Awesome video Tom. I truly appreciate all the efforts you put into creating high quality, focused and easy to understand content. Also looking especially to the non-paid version here makes sense, since many smaller companies do not have these big budgets!
Graylog is not open source it’s using the Server Side Public License its a source available license. If I am choosing software to use at work I always try to use projects where you can buy support for open source version. Getting rug pull is never fun have seen it so many times with closed source monitoring software.
Thanks for the video. I would be very much interested in a comparison between the most popular log management solutions for homelabbers. Any chance you might be working on such a comparison in the future?
@@LAWRENCESYSTEMS To be honest, I'm not even sure which ones are real alternatives. Reddit suggestions include splunk, vector+promtail+loki, datadog, elk, something+grafana, etc. Tbh even getting an overview for which free/cheap options for personal use exist is not easy.
Thank you. How to split logs from different sources? I mean "Index pattern" analog in ELK. For example, I want to query all logs from index "dev-app", or "stage-app".
Great summary video! I was just looking at graylog, this is great timing. Lots of threads to explore, thank you. I am using proxmox to manage my NFS mounts which are passed to Docker like you are, but I struggle with the situation where the mount is there but empty if the NAS is unreachable for any reason, causing some services to regard data as "deleted" which can cause quite a bit of chaos. I'd like to store my logs remotely like you are, but I'm not sure about how this scenario will affect graylog. How do you handle this in your setup? Is there some way to guard against it or suspend containers that depend on the share?
@@LAWRENCESYSTEMS I agree with you there are many videos already out there, but the quality of those videos is questionable. On other hand, your videos are much more professional, providing more information and steps in proper order, with more clarity. In my opinion, Wazuh is much better than Graylog security wise. Also, it's lighter for hardware resources, and provides full unlocked features in free version (you can have paid subscription, but it's for support). You could do great job with video explaining how to tweak it, and configure it properly for security alerts, as it has many options, because your videos stand out in this ocean of low-quality videos.
Hello Lawrence! How can I change the log colors, like: If the log is info: make it green, if is warning: make it orange, if it's error: make it red and etc.
Way to many paywalls for app that claims that they're open source. Open version is opensource it offers just logging and nothing more. Enterprise and securtiy also anything paid shouldn't even be in dashboard of open source version.
@@LAWRENCESYSTEMS they can fund it by offering paid technical support along with extra services that will benefit enterprises not by making difference enterprises and non enterprise users. I've seen few others where you get everthing enterprise does but you don't get techical support if you use free version. Graylog open should reflect it's open source nature without offering demos of paid stuff. It should only have a button with link to enterprise version for more info and subscription. There are ways for them fund it but not by locking features behind paywall.
@@egenhoferj i know that. I know they need money for hardware,they need to earn money for living,monsy for software they use for development and so on. All i wanted to say how i don't like way some open source apps are funded. In open source world best way to fund development isn't locking up advanced features behind paywall it can instead be thruogh royalties like unreal engine does, it can be by offering techincal support,hosting server on your cloud for enterprise,basicaly anything but locking features behind paywall.
If you have an existing graylog (4.3) that still uses the Elasticsearch, can you directly mount the graylog data as a volume in your new install, and still see your old data in your new install?
Unfortunately I'm running an older server for my virtual environment with CPUs that don't support MongoDB's AVX requirement. I wish MongoDB had a legacy switch for older hardware or we could use a different DB.
@@LAWRENCESYSTEMS Yes, I'm still running (3) 4U Supermicro servers with (2) Xeon X5675 3Ghz CPUs, 300G ram, and 36 drive bays. I have been looking at some of the newer/used Supermicros with 512G DDR4, newer CPUs, etc. Just have not committed yet.
Last I looked at Graylog, I recall being deterred by them depending on some deprecated version of a database. Know what I'm talking about? Is that fixed now?
Hardly the best logging tool especially when a lot of the main functionality is behind a paywall. When stacked up against the free tiers of Elastic, Splunk, OpenSearch or even solutions like Wazuh, Malcolm and S1EM, Graylog doesn’t even compete.
@@MortenEghj My opinion is based off my own evaluation of each. However, If you just want a product, ignore me and just pick whatever the UA-camr tells you. If you have any responsibility to critical work or to a customer base, identify what’s important for your organization and reach out to competing vendors, get their demonstration and decide which makes the most sense. If you’re just playing around in a homelab, install them and see for yourself.
@@dyto2287 and you are an idiot!!! So the WHOLE IT world is based only on docker, so if someone doesn't know how to use docker, he should retire from IT.... you dumbhead...
![Lp. Сердце Вселенной #60 РОЖДЕНИЕ ЛОЛОЛОШКИ [Финал] • Майнкрафт](http://i.ytimg.com/vi/YoR0pAV9FVQ/mqdefault.jpg)
Tom makes me want to implement Graylog but my laziness overpowers it every time.
But docker males it so easy!
@@LAWRENCESYSTEMS Hi i always find dockers so confusing ..please have u got a tutorial ideo for graylog using docker?
@@manbash05 ua-cam.com/video/DwYwrADwCmg/v-deo.htmlsi=SpkU-URICLoobOLw
Literally me)))
Awesome video Tom. I truly appreciate all the efforts you put into creating high quality, focused and easy to understand content. Also looking especially to the non-paid version here makes sense, since many smaller companies do not have these big budgets!
Greetings Brother,
We like say Thanks for your Continued Vids, Very Informative ...
Graylog is not open source it’s using the Server Side Public License its a source available license.
If I am choosing software to use at work I always try to use projects where you can buy support for open source version. Getting rug pull is never fun have seen it so many times with closed source monitoring software.
Thanks for the review, Tom. Informative as always. Graylog is a wonderful tool.
Nice one Tom, thank you
Great video, thank you!
Moved from Graylog to Grafana Loki, never looked back. Damn elastic shards are just a pain
w/ the warm tier and the way index rotation/retention have changed, this actually a problem that 6.0 pretty much solved
Hi we were also using Grafana Loki earlier but we were only able to download 5000 log lines at a time . Is this the case with your team as well ?
@@Kunalchander-c8jfrom what I remember we set the max_entries_limit_per_query and max_global_streams_per_user to your desired size
In our case when we are querying high volume logs the Grafana interface starts lagging as hell. It was only stable upto 50k line of logs .
Thanks for the video. I would be very much interested in a comparison between the most popular log management solutions for homelabbers. Any chance you might be working on such a comparison in the future?
What other ones are there besides graylog? Wazuh is not really a log server and OpneSeaech and Elastic are overly manual compared to graylog.
@@LAWRENCESYSTEMS To be honest, I'm not even sure which ones are real alternatives. Reddit suggestions include splunk, vector+promtail+loki, datadog, elk, something+grafana, etc. Tbh even getting an overview for which free/cheap options for personal use exist is not easy.
Good stuff..
Thank you. How to split logs from different sources? I mean "Index pattern" analog in ELK.
For example, I want to query all logs from index "dev-app", or "stage-app".
Great summary video! I was just looking at graylog, this is great timing. Lots of threads to explore, thank you.
I am using proxmox to manage my NFS mounts which are passed to Docker like you are, but I struggle with the situation where the mount is there but empty if the NAS is unreachable for any reason, causing some services to regard data as "deleted" which can cause quite a bit of chaos.
I'd like to store my logs remotely like you are, but I'm not sure about how this scenario will affect graylog.
How do you handle this in your setup? Is there some way to guard against it or suspend containers that depend on the share?
are there any plans on testing and making a video of WAZUH SIEM? It would be very nice if you would do so.
I think enough people have already done a video on and I don't really use it therefore don't have anything more to add. Let me know if I am wrong.
@@LAWRENCESYSTEMS I agree with you there are many videos already out there, but the quality of those videos is questionable. On other hand, your videos are much more professional, providing more information and steps in proper order, with more clarity. In my opinion, Wazuh is much better than Graylog security wise. Also, it's lighter for hardware resources, and provides full unlocked features in free version (you can have paid subscription, but it's for support). You could do great job with video explaining how to tweak it, and configure it properly for security alerts, as it has many options, because your videos stand out in this ocean of low-quality videos.
@@double_DD Thanks, but for clarification is it that many of the videos are sponsored by Wazuh that brings up the question of their quality?
Hello Lawrence!
How can I change the log colors, like: If the log is info: make it green, if is warning: make it orange, if it's error: make it red and etc.
Thank's for a nice video
can anyone share a good extractor for a unifi UDM SE
Way to many paywalls for app that claims that they're open source. Open version is opensource it offers just logging and nothing more. Enterprise and securtiy also anything paid shouldn't even be in dashboard of open source version.
You have identified a problem that you have with the project, but not a solution. How do you propose they fund this project?
@@LAWRENCESYSTEMS I heard thoughts and prayers go pretty far.
Open-source does NOT mean free, its important to remember that.
@@LAWRENCESYSTEMS they can fund it by offering paid technical support along with extra services that will benefit enterprises not by making difference enterprises and non enterprise users. I've seen few others where you get everthing enterprise does but you don't get techical support if you use free version. Graylog open should reflect it's open source nature without offering demos of paid stuff. It should only have a button with link to enterprise version for more info and subscription. There are ways for them fund it but not by locking features behind paywall.
@@egenhoferj i know that. I know they need money for hardware,they need to earn money for living,monsy for software they use for development and so on. All i wanted to say how i don't like way some open source apps are funded. In open source world best way to fund development isn't locking up advanced features behind paywall it can instead be thruogh royalties like unreal engine does, it can be by offering techincal support,hosting server on your cloud for enterprise,basicaly anything but locking features behind paywall.
If you have an existing graylog (4.3) that still uses the Elasticsearch, can you directly mount the graylog data as a volume in your new install, and still see your old data in your new install?
Not something that I have tested
I've long had a soft spot for Graylog... but alas, the Splunk dev license makes it too easy..
i could not set this up. everytime i start opensearch my system becomes unresponsive, floods the logs with some java errors and greylog never starts.
Hi Lawrence, how can I apply HTTPS or Let's Encrypt for a Docker Graylog instance? thanks
Put a reverse proxy in front of it that supports Let's Encrypt. I use pfsense with HAProxy.
Vs grafana loki?
Can i get more than 2 lakh log lines at a time in gray cloud ??
How can I update from Graylog 5 to 6?
Unfortunately I'm running an older server for my virtual environment with CPUs that don't support MongoDB's AVX requirement. I wish MongoDB had a legacy switch for older hardware or we could use a different DB.
AVX enabled processors have been shipping since 2012 and the latest AVX-512 version since 2016. Might be time to consider upgrading.
@@LAWRENCESYSTEMS Yes, I'm still running (3) 4U Supermicro servers with (2) Xeon X5675 3Ghz CPUs, 300G ram, and 36 drive bays. I have been looking at some of the newer/used Supermicros with 512G DDR4, newer CPUs, etc. Just have not committed yet.
Will your Greylog update video still work to get onto this newest version?
Yes
What is the difference between Zabbix vs Graylog?
Zabbix is more of a monitoring tool, Graylog is a logging tool.
Last I looked at Graylog, I recall being deterred by them depending on some deprecated version of a database. Know what I'm talking about? Is that fixed now?
Look at the docker compose and see if something in there that makes you not want to use it.
The UI is similar to Wazah..
Was willing to use graylog but the lack of libraries for nodejs forced me to switch to Loki.
This is a great tool, but requirew a lot resources.
Followed the instructions exactly, on a new install (VM), didnt work. Tried again, didnt work. Might want to review the instructions mate.
I did and they worked.
Hardly the best logging tool especially when a lot of the main functionality is behind a paywall. When stacked up against the free tiers of Elastic, Splunk, OpenSearch or even solutions like Wazuh, Malcolm and S1EM, Graylog doesn’t even compete.
Do you have any links to such an comparison?
@@MortenEghj My opinion is based off my own evaluation of each. However, If you just want a product, ignore me and just pick whatever the UA-camr tells you. If you have any responsibility to critical work or to a customer base, identify what’s important for your organization and reach out to competing vendors, get their demonstration and decide which makes the most sense. If you’re just playing around in a homelab, install them and see for yourself.
What one do you recommend I look at first?
Better yet, what type of person would you recommend each solution for?
Stopped watching at the first mention of docker.
If docker is to hard to for you then you should retire from IT bud.
@@dyto2287 I will do that, thanks for the advice.
@@dyto2287 and you are an idiot!!! So the WHOLE IT world is based only on docker, so if someone doesn't know how to use docker, he should retire from IT.... you dumbhead...
Graylog has installation docs for Ubuntu, Debian, Red Hat, and SUSE if you don't' want to use Docker. And manual if your distro is none of these.