We’re looking into using Graylog Open. In order to be cleared by information security, they need to review the privacy policy (https://graylog.org/privacy-policy/). In reading it, I’m noticing that it talks about sending a lot of data to Graylog about usage, including information about our systems. This is concerning. There is one line that says that data collection can be turned off at any time, though it’s not clear if this can be done before installation so that no data is sent. Frankly, I’m not sure if this kind of telemetry will pass muster with our security team.
So what I want to know is if I really should expect even the open source version of Graylog to transmit potentially large amounts of information about our systems just from usage. Is that true? Is there a clear way to turn it off when deploying a Docker image?