Graylog Enterprise Edition
Graylog is a centralized log management (CLM) platform that seamlessly collects, enhances, stores, and analyzes log data. Logs are fundamental to any IT operations or security program, and placing them all in a single location greatly simplifies their use.
Graylog is composed of three components: Graylog, MongoDB, and Elasticsearch. All components can be installed on one server for evaluation or POC deployments. For production installations, we recommend that you separate the Elasticsearch component onto a separate server.
For a typical installation up to a 5 GB daily ingest volume, we recommend starting with the following requirements:
We love logs. Purpose-built for modern log analytics, Graylog removes complexity from data exploration, compliance audits, and threat hunting so you can find meaning in data easily and take action faster. Founded in 2013, and primarily operating out of Houston, Texas and Germany, Graylog is used to ingest and analyze terabytes of log data across the globe by tens of thousands of users every day.
Role-based Access Control
Control who can access what data and Graylog capabilities, includes LDAP/Active Directory integration.
Extract data and Graylog alerts to other systems to automate reporting, workflow, and research across your entire Operations Center tech stack.
Import collections of parsers, alerts, dashboards, and reports tied to a specific data source from Graylog or the Graylog Marketplace. Export all or parts of the configuration of a Graylog instance to move easily from Test to Production. You can also share your custom solutions in the Marketplace.
Log the log management system! Compliance and security best practices require tracking of who accessed what log data and what actions they took against that data.
Collection & Processing
Data Enrichment & Lookup Tables
Add data such as threat intelligence, WHOIS, IP geolocation, or other structured data to assist in analytics. Use to whitelist/blacklist data to remove noise or known “ignore this” situations, and perform faster research.
Convert raw machine data into structured data for storage, search, and analysis.
Control data processing with staged processing rules to ensure the right parser, data enrichment, and lookup table(s) are applied.
Centralize deployment and management of 3rd party, and custom log collectors.
Route log messages into categories in real time while they are processed to make it easy to target queries, dashboards, and reports for faster results.
Search & Visualization
Trigger notifications via email, text, Slack, or many other mechanisms built by the Community when a defined condition is satisfied.
Customize data visualization using widgets for result counts, histograms, statistical values, field value charts, stacked charts, pie charts, and pivot tables.
Automate the delivery of key dashboard widgets to your inbox.
Build complex, even chained queries in minutes, with many different data visualization output options using Graylog’s web console. No proprietary query language needed. Use Elasticsearch with Graylog’s architecture of multiple processors, and multiple buffers on a single machine, that then multiplies that threaded search across the number of participating nodes in the cluster for immense scalability and speed.
Rethink the intersection of dashboards, data queries, and workflows to greatly speed up an analyst’s job investigating errors, performance issues, and security threats. Using a single input parameter, initiate common multi-step analyses to generate multiple searches and present the results on one dashboard-like widget screen. You can easily share Views with the rest of the team to ensure consistency and empower more junior team members, with pre-configured workflows.