What the real possibilities of using Graylog.
One of Graylogs capabilities is its default features. After setting up Graylog server for the first time and ingesting logs from multiple devices with different type of formatted logs. I can group them together not only using a dashboard but a quick saved search and be able to share my search with specific users. If a project requires a more defined search, I’m able to use a Regular Expression, GROK Pattern, Pipeline, JSON, etc… to create new fields, sending logs to a required stream or basically transform the data under a default fields something else. This absolutely give me freedom to do what I want without being confined to a web page with a lot of syslog’s. being displayed. One feature that does get used a lot in my environment is Event Definitions. If setup properly, on one page I can see all the alert’s, how many times it happened (i.e., count). with a quick overview on what is going on with my DMZ. I’m able to stop a catastrophe before it happens. The “One, Stop, Shop” Alerts & Events section is most appreciated feature. Next feature that is used a lot is Streams, this makes our sorting a metric ton of logs simpler. This is also one of the back bones of our Alerts, Notifications, Dashboards, etc… it’s the second if not most used feature. I can compare it to a closest in my bedroom, I just put everything in there and I’ll sort it out later . The potential of using Graylog can go beyond just collecting and alerting, I have found that in real time you can see how all device are operating within a domain, and for example such things as who logged into where and what device, windows update failed to install automatically, there is a confliction with drivers in my Hyper-V cluster, Domain controller replication failed send help, Veeam License Has Expired, I could go on. These features make it worth setting up a Graylog server. The one thing I do like is the ability to use the enterprise Version for free and the only stipulation is “Keep it under 5 GB”. Elastic-Stack” no freaking way you could get that.
Let me share something with you all, Elastic contacted me about a service “SSO” that we were looking at, never bothered with any type of enterprise installments before but I was curious. This was the email received.
Holy cow $ 6,600.00 for a node just to have SSO enabled, nope. I dropped them like a heartbeat.
What I can get from Graylog open source may not have all the bells and whistles as other Logging servers, but I must say Graylog is very close, and I can get Graylog enterprise version for free so long as it under 5 GB. I’m SOLD.
Sometime you don’t appreciate what you have, until you don’t have it. That being said, I really appreciate Graylog. I would like to thank everyone here who has helped me out with issues and all the people that created and maintains this awesome software for us.
The only other tool I have ever used is Zabbix. I have been using Zabbix since 2010 and it’s our work horse but not only that, Graylog and Zabbix play nice and in my world that’s a bonus. I have Googled for days looking to compare Graylog with and I did not find much. Either you get a logging server that is EOL or logging server that is made for a large company something a small company cannot afford.