We performed a comparison between Graylog, LogRhythm SIEM, and NNT Log Tracker Enterprise based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I like the correlation and the alerting."
"The solution's most valuable feature is its new interface."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"Message forwarding through the in-built module."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"The product is great for medium to large-scale organizations."
"The most valuable features would be the automation, reporting, and the support."
"The user interface is pretty good compared to other SIEM tools."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"File integrity monitoring is a very important function."
"The most valuable feature is the predefined reports for PCI compliance."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"This is a very easy-to-use interface with a quick ramp-up time."
"More customization is always useful."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"I would like to see some kind of visualization included in Graylog."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"I would really like to see some type of group or global management for RIM policies,"
"I would probably look for more things to go into the web console that is currently on the fat client."
"The initial setup is not so easy because it is quite a process."
"The installation was a bit complex because we are running a virtual infrastructure."
"Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"The correlation suite needs to be improved."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."