We performed a comparison between Graylog, LogRhythm SIEM, and NNT Log Tracker Enterprise based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The ability to write custom alerts is key to information security and compliance."
"The product is scalable. The solution is stable."
"Message forwarding through the in-built module."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"The most valuable feature is that we can alternate incident automations."
"In terms of security, LogRhythm NextGen SIEM is great."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"It's positively affected our overall rate of efficiency."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"As a healthcare company, what we use it for is compliance, then to protect our data from exaltation."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"File integrity monitoring is a very important function."
"This is a very easy-to-use interface with a quick ramp-up time."
"The most valuable feature is the predefined reports for PCI compliance."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"There should be some user groups and an auto sign-in feature."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"I would probably look for more things to go into the web console that is currently on the fat client."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"I would like to see case management become more independent from LogRhythm itself."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"The correlation suite needs to be improved."
