30 open-source projects similar to graylog2/graylog2-server, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Graylog2 Server alternative.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
lnav is a terminal-based log viewer and analyzer designed for aggregating, filtering, and analyzing multiple log files in a single chronological view. It functions as a console application that can replace the system pager, providing syntax highlighting and document navigation for system or application logs. The project distinguishes itself by mapping unstructured log data to virtual SQLite tables, enabling the use of SQL and PRQL for structured data analysis, aggregations, and relational queries. It further differentiates its capability set through native integration for retrieving and taili
This project provides a comprehensive architectural blueprint and implementation set for building a platform-as-a-service on Kubernetes. It serves as a technical resource for deploying container orchestration environments, managing the full software development lifecycle, and integrating a complete DevOps toolchain. The implementation emphasizes automated software delivery through the integration of build and delivery pipelines, private container registries, and distributed configuration systems. It enables the decoupling of application settings from images via a centralized configuration man
Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monito
Highlight is a full-stack observability platform and monitoring system that aggregates logs, errors, and distributed traces to provide a unified view of application health. It functions as a distributed tracing system, an error monitoring service, and a session replay tool. The platform is available as a dockerized monitoring stack for self-hosted deployments on Linux. It distinguishes itself by combining backend observability with a visual recording system that captures document object model changes and network requests to replay user interactions. The system covers several core capability
Uptrace is an OpenTelemetry-based observability platform designed to collect, store, and analyze distributed traces, metrics, and logs. It functions as a centralized logging backend, a distributed tracing system, and a metrics engine to monitor application performance and system health. The platform is distinguished by AI-powered operational capabilities, allowing users to query telemetry data and manage monitoring dashboards using natural language. It specifically includes specialized monitoring for generative AI pipelines, tracking token usage and response quality for LLM interactions and r
Vector is a high-performance observability data pipeline designed to collect, transform, and route logs, metrics, and traces across distributed infrastructure. It functions as a modular engine that decouples data ingestion from processing and transmission, utilizing a component-based architecture to connect diverse sources to multiple destinations. The project distinguishes itself through a focus on reliability and flow control. It implements backpressure-aware data movement to prevent data loss during traffic spikes and utilizes disk-backed event buffering to ensure durability during network
Pigsty is a comprehensive database infrastructure orchestration platform designed to automate the full lifecycle of high-availability PostgreSQL clusters. It functions as an infrastructure-as-code framework that manages cluster coordination, node provisioning, and service discovery through idempotent playbooks. By integrating distributed consensus mechanisms, the platform ensures automated failover and consistent state enforcement across diverse environments, including bare metal and virtualized infrastructure. The platform distinguishes itself through a robust suite of operational capabiliti
Loki is a horizontally scalable, highly available log aggregation engine designed to store and query massive volumes of unstructured log data. It functions as a distributed observability platform that correlates logs, metrics, and traces to provide comprehensive visibility into the health and performance of complex infrastructure. The system distinguishes itself through a distributed query execution model that processes large datasets in parallel across cluster nodes. It utilizes label-based stream indexing and a distributed index to map log data to specific chunks, enabling rapid retrieval w
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
Portainer is a unified infrastructure management platform that provides a centralized control plane for deploying, monitoring, and managing containerized applications. It functions as an orchestration-abstraction layer, translating user actions into platform-specific API calls to maintain consistency across diverse container runtimes and cluster technologies. By organizing users, teams, and resources into a single interface, it enables granular role-based access control and lifecycle management for containerized services and stacks. The platform distinguishes itself through its support for di
SpringBlade is a development framework and platform designed for building multi-tenant SaaS applications. It provides a comprehensive scaffold for both Spring Cloud microservices and monolithic Spring Boot architectures, enabling the rapid construction of enterprise-grade software. The platform distinguishes itself through integrated LLM orchestration and industrial IoT management. It features an LLM orchestration platform that combines large language models with knowledge bases and visual AI agent workflows, alongside an IoT hub for device connectivity, state synchronization, and edge flow o
Keep is an open-source AIOps alert management platform that aggregates, deduplicates, and orchestrates the lifecycle of alerts from multiple monitoring tools. It functions as a multi-provider integration hub to centralize the flow of data between observability, ticketing, and communication tools. The platform distinguishes itself through incident workflow automation and AI-powered enrichment. It uses a declarative workflow engine to execute multi-step operational sequences and integrates large language models to summarize event data and correlate technical logs for faster incident resolution.
log.io is a real-time log monitoring system designed for streaming and visualizing system logs in a web browser as they are generated. It consists of a TCP log aggregator that collects formatted messages from remote sources and a file-based log streamer that monitors local files for changes. The system provides a web-based log viewer capable of ad-hoc visualization, allowing users to route specific active log streams to different screens for targeted monitoring. This is supported by a centralized message broker that redistributes incoming logs to web clients. The platform covers centralized
HertzBeat is a real-time observability platform that provides agentless monitoring for servers, databases, and networks. It functions as an infrastructure alerting manager, an OpenTelemetry Protocol log aggregator, and a public status page generator. The platform integrates an analysis engine that uses large language models to process monitoring data and generate system insights. It utilizes a cloud-edge collaborative architecture and distributed collector clustering to scale data gathering across large-scale networks. The system covers a broad range of observability capabilities, including
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
systemd is a comprehensive system and service manager for Linux that orchestrates the entire operating system lifecycle. It functions as the primary init system, managing the transition from firmware to a fully initialized user space while providing a unified framework for service orchestration, hardware management, and resource control. The project distinguishes itself through its declarative, unit-based configuration model and dynamic dependency resolution, which allow for efficient, on-demand service activation and socket-based process management. It integrates deep system observability th
HELK is a containerized security information and event management environment and threat hunting platform. It provides a security-focused deployment of the ELK stack, combining Elasticsearch, Logstash, and Kibana into a specialized platform for investigating logs and discovering hidden patterns in network and system security data. The project functions as a security data science suite, integrating interactive computational notebooks and distributed processing tools to run machine learning and graph analytics on security logs. This allows for the identification of hidden attack patterns and an
This project is a comprehensive enterprise architecture for building multi-tenant distributed systems, implemented as a Spring Cloud microservices platform. It provides a complete framework for managing microservices, focusing on multi-tenant data architecture and centralized identity provision. The platform is distinguished by its integrated approach to identity and security, utilizing an OAuth2 identity provider to manage single sign-on, role-based access control, and JWT token issuance across distributed services. It further separates organizational boundaries through multi-tenant data iso
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
HertzBeat is an agentless monitoring platform designed to collect performance metrics from network devices, databases, and servers without requiring client software. It functions as an infrastructure monitoring dashboard, an alert management system, and a centralized log aggregator using the OpenTelemetry Protocol. The system utilizes a cloud-edge collection hierarchy to scale data gathering across clusters and isolated networks. It distinguishes itself with a flexible extensibility model, allowing users to define new monitoring workflows through configuration-based metric templates and custo
This project is a web-based log viewer and management interface designed specifically for Laravel applications. It serves as a centralized dashboard for browsing, searching, and managing system logs without requiring direct access to raw files or SSH. The system functions as a multi-host log aggregator, utilizing a remote proxy to view and index logs from multiple servers in one location. It includes a regular expression-based parser that interprets structured data from non-standard log files, allowing for custom log format definitions and severity level mapping. Broad capabilities include i
This project is a containerized orchestration layer for the Elastic Stack, providing a pre-configured set of Docker Compose files to deploy Elasticsearch, Logstash, and Kibana as a unified data analysis stack. It functions as a centralized log management system for ingesting, indexing, and searching log data using a cluster of interconnected services. The deployment pattern includes an Elasticsearch cluster manager that enables scaling data nodes through replica scaling and internal discovery. It provides a web-based administration interface for monitoring cluster health and status. The syst
Warehouse is a centralized inventory control and management system designed to track stock levels, incoming shipments, and product movements within a supply chain environment. The platform utilizes a relational database to store business entities and transaction logs, ensuring data integrity and consistent reporting across all warehouse operations. The system distinguishes itself through a comprehensive security framework that integrates role-based access control with organizational management. Administrators can configure specific user permissions and menu visibility based on departmental st
Logstash is a JVM-based event processor and extract, transform, load system designed for log data processing pipelines. It functions as a plugin-based data ingestor that collects, transforms, and delivers logs and event data from multiple sources to various destinations. The system utilizes a modular architecture of interchangeable input, filter, and output components to handle real-time data ingestion and enterprise log aggregation. Users can extend the pipeline's functionality by developing custom plugins to support unique data sources or specific transformation logic. The platform covers
This project is a command-line utility designed to monitor and analyze token consumption and financial expenditure for AI coding assistants. By parsing local session logs directly on the user's machine, it provides a privacy-focused way to track development activity without transmitting sensitive data to external servers. The tool distinguishes itself through its ability to aggregate disparate log formats from multiple coding assistants into a unified, schema-agnostic representation. It features a decoupled pricing engine that allows users to apply custom model-specific cost multipliers, over
Pigsty is a full-stack orchestration suite for deploying, monitoring, and managing high-availability PostgreSQL clusters and their supporting infrastructure. It functions as a cluster management platform and high-availability suite that automates failover, manages virtual IPs, and ensures data consistency through distributed consensus. The project distinguishes itself by providing a comprehensive database infrastructure-as-code framework and a dedicated observability stack. It incorporates a backup and recovery manager supporting point-in-time recovery via S3-compatible object storage, alongs
This project is an open-source identity provider and single sign-on platform that centralizes user authentication for multiple web applications and services. It functions as a multi-protocol authentication gateway, verifying user identities and issuing tokens through the CAS protocol as well as industry standards including SAML, OAuth2, and OpenID Connect. The system acts as a federated identity server, allowing authentication to be delegated to external third-party or corporate identity providers. It distinguishes itself through identity attribute governance, which manages which specific use
Fluentd is a unified logging layer and distributed event router that collects, parses, and routes log data from diverse sources to various storage backends. It functions as a log forwarding agent and pipeline orchestrator, transforming raw unstructured log strings into formatted objects using structured log parsing. The project utilizes a plugin-based pipeline architecture to route data through independent input, filter, and output stages. It differentiates itself through tag-based event routing, which uses regular expression patterns to direct specific data streams to their intended destinat
This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis