Wir helfen Unternehmen seit 17 Jahren,
bessere Software zu finden
Graylog
Was ist Graylog?
Graylog ist eine führende zentralisierte Protokollverwaltungslösung zur Erfassung, Speicherung und Analyse von Petabytes von Maschinendaten. Graylog wurde speziell für die moderne Protokollanalyse entwickelt und beseitigt die Komplexität von Datenexploration, Compliance-Audits und Bedrohungsjagd, sodass du schnell und einfach Bedeutungen in Daten finden und schneller Maßnahmen ergreifen kannst.
Wer verwendet Graylog?
Graylog ist eine zentralisierte Protokollverwaltungsplattform für Unternehmen, die eine nahtlose Datenerfassung und -normalisierung aus beliebigen Datenquellen, eine schnellere Analyse und eine bessere Erschwinglichkeit anstreben. XXX
Du bist nicht sicher, ob Graylog das Richtige ist?
Mit einer beliebten Alternative vergleichen
Graylog
Bewertungen über Graylog
Graylog Enterprise Log for Business
Kommentare:
prevously we using syslog server to centralize log, and when we have more server and network we can not put all those log into syslog server that store data in mysql, it perform slow search and not report correctly,
i have try spend sometime to search and i found graylog, i try to setup a few day until success because its new related to elastic search, but finally i find out and keep using until now, its around 3 years already since i use graylog server to monitor all the network activity, monitoring server with nxlog agent, monitor cisco switch with syslog, linux with syslog, and can monitor the radius authentication log, each time users plug the network or connect wifi log generated and sent to graylog-server, and graylog server create alert message send by telegram to system admin.
Vorteile:
- Graylog is very powerful log, i have search around 50million of record in 3second only, very powerful log because it integrated with elastic search that perform log search very fast. - Telegram alert notification is what i like, i create the rule to let it send notification to telegram so i know what is going on on the network/server log. - enterprise license are free for one year, and make sure your traffic log not hit to 5GB/day. - support various log protocol, nxlog from windows, syslog from linux, and other such as aws. but i use only nxlog and syslog only.
Nachteile:
its perfect already but the dashboard not so nice, not so flexible on the reporting yet.
In Betracht gezogene Alternativen:
Great value to cost ratio for a solid log management solution
Kommentare: Graylog has been great to work with. Their sidecar implementations make client configuration and management very easy, and even with the free version, they provide reliable, albeit limited support (I’ve gotten good, live email replies to a couple of questions, versus only allowing you to access forums, etc).
Vorteile:
Very low cost of ownership, particularly if you can get the Community (Free, Open-Source) version to meet your needs. I’ve implemented Graylog at multiple organizations for only the cost of hardware / storage.
Nachteile:
Would love to have more plugins / content packs available in the Graylog Marketplace. With limited hands on a team for a smaller company, there’s often not enough time to write extractors and content packs.
Antwort von Graylog
vor 4 Jahren
Hi Tim, Thank you so much for taking time out to write us a review. Glad you are happy with Graylog & the cost savings you are seeing. We have recently launched "Illuminate" which has a lot of ready to use content packs. You can check it out here - https://www.graylog.org/illuminate/illuminate-authentication. You can sign up for our newsletter too to get updated when we launch new content packs - https://www.graylog.org/newsletter . Thanks again, Team Graylog
Graylog the best syslog
Kommentare:
I use Graylog for security and GDPR purposes.
Speaking about security, it helps me a lot, I collect logs from firewall, nas, switch, windows (e.g. Domain Controller and Terminal Server) and linux server, especially if they are published on internet. If you have an exchange on premise you should collect the log files under inetpub directory (use the windows filebeat).
I can download report in excel format. Updates are frequent.
A great product you should try.
Vorteile:
You can choose the free version and have all the features needed to collect and look for logs. There is a huge community, so in case of need you will easily find the answer to your question/problem. The interface is simple and you can create your own dashboard with tables, graphs and counter (you can view your logs and create tables also with graphana, using elasticsearch as data source). You need to add at least an input, it can be for example an UDP one or for windows and linux machine filebeat on port 5044 (via sidecar). You will see your sidecar devices on the Sidecars section. You can create and save queries using lucene language, they will help you to find any potential threat logged. Graylog server runs on a Linux Machine, installation is quite easy, there are lot of tutorials on internet.
Nachteile:
some features are only on enterprise edition, the purge of inactive sidecar sometimes does not work (you have to restart graylog-server service)
In Betracht gezogene Alternativen:
Graylog support
Vorteile:
Its easy to use and deploy. We have installed it over centos and its easy to deploy and start working on.
Nachteile:
The customer support structure needs to improve, we have been facing unknown issues for which rca was needed however there have been issues. The streams were showing running but they were struck. Also option should be there to easily search logs
Graylog the king of syslogs
Kommentare:
Graylog has a clean interface that I like very much. I keep monitored several devices and I created many queries that look for unusual activities.
I run and keep updated many Graylog server installations and they work fine. Just remember to se the right number of indices and their rotation to avoid loss of data if disk becomes full.
Collecting logs is also useful for GDPR purposes.
Among Syslogs i think Graylog is the best one.
Vorteile:
Graylog can be totally free, and you can collect logs from windows and linux systems and from other devices such as firewalls and switches (there are many more). You need a linux machine to install and run graylog server. With Windows and Linux you have to install Sidecar and Filebeat to collect data and configure the agent. You can create many indices and set their retention policies. Once you start collecting logs you can do searches with lucene query, and save your queries. Then you can download the results in .csv format. With Graylog you can create dashboards, set alerts (e.g. via email or via telegram) that help to keep your network safe, remember to set the right path of logs in your Winlogbeat and Filebeat.
Nachteile:
Some installation guides are not really clear.