Running a home lab is nice, but having some control is even better.
And with control, I mean logging.
I have used Splunk, Qradar and Humio in job related activities over the years, and they have all pros and cons.
The biggest is often the issue related to licenses and complexity.
After setting up a Palo Alto firewall in my home setup, I really needed somewhere to ship the logs. I tried Splunk, but the free version is just missing to much. So i started googling for alternatives and there I found Graylog.
Pretty simple to set up, have a lot of features in the free version(not missing anything yet) and really good documentation.
At the moment I’m sending logs from the firewall, a webserver, a ssh-gateway and my pihole DNS server. I’ve only used syslog and filebeat, but more are supported.
I need to normalize the logs more, but its fun to set up notifications and creating dashboards. And to understand logs is important in most tech jobs, specially InfoSec.