The Graylog Blog
Tech Series
Graylog Illuminate: Getting Started with Sysmon
July 19, 2021
The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better.
Can I Send an Alert to Discord?
April 23, 2021
The growth and use of Discord has transformed from just many Gaming users to businesses using it as a communication platform. Having the ability to send Log Management Alerts to Discord where everyone is collaborating can provide a major benefit to multiple teams in an organization.
Root Cause Analysis in IT: Collaborating to Improve Availability
April 21, 2021
Cloud IT stacks are more important to business operations than ever before. With Graylog, IT teams can collaborate when engaging in root cause analysis to ensure continued productivity.
This Week In Log Managment
March 26, 2021
This Week in Log Management - Are Dashboards and Reports related? What host can I use to send logs to Graylog?
Monitoring Logs for Insider Threats During Turbulent Times
March 24, 2021
In these turbulent times, IT teams leverage centralized log management solutions for making decisions. As the challenges change, the way you’re monitoring logs for insider threats needs to change, too.
How Are Dashboards and Reports Related?
March 19, 2021
Every week we get a lot of great questions through support, the community, social media, and on our weekly demo. On Friday, you can find here the most common questions and answers, tips, insights, a closer look at Graylog, interviews, etc.
VPN and Firewall Log Management
March 10, 2021
VPN and firewall log management can help detect and mitigate security risks for a hybrid workforce.
Red Team Tools Detection and Alerting
December 16, 2020
The Graylog alert feature can detect the signature from any log source in your organization with the signature/hash value in them. This blog post walks you through the bits of information from the YARA rules and create a rule in Graylog to alert when an IoC is detected.
Event Log Management for Security and Compliance
October 15, 2020
Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. By following best practices for event log management, you can enhance your cybersecurity posture and enable a more robust compliance program.
Detecting Security Vulnerabilities with Alerts
October 8, 2020
Every day we discover new vulnerabilities in our systems, cracks in the fence the adversaries take advantage of to get into your organization and wreak havoc. Alerts from centralized log management can give advance notice of an attack or alert you when they are going on.
The Importance of Log Management and Cybersecurity
October 1, 2020
Struggling with the evolving cybersecurity threat landscape often means feeling one step behind cybercriminals. Interconnected cloud ecosystems expand your digital footprint and this increases the attack surface. More users, data, and devices connected to your networks mean more monitoring for cyber attacks. Detecting suspicious activity before or during the forensic investigation is how centralized log management supports cybersecurity.
Importance of System Resource Monitoring on Graylog, Elasticsearch, and MongoDB Servers
July 2, 2020
The first thing we tell Graylog users is, “Monitor your disk space.” This is because it is critical that you know immediately if you are at risk of overloading the servers hosting Graylog, Elasticsearch, or MongoDB.
Parsing Log Files in Graylog - Overview
June 23, 2020
Want to know all about parsing log files? The experts here at Graylog prepared a useful guide for you.
Using Pipelines for Windows Log Processing
June 23, 2020
Use Graylog pipelines to enrich your logs and make them easier to read.
Log Indexing and Rotation for Optimized Archival in Graylog
June 16, 2020
How do I rotate around my logs and configure them in Graylog? Let's talk about the best practices around log retention and how to configure them in Graylog.
What to Do When You Have 1000+ Fields?
June 16, 2020
When you have 1000+ fields, Graylog can collect all the logs and have them ready for you to search through in one place.
Graylog Illuminate: The Story
June 8, 2020
Graylog Illuminate for Authentication creates a foundation to normalize all authentication data, regardless of source. This gives you consistency in reporting, alerting, and analysis plus the power to easily correlate authentication data.
Windows Filebeat Configuration and Graylog Sidecar
June 5, 2020
Graylog sidecar can create and manage a centralized configuration for a filebeat agent, to gather logs from a local server that is not part of the Windows Event Channel and across all your infrastructure hosts.
How to Set Up Graylog GeoIP Configuration
May 27, 2020
Having additional data on logs that contain IP addresses that gives you their Geolocation helps in your investigations and understanding of your traffic patterns. Here's a guide to set up Graylog and enrich your data with this info.
The Importance of Historical Log Data
May 21, 2020
Centralized log management brings valuable information to one place. See how Graylog helps you use historical data to get more concrete insights.
Security Log Monitoring and DNS Request Analysis
May 8, 2020
By using strategically placed sensors, Graylog’s content pack collects DNS logs guarantees interoperability with any DNS request, even if it is going to an unexpected DNS server or if it was blocked somewhere further down the path.
How to use Graylog as a Syslog Server
May 5, 2020
A Syslog server is, by all basic terms, a centralized logging solution. While you might have more than one Syslog server, with Graylog you can accomplish all logging in one centralized spot.
Log Management and Graylog Alerts – Keeping Track of Events in Real-Time
April 28, 2020
Alerts are a critical component of every log management solution. Graylog alerts are incredibly accessible and they provide the information you need in real-time.
Key Value Parser Delivers Useful Information Fast
April 9, 2020
Graylog offers different parsers that you can use depending on your needs. One of those is the Key Value Parser. This parser allows you to parse the structured data into discrete fields so that you can search through it faster and more efficiently.
Getting Things Done With Graylog v3.2
March 26, 2020
Graylog Enterprise v3.2 is out in the world, customers are using it and loving it, and we want to share with you what we've learned from them.
Improving Kubernetes Clusters' Efficiency with Log Management
February 20, 2020
Log management plays an important role in helping to debug Kubernetes clusters, improve their efficiency, and monitor them for any suspicious activity.
Implementing Geolocation with Graylog Pipelines
January 22, 2020
You can further improve your ability to extract meaningful and useful geolocation data by leveraging the functionality of pipelines and lookup tables.
Log Formats – a (Mostly) Complete Guide
January 15, 2020
There are several standardized log formats that are most commonly generated by a wide assortment of different devices and systems. It is important to understand how they operate and differ from one another.
How to Use Graylog Lookup Tables
December 20, 2019
Graylog has a few built-in lookup tables and common adapters to read in the data from various locations. In this article, we'll go over the steps needed to configure your lookup table.
Ingesting Cloudtrail Logs with the Graylog AWS Plugin
December 10, 2019
In this blog post we'll set up the required AWS resources, configure the Graylog input, and do some basic searches to explore the capabilities of Cloudtrail logs.
Aggregating logs with Graylog – A quick how-to guide
October 15, 2019
Graylog’s log aggregation features are useful for a lot of tasks, ranging from regular troubleshooting to detecting issues as soon as they become manifest. Here's a quick guide.
Archiving Log Files: Feature Guide for File Storage and Archiving
September 5, 2019
Archiving Log Files: Feature Guide for File Storage and Archiving
Getting Started with Graylog - Community Post
June 27, 2019
The Graylog community is what makes the product so exciting. Here's how to start.
Integrating Threat Intelligence into Graylog 3+
June 25, 2019
How to use the Threat Intelligence plugin and integrate it into Graylog 3+.
Keeping Graylog Secure
June 15, 2019
After you are up and running on Graylog, there are a few different areas where you can limit the attack surface. This a plan which includes best practices. CIA Triad has published some industry best practices which is a good starting framework.
An Introduction to Graylog Aggregation Charts
February 21, 2019
Aggregation charts are a great way to visualize your data to find anomalous behavior in your organization. By summarizing your data into simple visual depictions, you can easily spot out anything that’s out of place.
How Graylog’s Advanced Functionalities Help You Make Sense of All Your Data
January 9, 2019
Graylog's advanced functionality and fully scalable model allow you to avoid picking only the most necessary and vital data to collect and analyze.
Large-Scale Log Management Deployment with Graylog: A User Perspective
July 9, 2018
See how a user in a large-scale cloud environment implemented Graylog to centralize log data from multiple data centers exceeding 1 TB/day.
Fishing for Log Events with Graylog Sidecar
June 21, 2018
The Graylog Sidecar lets you easily update collector configurations so you can always have the log data you need when your requirements change.
Trend Analysis with Graylog
June 15, 2018
Trend analysis provides rich information and yields insights into the operational and security health of your network that are otherwise difficult to discern. Learn how to use Graylog to perform the types of trend analysis discussed previously.
Managing Centralized Data with Graylog
May 30, 2018
For log management, it is more efficient to move the logs to a central place and process them there. See how Graylog serves as the sawmill and joiner for your logs to make log messages usable and give you valuable information for your environment.
A Beginner’s Guide to Integrating Threat Intelligence
April 18, 2018
In this post, I highlight the basics of what to consider when selecting a source of threat intelligence and provide an outline of what steps are needed to integrate that data.
Filebeat to Graylog: Working with Linux Audit Daemon Log File
February 5, 2018
If you run the audit daemon on your Linux distribution you might notice that some of the most valuable information produced by auditd is not transmitted when you enable syslog forwarding to Graylog.
Using a Hot/Warm Elasticsearch Cluster
August 3, 2017
Starting with Graylog v2.3, we've added support for Elasticsearch 5. As you may know, Elasticsearch 5 allows the use of the hot/warm cluster architecture. What is the hot/warm cluster architecture and why is it important to Graylog?
Coming soon: Elasticsearch 5 support
April 6, 2017
We know many of you have been asking for this and we are excited to say that it’s almost here: Elasticsearch 5 support is coming in Graylog v2.3!
Introducing Graylog Labs
March 31, 2017
We want to introduce you to [Graylog Labs] (https://github.com/graylog-labs), a new Github organization created by the core team at Graylog! Graylog Labs will be the home for all repositories that are not production ready for Graylog.
Monitoring Graylog - Host Metrics that you should Monitor Regularly
February 9, 2017
Once you have Graylog fully up and running, it’s best to implement a plan for monitoring your system to make sure everything is operating correctly. Graylog already provides various ways to access internal metrics, but we are often asked what to monitor.
Enhance Windows Security with Sysmon, Winlogbeat and Graylog
January 26, 2017
We’ll show you how to use the WinLogBeat to get the Windows Event Log over to your Graylog Installation.
Protecting Graylog from Data Ransom Attacks
January 23, 2017
There are currently ongoing data ransom attacks on misconfigured databases like MongoDB and Elasticsearch. Though not a true security hole, hackers simply search for instances that are not password protected and are accessible from the internet.
Investigating the RCE attack that knocked out 900,000 German routers on Sunday
November 28, 2016
900,000 Deutsche Telekom customers recently suffered repetitive network outages. Could this be a mass-scanning attack similar to how the Mirai botnet was formed?
Growing From Single Server to Graylog Cluster
November 1, 2016
In our second Back to Basics post, we'll walk through the process of scaling your environment from one Graylog server to a Graylog cluster.
Connecting Sidecar and Processing Pipelines Using Graylog
October 13, 2016
We would like to introduce a new series from our blog that takes you back to the basics of Graylog. Written by your Graylog engineers, these installments will be a deep dive into the main components of our platform.
Tapping Wires for Lean Security Monitoring: DNS Request Analysis with Open Source Software
October 10, 2016
The combined force of virus scanners, firewalls, IDS systems, and a log management system is a great way to protect your network. We would like to introduce an additional method of security monitoring.
Writing your own Graylog Processing Pipeline functions
September 20, 2016
In this post, we will go through creating your own processing pipeline function. Some Java experience will be helpful, but not necessary. We will be taking it step-by-step from understanding a pipeline, to implementing and installing your function.
Visualize and Correlate IDS Alerts with Open Source Tools
August 10, 2016
We will walk through integrating the IDS tool, Snort, with Graylog in order to detect and analyze suspicious activity. We will then provide examples of correlating IDS alerts with both network connection and operating system logs using Graylog.
A practical approach to Open Source network security monitoring
August 1, 2016
We will take a look at how you can analyze network traffic data in order to detect network intrusions. Every phase of intrusion will leave traces and with the correct tools in place, you can detect these early on and take countermeasures.
New Slack output feature: Short mode
February 22, 2016
The newest version of our popular Slack plugin comes with a new feature for the message output module: The short mode writes messages with as little overhead as possible. This is great for high frequency streams writing into Slack.
Troubleshoot Slow MongoDB Queries In Minutes With Graylog
November 12, 2015
Database application performance troubleshooting can be time consuming and frustrating. The good news is that many of these issues can be identified and resolved using the information stored in log data.
Slack Plug-in v2.0: Forward Stream Messages to Slack
November 11, 2015
We just released v2.0 of our popular Slack plugin. It has several changes, improvements and also a completely new message output module that allows you to forward messages that are routed into a stream to a Slack room in real-time.
SNMP & NetFlow Plug-ins Extend Graylog Network Infrastructure Support
October 22, 2015
We heard loud and clear from the community the need to provide better visibility into the health of their infrastructure and networks. With SNMP and NetFlow support, we can now provide better visibility into your network and compute infrastructure.
Introducing Graylog Collector - The Comprehensive Log Collection Tool For Graylog
August 19, 2015
We started the Graylog project envisioning an end-to-end, purpose built log management solution. Over the last few years, we’ve been focused on fulfilling this mission of delivering the world’s best open source log management platform.
Centralized Docker Container Logging With Native Graylog Integration
August 3, 2015
Log collection from Docker containers has been difficult because containers do not persist for a long time, and don’t leave a reliable info history. As a result, tasks that rely on log data have become more difficult.
Tips & Tricks #1: How to Quickly Debug Your Stream Rules With One Click
July 21, 2015
In the first blog post of our new Tips & Tricks series, I want to show you a quick way to debug your stream rules to test whether your targeted messages will accurately be matched by a Graylog (http://docs.graylog.org/en/latest/pages/streams.html).
New OS package repositories for Debian 8 and CentOS 7
July 16, 2015
We now offer operating system packages tailored for Debian 8 and CentOS 7 including *systemd* support. Please see our updated documentation for details.
