Graylog Developer License

altink · February 18, 2023, 5:24pm

Hi

Is it there something as a Developer License for a full Graylog version?

While I thank the Graylog people for the Open version, there are no Alerts available there.
I have already done a Content Pack.
https://github.com/akaraulli/Oracle_Audit_Graylog
And I am heading for another.

But I need my new Content Pack to contain alerts too - not just the dashboards.

With Splunk I can have a Developer license that expires for some months and I can develop on full features

Is there anything similar with Graylog ?

best regards
Altin Karaulli

tmacgbay · February 18, 2023, 8:59pm

You can request a Free Enterprise License which requires your daily intake to stay below 2GB. There are a few days grace period over a sliding month in there. If you are going to go over 2GB/day you would have to work directly with Graylog Sales

altink · February 19, 2023, 4:24pm

Thank You very much @tmacgbay

As far as I understood, I can continue working with the Enterprise version (especially alerts !) even after expiration of the Free Ent. License - provided that I keep it under 2GB/day.
Am I correct ?

PS. For my tests and CP building I would be happy even with 200 Mb.

best regards
Altin

tmacgbay · February 19, 2023, 5:11pm

Once the license expires, all the features will stop working… but you can re-apply for another 2GB license… there is no limit to how many times you can apply… as far as I know. That being said, Graylog has transitioned things in the past… It used to be the limit was 5GB a day.

altink · February 19, 2023, 5:21pm

One month is a short period for a Developer. I hope someone from Graylog do read this, and they grant a 6 month time to us Developers. Be this a 500 Mb/day.

thank you @tmacgbay for your reply

tmacgbay · February 19, 2023, 5:37pm

Ah! The license is usually good for a year… if you go over 2gb 5 times during a sliding day period your license turns off until you are under the 2Gb over 5 days over 30 days. The > 2GB counts even if not consecutive.

That should put you in a better place.

ihe · February 21, 2023, 9:52am

I think you missed some thing important: Alerts are available in the free version!

First of all: an event becomes an alert as soon as there is an notification added to it. This can be e-mail or some others, does not matter.

In the free version you will have events based on thresholds. Those have fix values which may not be crossed. Examples:

if more than 5 failed logins from one user → event: multiple failed password attempts
if less than three sources (cardinality) → event: logging from one source stopped

In the commercial version you will also have “correlations”: you can chain two (or more) events from the free version into a new event:

event: 5000 failed password authentication
event_ one successfull password authentication
→ successfull password brute force

Also here an event becomes an alert as soon as there is a notification added.

altink · February 21, 2023, 4:58pm

Thank You @ihe

GRAYLOG OPEN FEATURES - does not talk about Alert as a feature
Open

GRAYLOG OPERATIONS - does
Operations

So, I guess Thresholds can be seen as limited, but not full, alerts.
Correct ?

regards
Altin

ihe · February 21, 2023, 6:41pm

From my experience: 99% can be done with thresholds. they need to fit the environment though.

system · March 7, 2023, 6:42pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Enterprise license changes? Graylog Central (peer support)	14	2667	March 9, 2022
How to get Graylog Enterprise License Graylog Central (peer support)	2	599	July 5, 2023
Free Graylog Operations, what happens if we exceed the 2 GB limit? New to Graylog Community? READ-ME FIRST Guides	5	2256	September 5, 2022
License question Graylog Central (peer support)	8	2620	March 22, 2019
Licensing Question Graylog Central (peer support)	3	535	October 6, 2019

Graylog Developer License

Related topics