When comparing Graylog2 vs SolarWinds Log & Event Manager, the Slant community recommends Graylog2 for most people. In the question“What are the best log management, aggregation & monitoring tools?” Graylog2 is ranked 7th while SolarWinds Log & Event Manager is ranked 38th. The most important reason people chose Graylog2 is:
Graylog2 is licensed under GNU GPL v3.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Free and open source
Graylog2 is licensed under GNU GPL v3.
Pro Easy setup
Graylog2 can be quickly installed on any Linux machine running Java 7 via an executable that allows installing and configuring remote dependencies and graylog2 itself via a web interface.
Pro Real-time
Information and statistics displayed update in real time.
Pro Great interface
Easy to overview, intuitive and full of explainers.
Pro Little maintenance
Pro Streams allow identifying events in real-time and perform actions
Stream allow filtering events in real time and perform action such as issue alerts or forward messages.
Pro Server-side functionality can be extended via plug-ins
Pro Works well with just about any type of logging
Pro Has custom search for in-depth log analysis
The in-depth, custom search helps you search by IP addresses, user names, etc, enabling faster root cause analysis when troubleshooting network, system, application and database issues.
Pro Peripheral security for enhanced visibility into malicious activities
All-in-one security solution that includes file integrity monitoring (zero-day malware& APT detection), SQL Auditor and USB detection
Pro Active response to detect and respond to threats in real-time
Automated response to events, like deleting user account, sending warning messages, kill processes, log off user, adding user to privileged account groups, etc
Pro Reduced costs with straight-forward licensing
Licensed by nodes (not log volume). No add-on purchases, DBA or expensive consultant support required. Extensive number of free connectors. Reduces SIEM management, training and operational overhead for resource-sensitive security departments.
Pro Automated industry-standard rules and reports to meet compliance and audit requirements
Demonstrate compliance and meet audit requirements with out of the box compliance reports for HIPAA, SOX, PCI DSS, DISA STIG and many more. Beyond SIEM monitoring and remediation capabilities, Log & Event Manager includes stronger security and broader compliance capabilities – like, SQL Auditor, File Integrity Monitoring, Active Response and USB Defender.
Pro Intuitive interface
Graphical Web UI with easy to read customizable dashboards, and search functionality to find the right information among thousands of logs. Log data and events are represented in bar graphs, with respect to time, and you can easily drill down to the specific system or node that's generating excessive or suspicious traffic.
Pro Centralized threat detection improves security incident awareness
Real-time, in-memory event correlations, based on built-in and custom rules, for instantaneous detection of unauthorized application/user-activity, database, configuration changes and suspicious network traffic
Cons
Con Limited logging protocols support
Graylog2 only has support for syslog and GELF.
Con Self hosted. Difficult to maintain.
Maintenance is very difficult because of the high volume nature of logs.
Con Slow
Takes multiple servers even for smaller deployments
Con Interface is hard to use
The interface is hard to use, loaded with data, and difficult to understand.
Con Linux agent don't manage to read logs
Linux agent made do not manage to read system logs which are in the default format which LEM is supposed to manage and also the installer seems to mess up the system during install as it assumes you are using a sysv like init system.
Con Bad UI
UI is confusing and difficult to find the information from the logs which you are looking for
Con Windows only
SolarWinds Log & Event Manager only works on Windows.