We performed a comparison between Graylog and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Graylog could benefit from additional customization options and an improved rule-creation process. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Real-time UDP/GELF logging and full text-based searching."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"I am very proud of how very stable the solution is."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"The tool is stable."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"The main thing I like about it is that it has an EDR."
"The MITRE ATT&CK correlation is most valuable."
"It's stable."
"It is a stable solution."
"It offers built-in modules for file integrity and vulnerability management."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Graylog can improve the index rotation as it's quite a complex solution."
"There should be some user groups and an auto sign-in feature."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Wazuh is missing many things that a typical SIEM should have."
"Since it's an open-source tool, scalability is the main issue."
"The computing resources are consuming and do not make sense."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"The only challenge we faced with Wazuh was the lack of direct support."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
Graylog is ranked 11th in Log Management with 18 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Graylog is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog is most compared with Grafana Loki, syslog-ng, Splunk Enterprise Security, Fortinet FortiAnalyzer and Elastic Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and IBM Security QRadar. See our Graylog vs. Wazuh report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.