Logging with Graylog - A Technical Review

Logging with Graylog

A Technical Review

Rocco Gagliardi
by Rocco Gagliardi
on March 02, 2017
time to read: 4 minutes

This article looks at the open-source log file tool Graylog. It is not a technical comparison against other tools, is just to fire some reasons to support my – changed – preference of Graylog over ELK. We are taking here about the free versions.

Since many years I’m a – relative – big fan of ELK, basically because Logstash and Kibana. Since I wrote and maintained my own log parsing and presentation engine, I really appreciate Logstash, in regards of performance, modularity, flexibility. I also appreciate the Kibana visualization features.

Where I’m falling from love with ELK, is the lacks of authentication/authorization features and the absence of a unified management user interface for all components.

Comfort of Graylog

Graylog uses a different approach. The WebUI covers many functionality – from the status of ES indexes up to input, parsing, filter and presentation – making the experience more comfortable; sure, for some advanced tuning, console intervention is needed, but for normal usage, the WebUI provides all functionality necessary to get, parse, manipulate, and present the data.

The Graylog dashboard

Key points to use Graylog

Graylog excels in many areas:

Room for Improvements

The dashboard part, even if very well integrated and useful, lacks many features and visualizations contained in Kibana (like aggregations).

Additionally, security settings must be configured separately, also with some terminal effort.

Summary

Graylog, even if not perfect, is – at the moment – the best open-source tool to start with, if there is a need of log management. It is packaged for major Linux distributions, has VM ready for use and also Docker images are available.

It still requires some time to learn the architecture, and in case of problems you could spend days if you never touched Elasticsearch or other log tools. But if you have some experience, you can easily setup a complex environment for complex log analysis in a couple of hours.

About the Author

Rocco Gagliardi

Rocco Gagliardi has been working in IT since the 1980s and specialized in IT security in the 1990s. His main focus lies in network routing, firewalling and log management.

Links

You want to bring your logging and monitoring to the next level?

Our experts will get in contact with you!

×
SQLite forensic's notes

SQLite forensic's notes

Rocco Gagliardi

Microsoft365DSC

Microsoft365DSC

Rocco Gagliardi

Office 365 Teams Security

Office 365 Teams Security

Rocco Gagliardi

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here