Dealing with log is not an easy thing to do and here you will need a log management tool rather than weaving through endless loop of text-files spreading throughout your environment system. There are numerous log management tool you can use out there and in today Graylog vs ELK article, we are going to compare these two platforms to give you information regarding what they can offer to you and if there is any, how they differ from each other. If you are interested, go check our article below.
In this article, we are going to give you information about:
– What are Graylog and ELK
– What Graylog and ELK can offer to you
– Graylog vs ELK
Graylog is a free tool, it is open source log management platform that will support your in-depth log collection and analysis. People from Network Security, IT Ops and DevOps use the tool for its capability to discern any potential risks regarding security and help you to follows compliance rules as well as help you to understand the root cause of any potential problem or errors in your apps. This one is very popular as a powerful tool for log management with a lot of options on analyzing incoming logs from different servers.
To make it work properly or to make a whole stack that fully operable, you will still need another tool namely MongoDB and Elasticsearch because Graylog is only consists of the application and the web interface server. MongoDB is a database engine that you can use for storing configurations and metadata. Graylogitslef is the main server used to receive data from its clients that installed on different servers while the web interface is here to give you the access to the visualized data and allow you to work with logs aggregated by the main server.
For production usage itself, it is recommended to install all the components you need on different servers to improve the stability and performance. To make them work, you will need to complete the configuration process that consist of 2 steps. First is creating the tagged Graylog configuration for clients on the server side and second is to send the configuration to the clients.
For instance when user setup a client, they will need to mark the configuration file with “production” tag and then create detailed configuration on the server clients for the tag. After the step done, all changes is automatically picked from the server when you apply them and you won’t need to change anything on the client’s side.
Graylog will provide you a good management options, such as searching all the IP addresses blocked by a firewall for a period or all the unsuccessful SSH logins. You can even create filter based on your specified parameters which many people found greatly simplifies their searching process.
Before you can use Graylog interface, remember that you will need to create a user first. What you will need to do is configuring “inputs” from different servers that you want to send logs into the instance. There is a “gl2_search_input” on the search bar and here is where you will specify the exact data source of your client. Just type the query and it will automatically filter logs and show what’s necessary. There is also time filter if you want to see the information happening on during a specific time.
Another tools you can use as a log management is ELK. We are sure most of you already know it, this one is actually a combination of 3 separate services namely Elasticsearch, Logstash, and Kibana. Elasticsearch is one of the most popular search engine to store a large amounts of data and can be used as a cluster, Logstash is the tool you need to fetch data from or into a specific locations with a wide variety of plugins while Kibana itself is GUI to allow you to search, analyze and visualize a large amount of complex data from Elasticsearch database.
After Beats are developed, now mostly ELK stack uses Filebeat and this tool main function is to deliver logs into a specific server. The tool is often compared with Logstash for some reason and if you wonder how they differ, go check our previous article on Logstash vs Filebeat. Those logs that delivered by Filebeat will be processed by Logstash and then put into Elasticsearch cluster. The final part is taking all of them for visualization in Kibana.
Why the stack is very popular is because Logstash can be easily integrated with other Elastic products and to add into what’s already good here, the tool even offer numerous plugins that makes it extremely flexible. It also has a comprehensive documentation contains everything necessary to be used to configure and use the tool in mostly any case or scenario with a very simple and quick installation.
When talking about why people love ELK we also can’t leave Kibana. It is also quick to use and the deployment itself will only require approximately 5 minutes. When set up is done, the tool will show you a visualization of the statistic in the form of chart selected. Besides giving you a visualization, it also able to provide your clients with detailed information and statistic about how they work in a production environment.
To put it simply, ELK is a very versatile combination and you can use them as a stand-alone product or integrated as one with existing applications to get an insight of the most updated data.
Now, let’s compare Graylog with ELK. Since their main goal is the same, both of them are having a similar basic set of features. The thing you may need to consider when choosing between these two are probably because Graylog has a friendly GUI that allow you to manage permissions. Kibana also don’t have a feature to create users. However, this issue can be dealt with setting up basic HTTP authentication in Nginx and it will have a server running on a random port that forwards the request to Kibana.
Graylog vs ELK
|- Has friendly GUI||- Doesn’t have GUI|
|- Let you create users in web interface||- Kibana doesn’t let you create users|
|- Consume less space||- Consume more space|
All in all, the decision is all yours to make. It is hard to say which is better since people have different experience and prefer different things but in this article, if we are to choose we will recommend you to use Graylog combined with other tools including Elasticsearch since it has friendly GUI and the web interface also offer feature to create users.