Tour of Graylog

Greylog Operations provides effective log management by enabling observability into your data. With Greylog, you can quickly search your log data, create dashboards, and set up alerts for timely, important events. For compliance, it also offers archiving, audit logs, and custom reporting. Greylog integrates with many platforms through technology packs, custom parsing rules, and dashboards. It’s available for both on-premises and cloud setups.

Search and Dashboards
Search and dashboards are where the magic happens in Greylog. For example, if I search for syslog in my stream and select a log message, I can easily work with the application name field. I can display the top values of running applications in table form, or modify it by duplicating the data. You can represent the same data differently, such as in a pie chart, or move widgets around and switch to a bar chart. The platform allows easy customization of your data displays.

Once you’ve customized your search, you can save it and continue to modify it later or export it directly to a dashboard. Dashboards allow you to view your data visually and interact with it. You can also build custom reports based on the data in these dashboards. For instance, I created a dashboard specifically for syslog messages, showing different log types and applications running within my instance. Additionally, you can set up automated reporting, scheduling reports to be sent out daily, weekly, or monthly, including customization of email recipients and content.

Reports and Alerts
Greylog makes it easy to configure and send reports, with options for setting time zones, page orientations, and specifying which widgets to include. You can also integrate your company’s logos and adjust other branding details.

For alerts, you can define event definitions and receive notifications through the alert panel. For instance, you can set up a brute force detection alert, which combines multiple logon failures followed by a successful logon to trigger a notification. Greylog supports different types of event definitions, including aggregation and correlation, allowing you to set up sophisticated alerting systems. Notifications can be sent to platforms like Discord or other third-party integrations.

Compliance and Archiving
Greylog also offers archiving and audit logs to help with compliance. Through the Enterprise menu, you can configure index archiving with options for backend types like file systems or S3 buckets. The audit log feature tracks all modifications and user actions within Greylog, providing transparency and control over your data management.

Integrations and Technology Packs
Greylog integrates with a variety of platforms and services, supporting inputs like AWS, Azure, Google Cloud, Office 365, Crowdstrike, and many others. The platform also offers technology packs, which are updated automatically to ensure the latest integrations and content are always available. These packs include integrations for popular services like Cisco, Carbon Black, and Linux, providing out-of-the-box solutions for custom log parsing.

This is just a quick sneak peek of Greylog Operations. If you’d like a deeper dive into what Greylog offers, sign up for a 20-minute demo. Happy logging with Greylog!