Try our new research platform with insights from 80,000+ expert users

Elastic Security vs syslog-ng comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
11th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
64
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (8th), Extended Detection and Response (XDR) (10th)
syslog-ng
Ranking in Log Management
17th
Average Rating
8.8
Reviews Sentiment
2.1
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Elastic Security is 3.0%, down from 6.0% compared to the previous year. The mindshare of syslog-ng is 2.5%, down from 2.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

SyedAli17 - PeerSpot reviewer
Centralized monitoring improves security posture through rapid data processing
The processing part of Elastic Security ( /products/elastic-security-reviews ) is very interesting for us since we handle almost 7,000 to 8,000 alerts per minute. We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data. Additionally, Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing.
RyanVargas - PeerSpot reviewer
It's a user-friendly open-source solution that can replace or augment a commercial product in some cases
I rate syslog-ng 10 out of 10. It's free and easy to use. It has built-in tools that help us index the various logs sent to it. It's a solid log product. If you're looking for a SIEM solution, syslog-ng will work as a stopgap measure at beginning of the project. It can also work as an injector for a true SIEM solution. You can send all the logs to syslog-ng and forward all the data to the SIEM solution after you've cleaned up the data and got the pertinent information. It's a good front end for a commercial SIEM solution, which becomes more expensive as you load more data into it. I would highly recommend syslog-ng for that use case. However, if you lack the expertise, you might need to go with a cloud-based SIEM instead. You need some in-house expertise or an outside consultant to manage it and set it up.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"It's open-source and free to use."
"The solution's most valuable features are anomaly detection and connectivity reporting."
"We've found the initial setup to be quite straightforward."
"The most valuable feature for me is Discover."
"It's simple and easy to use."
"For us, the most valuable feature is the use of compound search for searching logs at a specific time, by a specific user, or specific behavior."
"Syslog-ng provides easy access to all my logs. It helps me show managers and other clients precisely where an incident occurred. I also like it because you can integrate syslog-ng with multiple solutions to allow real-time monitoring."
"The ability to extract and store the logs is the most valuable feature of syslog-ng."
"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."
"Syslog-ng has a separate config file in addition to the core configuration."
 

Cons

"Elastic Security consumes a lot of resources, requiring a substantial deployment setup."
"Email notification should be done the same way as Logentries does it."
"It could use maybe a little more on the Linux side."
"Elastic sometimes does not correctly identify threats or anomalies. It might not classify an issue as malicious or critical accurately."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"There is always the potential for additional integration and protocol extensions."
"There is room for improvement in terms of observability."
"It's hard to find people who know how to use syslog-ng. I often find problems with configurations, and solutions aren't integrated correctly with syslog-ng. For example, there might be data with extra decimals, or the collector agents are incorrectly named. It isn't a problem with the solution; it's a lack of professionals."
"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."
"The filtering has room for improvement."
 

Pricing and Cost Advice

"Compared to other products such as Dynatrace, this is one of the cheaper options."
"It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
"The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."
"I can say that the product is cheaply priced."
"The solution is free."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"This is an open-source product, so there are no costs."
"Syslog-ng is a free open-source solution."
"Syslog-ng is open-source."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
859,957 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
9%
Financial Services Firm
9%
Comms Service Provider
7%
Government
13%
Computer Software Company
12%
Financial Services Firm
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Since Elastic Security is community-based, it does not require significant costs. This is beneficial for SMEs as they do not need extensive budgets for security solutions.
What do you like most about syslog-ng?
For us, the most valuable feature is the use of compound search for searching logs at a specific time, by a specific user, or specific behavior.
What is your experience regarding pricing and costs for syslog-ng?
The pricing is in the middle. I would rate the pricing a six out of ten, with one being expensive and ten being cheap.
What needs improvement with syslog-ng?
There is room for improvement in terms of observability. Additionally, a possible new feature could be Kafka integration.
 

Also Known As

Elastic SIEM, ELK Logstash
No data available
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Tecnocom, University of Victoria, University of Exeter, Datapath
Find out what your peers are saying about Elastic Security vs. syslog-ng and other solutions. Updated: June 2025.
859,957 professionals have used our research since 2012.