Graylog Review

We use this system as a central log collector with the possibility to search through the archive backward for specific string definitions


What is most valuable?

We are using only a few parts of its functionality. Its most valuable functions for us are:

  • Log collection
  • Quick string search in central storage
  • Message forwarding through the in-built module
  • Message filters. 

We need all these function to fulfill law requirements for cyber security.

How has it helped my organization?

We use this system as a central log collector with the possibility to search through the archive backward for specific string definitions.

What needs improvement?

The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture. It requires connection outside our network during build from source, so we decided instead to use the obsolete Graylog Collector, which is working fine and in an easy way. It would be great, if that component would get back into the development process. But it is nothing that I could even complain about, as our company is not paying for support.

For how long have I used the solution?

Solution was build on the 10th of January 2017, so for nearly a year.

What do I think about the stability of the solution?

The only issue we had was during the Java patch. Graylog's search DB was not able to start up after the upgrade to Java 9, so we returned back to v.8. With that only exception, we have any issues with application or its components.

What do I think about the scalability of the solution?

We never attempted to scale the environment, as its sizing is defined in the planning phase and it fitted us later perfectly.

How is customer service and technical support?

We never contacted technical support, so I cannot answer this.

Which solutions did we use previously?

There were no solution before Graylog. It was built as new project.

How was the initial setup?

We did not had any experience with Graylog or its components before this project. We had luck in planning phase, the environment was sized properly to its purpose. 

As Graylog also needs other applications/DB's to run, implementation of each component was a separate challenge, as we are not using the default configuration.

What's my experience with pricing, setup cost, and licensing?

I cannot answer this question. Having paid official support is wise for projects.

Which other solutions did I evaluate?

Yes, we were thinking about the Logstash family, but due to similar issues with the building codes as in the Graylog Collector Sidecar case, we decided for Graylog.

What other advice do I have?

Do not give up. Look forward and good luck. The worst phase was the planning one, so I would offer this advice: Don't underestimate anything. 

Graylog is worth the given effort.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Nick CVendor

FROM GRAYLOG: Thank you for your review of Graylog, I encourage everyone to try out Graylog 3.0+ as we have added in a new Sidecar implementation, which would simplify the issues you were having. Creating templates for enterprise deployment, and the ability to manage any collector make Graylog easier to use.

06 June 19
Guest
Sign Up with Email