We performed a comparison between Graylog and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Graylog could benefit from additional customization options and an improved rule-creation process. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"The solution's most valuable feature is its new interface."
"Open source and user friendly."
"The ability to write custom alerts is key to information security and compliance."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"The product is scalable. The solution is stable."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"The product is easy to customize."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"The main thing I like about it is that it has an EDR."
"Its cost-effectiveness is the most valuable aspect."
"The configuration assessment and Pile integrity monitoring features are decent."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Lacks sufficient documentation."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Graylog can improve the index rotation as it's quite a complex solution."
"There should be some user groups and an auto sign-in feature."
"The tool doesn't detect anomalies or new environments."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"A lack of certain features creates limitations."
"The only challenge we faced with Wazuh was the lack of direct support."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
Graylog is ranked 11th in Log Management with 18 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Graylog is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog is most compared with Grafana Loki, syslog-ng, Fortinet FortiAnalyzer, Splunk Enterprise Security and Elastic Security, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and IBM Security QRadar. See our Graylog vs. Wazuh report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.