Overview

Do more with your log data

Finally, all your log data available and accessible in one central location

Collect & Process

Parse and enrich logs, wire data, and event data from any data source. Graylog also provides centralized configuration management for 3rd party collectors such as beats, fluentd and nxlog. The processing pipelines allow for greater flexibility in routing, blacklisting, modifying and enriching messages in real-time as they enter Graylog.

Analyze & Research

Search through terabytes of log data to discover and analyze important information. Use the powerful search syntax to find exactly what you are looking for. Save search queries to share.

Ideas: Find application errors across all servers with a single query. Investigate the activity of a suspicious user ID in the last hour. Discover the single misconfigured firewall in your network.

Drill Down & Visualize

Create dashboards to visualize metrics and observe trends in one central location. Use field statistics, quick values, and charts from the search results page to dive in for deeper analysis of your data. The simple user interface enables team members to easily access the wealth of information and add new charts.

Ideas: Find all IP addresses that were blocked by a specific firewall. Get the average response time of your application components. Discover users with the most failed logins within the last 24 hours.

Alert & Trigger

Trigger actions or get notified when something needs attention, such as failed login attempts, exceptions or performance degradation.

Ideas: Send an email or Slack message to your team. Spawn a new machine to balance the processing load. Block IP ranges in your firewalls automatically when an attack is detected.

Enterprise Ready

Extend the functionality of Graylog. With compliance in mind, track and record all user changes in the database with the audit log feature. Save cost by automatically archiving log data to storage and re-import when you need it. Comes with Enterprise grade support.

Compliance Ready

User Audit Log

Graylog Enterprise offers Audit Log capabilities. Audit Log records and stores actions taken by a user or administrator that make changes in your Graylog system.

Offline Log Archival

With the new Archiving functionality in Graylog Enterprise, you can now store everything older than 30 days on slow storage and only re-import it into Graylog when you need it, for example when investigating a certain event from the past.

User Audit Log

Graylog Enterprise offers Audit Log capabilities. Audit Log records and stores actions taken by a user or administrator that make changes in your Graylog system.

Offline Log Archival

With the new archiving functionality in Graylog Enterprise, you can now store everything older than 30 days on slow storage and only re-import it into Graylog when you need it, for example when investigating a certain event from the past.

Additional Features

LDAP

Graylog can be integrated with your existing LDAP user directories.

REST API

Both configuration settings and log data are available through the Graylog REST API. Integrate Graylog seamlessly into your evolving architecture, and build your own reports and analysis. The REST API is the only dependency of our web interface, so high quality and completeness is guaranteed.

Ideas: Pull data into customized reports. A stream could be created automatically every time a new virtual machine is spawned.

"message": {
 "_id": "438d9a92-bccd-11e6-b83b-1cc1de269dc4",
 "message": "ACCEPT TCP 10.10.15.250:38028 -> 54.225.214.228:443",
 "timestamp": "2016-12-07T19:45:03.941Z",
 "log_type": "netflow",
 "protocol": "TCP",  "action": "ACCEPT",
 "src_addr": "10.10.15.250",  "src_port": "38028",  "src_addr_threat_indicated": false,
 "src_addr_is_internal": true,
 "dst_addr": "54.225.214.228",
 "dst_port": "443",
 "dst_addr_threat_indicated": false,
 "dst_addr_is_internal": false,
 "dst_addr_whois_country_code": "US",
 "dst_addr_geolocation": "39.0481,-77.4728",  "dst_addr_whois_organization": "Amazon Technologies Inc.",  "mac_address": "1C:C1:DE:26:9D:C4"
}

Outputs

Forward data to specialized systems or anything else that needs a real-time stream of data.

Ideas: Forward metrics to a time series database or an APM tool. Stream log data temporarily to your workstation for ad-hoc debugging.

LDAP

Graylog can be integrated with your existing LDAP user directories.

"message": {
 "_id": "438d9a92-bccd-11e6-b83b-1cc1de269dc4",
 "message": "ACCEPT TCP 10.10.15.250:38028 -> 54.225.214.228:443",
 "timestamp": "2016-12-07T19:45:03.941Z",
 "log_type": "netflow",
 "protocol": "TCP",  "action": "ACCEPT",
 "src_addr": "10.10.15.250",  "src_port": "38028",  "src_addr_threat_indicated": false,
 "src_addr_is_internal": true,
 "dst_addr": "54.225.214.228",
 "dst_port": "443",
 "dst_addr_threat_indicated": false,
 "dst_addr_is_internal": false,
 "dst_addr_whois_country_code": "US",
 "dst_addr_geolocation": "39.0481,-77.4728",  "dst_addr_whois_organization": "Amazon Technologies Inc.",  "mac_address": "1C:C1:DE:26:9D:C4"
}

REST API

Both configuration settings and log data are available through the Graylog REST API. Integrate Graylog seamlessly into your evolving architecture, and build your own reports and analysis. The REST API is the only dependency of our web interface, so high quality and completeness is guaranteed.

Ideas: Pull data into customized reports. A stream could be created automatically every time a new virtual machine is spawned.

Outputs

Forward data to specialized systems or anything else that needs a real-time stream of data.

Ideas: Forward metrics to a time series database or an APM tool. Stream log data temporarily to your workstation for ad-hoc debugging.

Ready to try Graylog?

Download