I've been using Graylog for just over a year to gather syslogs from our Palo Alto firewalls. While it's been okay, I've encountered some issues along the way. I'm planning to add more devices for syslogging too. Ideally, I want an alternative that's also open-source, but I'm willing to pay for a license if necessary. It should be easy to set up, and while I'd prefer something that runs on Windows, that's not a strict requirement.
5 Answers
You should try VictoriaLogs. It's super easy to set up and can handle log ingestion via the Syslog protocol.
If you're considering switching platforms, you might want to check out Security Onion or Suricata. They offer some robust capabilities!
I recommend giving Elastic or Wazuh a shot. They both have free community-supported versions that can handle log collection and parsing for Palo logs. The Elastic Windows agent can potentially act as a syslog receiver, but just a heads up, Wazuh might need a Linux setup.
Have you tried using Grafana Loki along with Alloy? Alloy acts as your syslog receiver, and then Loki stores everything. You can visualize the data with Grafana, which makes it pretty straightforward.
Syslog-ng could be a good option for you. It's reliable and widely used.
Totally agree, but for those not keen on Elastic's business practices, OpenSearch is worth looking into!