Graylog

What do you like best?

It's fairly easy to use in a .NET application. It uses log4net appenders, which is very common and well supported. When everything is set up correctly, it has many ways to group your logs, and it offers an easy way to query. It supports alerts by email and if your message is json, it parses that beautifully through a so called "extractor". It also supports Active Directory. Creation of dashboards is very easy.

What do you dislike?

I'm not a big fan of products that use other products (elasticsearch) and is dependent on a very complex infrastructure (linux). I guess we should have used docker containers right from the start, but as it is right now (with a virtual Linux server) it's a scary business to update it to the latest version. Partly because you'll need to control both Graylog and ElasticSearch. It took quite a while to set up a good working environment. Logging servers are part of the group of necessary software that you don't really want any learning curve associated with. It should be a product where you just click "install", and works out of the box. Graylog is not like that. But it's free, and works as good as any paid product, so we can't complain.

What problems are you solving with the product? What benefits have you realized?

A central logging server is a must for any company that has more than a few applications. To monitor all logs, group them into error logs, have an overview what goes well and what's not, read tracing and custom logs is impossible without a good central logging system. Graylog performs really well, even under heavy load. It saves time. We use it also to check the payload of, for instance, API calls. This seriously reduces the time to find and solve bugs.