We performed a comparison between Graylog, IBM Security QRadar, and NNT Log Tracker Enterprise based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I like the correlation and the alerting."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"The product is scalable. The solution is stable."
"The solution's most valuable feature is its new interface."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"Open source and user friendly."
"The tool is already automated in many ways, but there are some additional functions which should be automated, like sending an email, mobile notification, and integration of XFS."
"The solution can scale."
"The solution is easy to use, manage, and review all incidents."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"The threat hunting capabilities in general are great."
"It provides many options for searching. I can see devices from different vendors, like Cisco, in one interface, which is good for me."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"File integrity monitoring is a very important function."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"This is a very easy-to-use interface with a quick ramp-up time."
"The most valuable feature is the predefined reports for PCI compliance."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Dashboards, stream alerts and parsing could be improved."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"There should be some user groups and an auto sign-in feature."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"The whole process for support is something that needs to be improved."
"I have noticed a few things while working on this. After the restart of the server, sometimes, the services misbehave, and you need to manually start or restart the service. I have seen that specifically with the Tomcat service. Sometimes, when you click on log sources, instead of opening the log source extension, it redirects you over the internet."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"IBM QRadar could improve the plugins and threat detection."
"The AQL queries could be better."
"There was some complexity in the initial setup due to bandwidth issues."
"It would be good if the program allowed certain profiles to only see certain customer information."
"I have noticed the interface has room for improvement."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"The correlation suite needs to be improved."