Graylog 6: The Best Open Source Logging Tool Got Better! [YouTube Release]

Additional Resources:

Graylog install tutorial

Step-by-Step Guide: Sending Windows Event Logs to Graylog With NXLOG

Understanding Sysmon & Threat Hunting with A Cybersecurity Specialist & Incident Detection Engineer


Connecting With Us

Lawrence Systems Shirts and Swag

β–ΊπŸ‘• Lawrence Systems


Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

UniFi Affiliate Link
:shopping_cart: Ubiquiti Store

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Partners We Love – Lawrence Systems

Gear we use on Kit
:shopping_cart: Kit

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: Tech Supply Direct | Refurbished Tech | Server Supply Store

Digital Ocean Offer Code
:shopping_cart: DigitalOcean | Cloud Infrastructure for Developers

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access


00:00 Graylog 6
01:16 Graylog Open vs Other Versions
02:24 Indice Retention Changes
03:14 New Custom HTTP Alerts
03:55 Updated Dashboard and Search
05:58 Production Log Storage
08:13 Graylog Install Tutorial
08:30 Windows Eventlogs

You mentioned that you store your log data on an NFS share, but over on the Graylog forums they recommend against that due to the needed IOPs for ES/OS.

What do you have backing the NFS share? How much log volume do you see? What performance metrics do you get on the share?


We get about 2.3 million log entries a day beings sent to the server but it could handle much more. The logs are going to a 45 Drives server with 27 drives running TrueNAS with a 3 VDEVs with 9 drives each and the server is connected on a dedicated 10G storage network.