue reading
Verified user
Team Lead
Graylog6 years of experience

Graylog, Free Vs. Paid

Rating: 9 out of 10
April 29, 2020
IncentivizedVetted ReviewVerified User
Graylog is currently implemented for use across the entire organization at each deployment that I have provisioned. However, Graylog is only referenced by myself, or Informati...
Continue reading
Verified user
Consultant
Graylog1 year of experience

Graylog can compete against the big boys.

Rating: 9 out of 10
January 29, 2020
IncentivizedVetted ReviewVerified User
We currently use Graylog as a log aggregator and some light weight SEIM. However, we haven't had the cycles to use the other features of it. Presently solves our centralized l...
Continue reading
Jeremy Cejka
Engineer - Information Technology
Principal Systems Engineer
Research Innovations
Graylog3 years of experience

Liven up your logging with Graylog!

Rating: 9 out of 10
December 9, 2019
IncentivizedVetted ReviewVerified User
We use Graylog to collect messages from a variety of different systems like network switch and routers to wifi controllers. We use Graylog to group and create graphs to show s...
Continue reading
Verified user
Administrator
Graylog2 years of experience
Log in with LinkedIn to see content from your network
Return to navigation

Product Demos

Demo GrayLog 2 with Laravel5 app

YouTube

Demo GrayLog 2 with Rails app

YouTube

Send Syslog from MuleSoft RTF to GrayLog

YouTube

Graylog Security

YouTube
Return to navigation

Product Details

What is Graylog?

Graylog Video

Tour of Graylog v4.0

Graylog Competitors

Graylog Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, ,
Mobile ApplicationNo

Frequently Asked Questions

Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.

Splunk Enterprise, Datadog, and Logz.io are common alternatives for Graylog.

Reviewers rate Support Rating highest, with a score of 3.6.

The most common users of Graylog are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

View all reviews
(1-5 of 6)

Graylog, Free Vs. Paid

Rating: 9 out of 10
Incentivized
April 29, 2020
Verified User
Consultant in Information Technology
Telecommunications Company, 201-500 employees
Vetted Review
Verified User
Graylog
1 year of experience
Use Cases and Deployment Scope
Graylog is currently implemented for use across the entire organization at each deployment that I have provisioned. However, Graylog is only referenced by myself, or Information Systems Staff. Graylog currently mainly addresses two separate needs for us. First, it allows the capture of NAT translations for DMCA related notifications for subscribers. Secondly, it addresses the need for an internal syslog server.
Pros
  • The free edition is extraordinarily powerful.
  • Log searching is quick.
  • The web interface is sleek, and the install is relatively quick.
Cons
  • Rotating the indexes are hard! It is also easy to brick your deployment. Purchase support, but it's so ludicrously expensive, that I'd go with a different vendor.
  • Community support dances around questions and points to documentation, which is there, but is not always accurate.
  • Searching logs uses logic that is not always easy to use.
  • There is not a good way to size how much space you need for a given log retention. It also does not tolerate running out of space using a smart feature or such to auto delete. The heap can also overflow.
  • It uses MangoDB instead of a different database.
  • The OVA is not approved for production use.
  • It is resource intensive.
Likelihood to Recommend
If you just need a logging server that will most likely work, and won't break the bank. This is it, you can stop looking. Period.

Graylog can compete against the big boys.

Rating: 9 out of 10
Incentivized
January 29, 2020
JC
Jeremy Cejka
Principal Systems Engineer
Research Innovations (Defense & Space, 51-200 employees)
Vetted Review
Verified User
Graylog
3 years of experience
Use Cases and Deployment Scope
We currently use Graylog as a log aggregator and some light weight SEIM. However, we haven't had the cycles to use the other features of it. Presently solves our centralized log collection problem.
Pros
  • Log Aggregation pipeline
  • Dashboards
Cons
  • Pricing for Enterprise is a bit unrealistic.
  • Archiving should be a standard feature in the community edition.
Likelihood to Recommend
Graylog is suited for all environments. Its easy setup and use is great for small businesses. Its flexibility for configuration of ingested logs is excellent for medium to large scale, and its ingest capability is great for super-sized. One size fits all for Graylog. It's a great competitor to QRadar and Splunk, and even AlienVault USM/OSSIM

Liven up your logging with Graylog!

Rating: 9 out of 10
Incentivized
December 09, 2019
Verified User
Administrator in Engineering
Computer & Network Security Company, 1001-5000 employees
Vetted Review
Verified User
Graylog
2 years of experience
Use Cases and Deployment Scope
We use Graylog to collect messages from a variety of different systems like network switch and routers to wifi controllers. We use Graylog to group and create graphs to show specific information. We also use Graylog to send messages to us to alert of certain activities. Graylog is widely used in our office because it is cost-effective and the ability to be tweak for each team.
Pros
  • The ability to add and remove information to the messages. This makes it so you can customize each message and get the information you really want.
  • Being able to search for different criteria allows finding the exact data you want without having to manually filter the data.
  • Searching tends to be quick and is able to process large amounts of data quickly so you don't have to wait forever for your data.
Cons
  • The graphs and visualizations are limited on the dashboard if there were more options it would be better for different kinds of data.
Likelihood to Recommend
Graylog can collect messages and group them, so if you want to get alerted when there is an abnormal amount of particular messages, Graylog can do that. Graylog can be used to analyze traffic, and if traffic over a certain level and is sustained for an amount of time, it can send the information of which mac addresses are causing the traffic influx.

Level Up Your Logging

Rating: 7 out of 10
Incentivized
June 30, 2019
Verified User
Engineer in Information Technology
Internet Company, 501-1000 employees
Vetted Review
Verified User
Graylog
3 years of experience
Use Cases and Deployment Scope
Graylog is used to aggregate logs and SNMP traps from our network devices and Linux servers. We not only aggregate and store logs but extract values to make logging more searchable than using flat files with BASH utilities (grep, cut, awk, etc) to search. For our critical devices, we also use it to forward logs to a room in our private chat service via a custom integration.
Pros
  • Graylog does a great job of its core function: log aggregation, retention, and searching.
  • Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
  • Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
Cons
  • Some aspects of Graylog are less than intuitive. For example, if you want to run different extractor rules on different device types due to format differences, you need to create different inputs. Since inputs are their own processes that require ports to be bound to them, you either need different IP addresses for each input or a different (read: non-standard) port, which can make the device configuration more complicated.
  • Although Graylog abstracts quite a bit of Elasticsearch management away, it is by no means a turnkey solution. Upgrades to Graylog can require upgrades to Elasticsearch, which occasionally requires manual intervention to Elasticsearch. Same goes for mongo. If you're looking to scale out, there is some documentation to get you started, but the heavy lifting is on you.
  • As everything is stored in Elasticsearch, there are no more flat files to tail; moving from a "traditional" logging aggregator like Syslog(-ng), a culture change is going to be required.
Likelihood to Recommend
If you already have a basic understanding of Elasticsearch and/or MongoDB, Graylog will be a great fit when it comes to log aggregation. It will be a decent option even if you don't have any experience but have the time and willingness to roll up your sleeves that learning those tools will require. Graylog supports plugins to extend functionality for things like SNMP traps, telemetry collection, and solar flares. As is the case with most software with plugins, if the core functionality for which you are looking (i.e. not logging) is based on a plugin, Graylog probably isn't for you. The majority of the plugins in the marketplace are developed by third-parties looking to solve their specific use case so bug fixes and new features are not a given.

Useful and free SIEM tool

Rating: 8 out of 10
Incentivized
June 16, 2022
Verified User
Professional in Information Technology
Information Technology & Services Company, 11-50 employees
Vetted Review
Verified User
Graylog
3 years of experience
Use Cases and Deployment Scope
Allows insight into logs from various systems and products that would otherwise be time consuming to access and identify. Dashboards can be customised to your preferences and Alerts/emails can be defined when specific events or patterns occur, which is not possible directly from the log source. Our use case is primarily security related looking at access/sign-in logs from various platforms and then sending alerts as required.
Pros
  • Ingesting various log sources
  • Dashboards - Customisable
  • Event alerts/emails
Cons
  • Support for more log sources
  • Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
  • API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit
Likelihood to Recommend
Well suited for scenarios such as:
  • Detecting user OS logins, or user logins from unknown IPs etc.
  • Access attempts made on a firewall or other network infrastructure
  • Monitoring changes to Active Directory Groups
Less suited for scenarios where logs and alerts are time critical, eg.as soon as an event occurs an alert is generated and sent
Return to navigation