1
response

HI Everyone,

I'm evaluating various Log centralization / log analysis tools for our enterprise. I've been looking into graylog for some time and have gotten to the point where I'm comfortable in it. I just started to look into NXLOG and I'm wondering which offering to choose.

From what I can see, NXLog is more capable than graylog as far as log collection goes.

Can someone help me understand this better? I see a lot of setups using BOTH, and I'm not really sure I want to use two systems --- we're not all that complex here to warrant that kind of setup.

Thank you!!!

Brad

AskedDecember 18, 2020 - 4:23pm

Answer (1)

Hi Brad,

Indeed NXLog and Graylog often compliment eachother. NXLog is a powerfull log collector, you can take advantage of the flexibility it provides and a wide range of features around collecting, processing and forwarding events.

Graylog uses Elasticsearch as a backend and specialises on indexing, analysis, searching, visualization, and alerting. That's exactly the difference between them. NXLog is not a SIEM tool, it does not provide a GUI to search and actively correlate data, and although it can be used for storing logs, this is usually done temporarily while they are in transit one or more target systems.

NXLog can be configured as a collector for Graylog, acting as a forwarding agent on the client machine, sending messages to a Graylog node. You can learn more here: https://nxlog.co/documentation/nxlog-user-guide/graylog.html

Especially in the EE version of NXLog GELF events are enriched with some additional fields: $EventTime, $FullMessage, $Hostname, $SeverityValue, $ShortMessage, $SourceLine, $SyslogFacility, and $version.

I hope this was helpful, please feel free to let us know if you have any questions.

Kind regards,

Konstantinos