Announcing Graylog v4.0 Release Candidate 2

Get ready to dive into Graylog v4.0 Release Candidate and try out the new permissions management, which significantly reduces the amount of time administrators spend managing user access. Take advantage of dark mode and connect to Elasticsearch 7. And these are just the highlights of everything that’s waiting for you in this new release.


Tarballs (manual installation):

Upgrading from a previous Graylog release? You can find the upgrade notes here.

Please report bugs and any other issues in our GitHub issue tracker. Thank you!


Teams and Permissions allows Graylog Enterprise users and teams to manage access to their own Graylog content. This new feature replaces the current Role-based Access Control (RBAC) and reduces the amount of time administrators spend managing user access..


Teams now encompass users, and roles indicate what the user can do/what actions that user can take, and associated view, edit, create privileges are set feature/functionality level through sharing.

To pull this all together, Graylog syncs with your organization’s authoritative identity source to automatically provision users with the appropriate rights and permissions. Graylog Enterprise maintains this synchronization when you activate the specific authentication service. Graylog will continue to update team members when necessary upon login. Next, Graylog uses the current roles and AD groups to auto-populate access that reflects the organizational permissions structure.

Administrators can create teams that are easily found by a search for standard names and/or terms. For example, the admin can create teams such as “Security Team,” making it easier to find users with similar data needs through lists of users, groups, or a combination of both. Also, the global setting capabilities enable Admins to limit who views data more precisely, ultimately mitigating privacy risk. Organizations can still manually manage access and permissions if necessary.

NOTE: You cannot manually manage synchronized Teams in Graylog. You have to manage them in the original identity provider. For example, if you create a team in LDAP, you cannot add or remove team members in Graylog. You can, (and we recommend that you do)  configure the roles that accompany the team.

Graylog OS will continue to offer LDAP and Active Directory out-of-the-box because we believe user access control is an essential feature for successful log management and it should be included in every logging solution. We have also added the “trusted HTTP header” authentication method to Graylog. This feature paired with a proxy server can enable authentication providers (e.g., keycard systems, Kerberos, etc.) that Graylog does currently support. Because teams are only available in Graylog Enterprise, the Open Source product no longer has Group Mapping.


The Dark Mode option is a common popular request in technology because of the benefits to your eyes and the battery life for your devices. The option is now included in Graylog. Enjoy!


Graylog v4.0 now includes support for Elasticsearch 7. Elasticsearch 7 will only work with Graylog v4.0. All nodes need to go to Elasticsearch 7.

NOTE: You can continue to use Elasticsearch 6, but we always recommend that you run the latest supported version of the application.


In the 4.0 release, we have added support for several newEvent Notification types, including Slack Notifications that will send a custom message to any Slack channel when an Event is triggered and ScriptNotifications which allow you to execute your own script in response to Events.The addition of Script Notifications, an Enterprise-only feature, allows users depending on legacy Alarm Callbacks to fully migrate of this deprecated functionality.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.