This Week in Log Management
Happy Friday and welcome to This Week in Log Management!
Every week we get a lot of great questions through support, the community, social media, and on our weekly demo. On Friday, I will share the most common questions and answers, tips, insights, a closer look at Graylog, interviews, etc.
If you have any questions for me, drop them on Twitter, and I’ll do my best to fold them into upcoming Friday posts. Our handle is @graylog2.
This week we had some great questions come through on the demo. I’ve picked the most common ones to share with you.
How can I get logs into Graylog?
One of the best ways to get started with getting logs into Graylog is to start with Syslog Devices as you can enable the Graylog Syslog UDP/TCP input. This input, when sending data to the input from, say, a Linux Server running rsyslog, is prebuilt with the recognized Syslog Protocol23 Format. This will be recognized within the input, and you will be able to search and see logs in the input right away. A great video step by step talking about getting logs in from Linux and Windows 10 is in our Library located here: https://www.graylog.org/webinars/feed-your-graylog-2
What types of inputs do you support?
Graylog can support quite an extensive range of inputs for sending logs into Graylog. There are many, different types and some of our most popular are: Syslog TCP/UDP, Beats, GELF, CEF, JSON Path from HTTP API, and many others. A complete list of inputs can be found here: https://docs.graylog.org/en/4.0/pages/sending_data.html
Does Graylog have a Cloud version?
Yes, we offer Graylog Cloud, which is Graylog Enterprise without the infrastructure and operational headaches. This means you can invest in your business and offload infrastructure, maintenance like patching and upgrades, redundancy, scaling, and support to Graylog. Also, with Graylog Cloud, you get the latest Enterprise features on a continual basis.
What can Graylog do for Authentication access and logging?
There are two aspects we cover with Authentication. One aspect is how you manage users and your login access to Graylog. The Authentication methods can utilize LDAP and Active Directory with Teams in Graylog to synchronize AD Users and Groups.
Another aspect of Authentication is the ability for Graylog to be used to log all your Authentication across your applications and platforms. This is done with multiple logs from Illuminate for Office 365 and all your logs from Azure. It can also be used with our latest Illuminate for Authentication with Windows Authentication, OKTA integration, and logging. These features are found here: https://www.graylog.org/products/illuminate
What features do you support in Open vs. Enterprise?
Graylog offers a comprehensive list of features for Open as well as in Enterprise, and you will see the comparisons of all of our features and content here:
Notes for the Future
We have had many questions on inputs and getting logs into Graylog. Inputs and getting logs into Graylog need a separate post. Watch this space.
Happy Logging with Graylog!