BlogSupportContact

Product Demos

Tour of Graylog

Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real time analysis of terabytes of machine data, allowing you to search in milliseconds. Thousands of IT professionals rely on Graylog to solve issues with their security, compliance, operational, and DevOps. Graylog offers solutions to fit your needs, for Graylog Premise, for Open Edition, or Enterprise Edition, and Graylog Cloud for Enterprise Edition, utilizing the Graylog forwarder for your integration. Graylog enables your choice of scalable log management solutions to do more with your security and performance data. Regardless of your company or team size, technologies, or configurations, Graylog has the right option to fit your needs.

Let's take you on this quick tour and review the following. Graylog Enterprise and highlight many benefits of enterprise. Teams and permissions. How to secure your Graylog instance inside your organization. Search and dashboards. Let's find that data and create a single pane of view for your needs. And finally, alerting and event definitions. Let's take a look. 

Authentication

Let's first start looking at authentication access to Graylog. Here under system, and then authentication, you'll see currently I have integrated with LDAP, and with LDAP you can synchronize your individual groups and your users within your groups. So here you'll see that I have a number of usernames created in the network and synchronized to teams within Graylog. So your Active Directory groups will synchronize with your synchronized teams within Graylog and carry users over. Other options you have in the existing services, you can actually go in and create additional services, as we now support multiple different types. Active Directory and LDAP have been in Graylog for some time now, but now we've added OIDC for OpenID Connect, and Okta for integration with your premise based Okta or corporate Okta, or cloud for Graylog Cloud.

Enterprise

Let's have a quick look at enterprise. This is a very quick view of just a few of the enterprise features that you'll see. Under enterprise you will see archives for corporate retention standards, audit log, showing you everything inside of Graylog happening for compliance reasons. Also reports, for scheduling delivery of specific information over time. And Illuminate our log data enrichment categorization and normalization. Here you're going to see and Illuminate content packs that come with enterprise, a variety of different packs that are available to parse out your logs and enrich your log data. At the top we'll highlight this one particular one, the GIM, which is the Graylog information model. This model will be utilized to categorize your logs in messages, by message type and activity. Depending on the content of your data you may have logins to PCs, servers, web portals, and many other things generating the same similar type of context in a message. It's here where messages are enriched to find common events in all kinds of different kinds of logs.

Search and Dashboards

Okay, next we're going to get into search and dashboards. And this message here I've got on the screen is being limited only to O365 or Office 365 messages. And what I'm going to do is I've opened up this one message and I see there's some Azure Active Directory information here, so what I want to do is look at what applications are running in the current environment. So I'm going to click on application name, field, and say show top values. It's going to list off the different applications that are actually running and showing logs. I'm going to extend this out to around 14 days and just give us a good count. And here you're going to see now the security compliance center, Azure endpoint, Exchange, OneDrive, and SharePoint. What I can do with this table is I can duplicate the table and just change how the data's being shown in this particular widget. So if I edit this widget, I'm going to change this instead of a data table, I want to change it to a pie chart. Now you're going to see the data in a ratio versus a strict count, and you can now see this here. If I duplicate it again, just so you can get a view of this data, I am going to add this and change this one to a bar chart, and you can update the preview real time if you want to have a look at it, and we will apply it. And now you can see the data, all three widgets representing the same thing, just in a different way. You may want to see this in your different environments and it gives you a good way of viewing the information. From here you can save this as a saved search. You can recall it later. You can actually modify it, save it, or if you want, you want to change this to a dashboard, you can now go to export dashboard and name this dashboard. So there's a very quick setup of widgets and showing you how to search and look at the data. Hopefully that gives you a quick start and a quick look. Next I'm going to get into alerts. That'll cover off event definitions and notifications. So let's have a quick peek at notifications. In here you can create a notification, and different types. One being PagerDuty, a Slack notification or notification in Discord, a script notification if you're using Python or other tools, you could execute your own script and do whatever you need to, email notification, and HTTP push, or HTTP notification.

Event Definitions

And next we'll get into the event definitions. And you'll see here in Illuminate, I have a bunch of my own here, but in Illuminate, we have a variety of different alerts that are created and definitions that been created, so you can move through these, whether you've got audit logs being disabled, detecting hosts with multiple malware incidents. You've got a whole wide range of things that are coming with the actual installation of Illuminate Enterprise Edition, including brute force attack, potential password spraying, and a whole bunch of content. So this will give you the ability to start right off the ground with alerts and notifications within your environments.

Conclusion 

This concludes our brief tour of Graylog. These are just a few of the highlights of Graylog. If you'd like to see a full demo with in depth information, including full parameterized search templates, creating correlated alerts, archiving, and audit logs, please visit graylog.org, and register for a full 30 minute demo with live Q&A. Thanks for watching. Happy logging with Graylog.

See Enterprise in Action

See Demo