ContactSupportBlogPartner Portal

Graylog Enterprise Edition

Overview

Graylog is a centralized log management (CLM) platform that seamlessly collects, enhances, stores, and analyzes log data. Logs are fundamental to any IT operations or security program, and placing them all in a single location greatly simplifies their use.

Architecture

Graylog is composed of three components: Graylog, MongoDB, and Elasticsearch. All components can be installed on one server for evaluation or POC deployments. For production installations, we recommend that you separate the Elasticsearch component onto a separate server.

System Requirements

For a typical installation up to a 5 GB daily ingest volume, we recommend starting with the following requirements:

About Graylog

We love logs. Purpose-built for modern log analytics, Graylog removes complexity from data exploration, compliance audits, and threat hunting so you can find meaning in data easily and take action faster. Founded in 2013, and primarily operating out of Houston, Texas and Germany, Graylog is used to ingest and analyze terabytes of log data across the globe by tens of thousands of users every day.

Architecture

Role-based Access Control
Control who can access what data and Graylog capabilities, includes LDAP/Active Directory integration.
Rest API
Extract data and Graylog alerts to other systems to automate reporting, workflow, and research across your entire Operations Center tech stack.
Content Packs
Import collections of parsers, alerts, dashboards, and reports tied to a specific data source from Graylog or the Graylog Marketplace. Export all or parts of the configuration of a Graylog instance to move easily from Test to Production. You can also share your custom solutions in the Marketplace.
User Audit Logs
Log the log management system! Compliance and security best practices require tracking of who accessed what log data and what actions they took against that data.

Collection & Processing

Data Enrichment & Lookup Tables
Add data such as threat intelligence, WHOIS, IP geolocation, or other structured data to assist in analytics. Use to whitelist/blacklist data to remove noise or known “ignore this” situations, and perform faster research.
Parsers
Convert raw machine data into structured data for storage, search, and analysis.
Pipelines
Control data processing with staged processing rules to ensure the right parser, data enrichment, and lookup table(s) are applied.
Sidecar
Centralize deployment and management of 3rd party, and custom log collectors.
Streams
Route log messages into categories in real time while they are processed to make it easy to target queries, dashboards, and reports for faster results.

Search & Visualization

Alerts & Triggers
Trigger notifications via email, text, Slack, or many other mechanisms built by the Community  when a defined condition is satisfied.
Dashboards
Customize data visualization using widgets for result counts, histograms, statistical values, field value charts, stacked charts, pie charts, and pivot tables.
Reports
Automate the delivery of key dashboard widgets to your inbox.
Scalable Search
Build complex, even chained queries in minutes, with many different data visualization output options using Graylog’s web console. No proprietary query language needed. Use Elasticsearch with Graylog’s architecture of multiple processors, and multiple buffers on a single machine, that then multiplies that threaded search across the number of participating nodes in the cluster for immense scalability and speed.
Views
Rethink the intersection of dashboards, data queries, and workflows to greatly speed up an analyst’s job investigating errors, performance issues, and security threats. Using a single input parameter, initiate common multi-step analyses to generate multiple  searches and present the results on one dashboard-like widget screen. You can easily share Views with the rest of the team to ensure consistency and empower more junior team members, with pre-configured workflows.
Download the Datasheet