In most big security breaches, there’s a familiar thread: something funny was going on, but no one noticed. The information was in the logs, but no one was looking for it. Logs from the hundreds or thousands of network devices are the secret sauce to problem solving, security alerting, and performance and capacity management. Gathering logs together, analyzing them, reporting, and alerting on them is a basic part of good IT practice.
Graylog is an open-source log management tool, complete with a three-tier architecture, super-scalable storage (based on Elasticsearch), an easy-to-use web interface, and a powerful toolkit to parse messages, build ad-hoc dashboards, and set alerts on logs. It sounds great—and our testing shows that the functionality provided is solid and reliable, with one caveat: you have to be willing to do a lot of work yourself.
To continue reading this article register now