Try our new research platform with insights from 80,000+ expert users

Graylog vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024
 

Categories and Ranking

Graylog
Ranking in Log Management
18th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
18
Ranking in other categories
No ranking in other categories
Wazuh
Ranking in Log Management
2nd
Average Rating
7.4
Reviews Sentiment
6.6
Number of Reviews
45
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Extended Detection and Response (XDR) (3rd)
 

Mindshare comparison

As of January 2025, in the Log Management category, the mindshare of Graylog is 6.6%, up from 5.7% compared to the previous year. The mindshare of Wazuh is 16.8%, up from 13.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Nicolae CIornii - PeerSpot reviewer
Stable solution with room for improvement in interactivity and user-friendliness
We have tested IBM QRadar and now use it. First of all, the key factor is the pricing. I saw that IBM QRadar has an interactive dashboard, providing valuable insights to people. Additionally, I've seen that IBM QRadar has an agent that simplifies installations across various platforms without requiring intricate configurations. Also, IBM QRadar has automatic reporting.
AKASH MAJUMDER - PeerSpot reviewer
Open-source platform with custom alerting
There are three key strengths of Wazuh that stand out to me. Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly. Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in. Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"Real-time UDP/GELF logging and full text-based searching."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"Open source and user friendly."
"Its cost-effectiveness is the most valuable aspect."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The product is easy to customize."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"It offers built-in modules for file integrity and vulnerability management."
"The solution is easy to maintain."
"The product’s interface is intuitive."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
 

Cons

"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Lacks sufficient documentation."
"Graylog can improve the index rotation as it's quite a complex solution."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"The deployment is a bit complex."
"Wazuh is missing many things that a typical SIEM should have."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Its configuration process is time-consuming."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
 

Pricing and Cost Advice

"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"We're using the Community edition."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"We are using the free version of the product. However, the paid version is expensive."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"It's an open-source solution that can be used free of charge."
"The product price is neither too high nor too low."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
"Wazuh is not an expensive solution."
"Wazuh is an open-source tool."
"Wazuh is a good tool, but the open-source version has scalability limitations."
"They have a good pricing strategy for market expansion."
"The product is cheaper compared to other tools."
"Wazuh has a community edition, and I was using that. It's free and open source."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
825,661 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
9%
Government
8%
Educational Organization
7%
Computer Software Company
16%
Comms Service Provider
7%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
We are using the free version of the product. However, the paid version is expensive.
What needs improvement with Graylog?
Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I hope to see improvements in Graylog for more interactivity, user-friendliness, ...
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
I am investigating more about the community support for Wazuh. I can't provide a definitive answer yet. An issue I noticed is with tag values in certain rules not functioning properly. It's unclear...
What is your primary use case for Wazuh?
I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and...
 

Comparisons

 

Also Known As

Graylog2
No data available
 

Learn More

 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Information Not Available
Find out what your peers are saying about Graylog vs. Wazuh and other solutions. Updated: December 2024.
825,661 professionals have used our research since 2012.