We performed a comparison between Graylog and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Graylog could benefit from additional customization options and an improved rule-creation process. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"I am very proud of how very stable the solution is."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"The product is easy to customize."
"The product’s interface is intuitive."
"Wazuh has very flexible and robust features."
"Good for monitoring, active response, and for vulnerabilities."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Lacks sufficient documentation."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"A lack of certain features creates limitations."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"The only challenge we faced with Wazuh was the lack of direct support."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Since it's an open-source tool, scalability is the main issue."
"The tool does not provide CTI to monitor darknet."
Graylog is ranked 11th in Log Management with 18 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Graylog is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog is most compared with Grafana Loki, syslog-ng, Fortinet FortiAnalyzer, Splunk Enterprise Security and Elastic Security, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and IBM Security QRadar. See our Graylog vs. Wazuh report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.