Operations | Monitoring | ITSM | DevOps | Cloud

Latest Posts

Announcing Graylog 3.2

This release unifies views, dashboards, and search for a more flexible and comprehensive approach to threat hunting. The expanded search introduces greater efficiency by making it easier to reuse searches you need to run on a regular basis with saved search and search workflows. Other enhancements such as full screen dashboards, and updates to alerting round out v3.2.

Improve Your Logging Efforts by Leveraging Your Search History

When talking about log management, search history is overlooked more often than not. Past searches can be used as part of log analysis and forensic analysis, but the main issue with this data is the speed of search which gets compromised as data volume gets greater. We will discuss some ways to get the best out of your saved searches and to speed up the search process.

Implementing Geolocation with Graylog Pipelines

Geolocation can be automatically built into the Graylog platform by using the "GeoIP Resolver" plugin with a MaxMind database. However, you can further improve your ability to extract meaningful and useful data by leveraging the functionality of pipelines and lookup tables. In fact, these powerful features allow you to do much more than the basic plugin.

Log Formats - a Complete Guide

Log management software operates on the basis of receiving, storing, and analyzing different types of log format files. There are several of these standardized log formats that are most commonly generated by a wide assortment of different devices and systems. As such, it is important to understand how they operate and differ from one another so that you can use them the right way, as well as avoid some common mistakes.

How to Set Up Graylog GeoIP Configuration

Gathering logs that contain IP addresses are quite common across your infrastructure. Your firewalls, web servers, wireless infrastructure and endpoints can contain IP addresses outside your organization. Having additional data on those logs that gives you the Geolocation of the IP address helps in your investigations and understanding of your traffic patterns. For Example, if you can see logs on a World Map, you know if you are communicating to a country you don’t normally talk to.

What Are the Differences Between On-premises and Cloud-based Log Management?

Cloud computing has changed the way we think about software, and opened up many new possibilities in both business and software development. Log management tools have also been affected by this, which begs the question – what are the pros and cons of cloud log management when compared to on-premises solutions? There are several key things you should consider before opting for either one, so here is a brief overview of the most important aspects that will help you make an informed decision.

Enhancing AWS security with Graylog centralized logging

AWS is a popular destination for IaaS that offers quickly saleable resources to meet even the largest customer demands. Cloud scalability like this can generate a large amount of logs you need to monitor to keep up with your cybersecurity goals. Getting those logs into a SIEM or centralized log management platform such as Graylog is key to have proactive monitoring and alerting.

How to Use Graylog Lookup Tables

Logs are a wealth of information containing meta-data from IP addresses, User Names, and error codes. While this is all extremely helpful, the task of understanding all this can seem overwhelming at times to an untrained eye. Other times, corporations might have additional resources they would like to enrich their logs with, i.e., adding a department name to a log message that depends on the username in the log.

Strengthening cybersecurity with log forensic analysis

Any system connected to the Internet is vulnerable to malicious attacks and breaches. If it’s online, there’s someone out there trying to break into it and do something bad with it (usually stealing data). Plain and simple. To protect your most valuable assets, you need bulletproof security measures, a skilled SecOps team, robust investigation tools, and reliable prevention/mitigation strategies.