Graylog alternatives

retrorenovations · August 29, 2023, 3:07pm

I’ve been using Graylog for a while. It works well and I’ve been satisfied with it, but many of its dependencies and support software require older releases. For example, I’ve experienced basic malloc segfaults trying to run the recommended older version of mongodb on the latest versions of Ubuntu server.

I understand the longer term release strategy in the enterprise space, so I don’t hold that against it. But until Graylog supports newer versions of things for us bleeding edge homelabbers, are there any recommended alternatives to it that are updated more frequently?

bb77 · August 29, 2023, 3:30pm

I don’t have an answer to your actual question, but…

Why is this an issue? Are all your applications including Graylog installed on a single bare metal Ubuntu server?

Most homelabbers are using containers and / or multiple VMs in order to avoid depenency issues.

retrorenovations · August 29, 2023, 5:17pm

My Graylog install, including mongo and elastic are running in a single xcp-ng vm set up using the package-based install guide as provided by Graylog for Ubuntu 20.04 and 22.04 based systems. Separate VMs would be overkill for my workload. The specific error is not relevant to this thread and certainly due to other factors related to my lab setup than anything having to do with mongo or Graylab’s code. (As an aside, I did just pin it down as related to running on an experimental hetergeneous pool of varying cpu types which I’m aware of is strongly discouraged by xcp-cg for good reasons )

Consider it a personal idiosyncrasy. I’m just curious if there’s anything similar to Graylog that will ‘officially’ run on Ubuntu server 23.04.

Greg_E · August 29, 2023, 6:41pm

That is one “difficult” thing with XCP-NG, you need to buy all your servers at one time, or be selective about hardware when you buy used.

xMAXIMUSx · August 29, 2023, 8:36pm

Wuzah is a great alternative to graylog.

bb77 · August 30, 2023, 9:49am

So you’re only running Graylog and its dependencies in that VM? If so, why exactley would you want to run Ubuntu 23.04 then? And why should Graylog support every Ubuntu interims release, and always support (or even requiring) the latest Mongo DB release or Elastic stack? I see no advantages in doing so, but rather the opposite. If they would do that, it would mean more maintenance work and testing on their end, and on yours, without any benefit from it.

You have to see Graylog, MongoDB and Elastic as an appliance. The dependencies are there in order to get a specific job done, and as long as the application doesn’t add any new features that require a newer version of these dependencies, you don’t have any advantage in updating them, or the underlying OS.

I don’t think so, because most “serious” server applications do only support LTS releases.

You could run it in Docker. But again, there would be no benefit in running the Docker stack on Ubuntu 23.04 instead of 22.04, because you would still run the same versions of Graylog, Mongo and Elastic. However you would have more maintenance work to do, because you would have to upgarde Ubuntu twice a year, and generally the intermediate releases of Ubuntu tend to be less stable. These are all things you usually don’t want on a server.