We’re a small charity and in order to pitch for a small government contract we are required to store all log information from our routers (3 of them, various makes) and workstations and servers (windows). Routers will be syslogs and the devices will be eventlogs and a smattering of text files.
The whole thing needs to allow for searching of logs by time/date ranges in the event of a query (infrequent) and be fairly click and forget.
Is graylog something we can use for this?
We don’t need clustering or cloud services just onsite and reliable.
Based on your description Graylog is a great fit. Installation is fairly well documented, and it does what you would expect. My organization uses nxlog or logstash to get Windows event logs and text files, and the network devices will come in directly as syslog data.
Graylog can definitely be a great fit for your organization given the minimal set of requirements you provided. Setting up Graylog is fairly straight forward and really doesn’t require a lot of maintenance once you have the underlying infrastructure tuned.
With sufficient disk space the thing can run for years. The only tweaking we did was to limit the number of messages per index and the total number of indexes - otherwise it kept running out of disk space. It runs solid and it is true “set it and forget it” install.
It is also extremely fast compared to similar solutions (and more expensive) given the same bare metal (for example Splunk search ran for minutes on the same bare metal while Graylog returns the hits within seconds).
