We performed a comparison between Graylog and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Graylog could benefit from additional customization options and an improved rule-creation process. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"Message forwarding through the in-built module."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The ability to write custom alerts is key to information security and compliance."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"The product is scalable. The solution is stable."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Real-time UDP/GELF logging and full text-based searching."
"Open source and user friendly."
"It offers built-in modules for file integrity and vulnerability management."
"If they support a solution, it is easy to do an integration."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Wazuh is simple to use for PCI compliance."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"The product is easy to customize."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Graylog can improve the index rotation as it's quite a complex solution."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"I would like to see some kind of visualization included in Graylog."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"More customization is always useful."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Lacks sufficient documentation."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"While it is scalable, it can suffer from reduced latencies."
"The computing resources are consuming and do not make sense."
"The implementation is very complex."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
Graylog is ranked 11th in Log Management with 18 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Graylog is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog is most compared with Grafana Loki, syslog-ng, Fortinet FortiAnalyzer, Splunk Enterprise Security and Elastic Security, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and IBM Security QRadar. See our Graylog vs. Wazuh report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.