What’s new in Graylog 3.0?
Popular vote π€
Who’s usingβ¦
Elastic Stack (ex-ELK)
Splunk
Some Logging SaaS (Loggly, Scalyr, etc.)
Graylog
Why Centralized Logging?
Debugging
Debugging (2)
Security (1)
A theme in this article will be: "what separates standard incidents from horrifying nightmares?"
A good or bad story around logging will dictate the rest of the incident.
Security (2)
I recommend that any security or infrastructure team putting off a comprehensive approach to logging drop nearly everything to invest in it.
Security (3)
A10:2017 Insufficient Logging & Monitoring
Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident.
Graylog
Open source log management platform
Built for security and operations
Easy to set up, powerful features
Extensible via plugins
Graylog πΈ
Commercial plugins (Audit log, Archiving, Reporting, Views)
Professional support
Link: Graylog Enterprise
Inputs
GELF
Beats (Filebeat, Metricbeat, etc.)
Syslog
CEF
Netflow (v5 and v9)
Inputs (community)
Redis
MQTT
SNMP
AWS Flow Logs, Cloudwatch Logs, CloudTrail
Many more on the Graylog Marketplace
π₯ Graylog 3.0
π₯ Graylog Sidecar
Centralized config management for log shippers
Completely new implementation
Allows managing arbitrary binaries
Runs on Linux & Windows
π₯ Grok Editor
Grok == Regular Expressions on Steroids
Sometimes hard to debug
No more external Grok Debugger
Grok editor now with preview and test
π₯ Content Packs 2.0
Sharing configuration between Graylog clusters
Allow using parameters
Versioning
Removal (uninstall)
π₯ Views πΈ
Interactive dashboards
Completely customizable
Can be saved and shared
π₯ Reporting πΈ
For your management team π
Create shiny reports (PDF)
Allows scheduling of report creation
Reports can automatically be sent via email
What’s in a Graylog cluster?
Graylog
Elasticsearch 5.6 or higher
MongoDB 2.4 or higher
Optional: Graylog Collector Sidecar
Live Demo π±
Questions? π€
Contact Details
.jpg){kind=link}