We performed a comparison between Graylog and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Graylog could benefit from additional customization options and an improved rule-creation process. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"The solution's most valuable feature is its new interface."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"Real-time UDP/GELF logging and full text-based searching."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"The product’s interface is intuitive."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"It is a stable solution."
"Wazuh is simple to use for PCI compliance."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Dashboards, stream alerts and parsing could be improved."
"With technical support, you are on your own without an enterprise license."
"More customization is always useful."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"There should be some user groups and an auto sign-in feature."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Lacks sufficient documentation."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Its configuration process is time-consuming."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"The deployment is a bit complex."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"Some features, like alerting, are complex with Wazuh."
"Wazuh is missing many things that a typical SIEM should have."
"We would like to see more improvements on the cloud."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
Graylog is ranked 11th in Log Management with 18 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Graylog is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog is most compared with Grafana Loki, syslog-ng, Splunk Enterprise Security, Fortinet FortiAnalyzer and Elastic Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and IBM Security QRadar. See our Graylog vs. Wazuh report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.