Graylog2 only handles syslog and its own protocol (GELF) for accepting log events. Graylog2 uses ElasticSearch for data storage. Logstash can use ElasticSearch or just send the data elsewhere.
The Graylog2 web interface is pretty awesome and it has some neat stuff built in. Logstash ships with a fairly spartan web interface though we're going to replace it with a ruby port of Kibana in the future.
Logstash can accept data from GELF senders (via the gelf input plugin I wrote) or send to gelf receivers (like Graylog2).
Graylog2 is awesome, don't get me wrong. I just had to bail on it when it was still on MongoDB because I couldn't justify the cost of instances needed to get a MongoDB instance that could hold more than 4 hours of data.
The Graylog2 web interface is pretty awesome and it has some neat stuff built in. Logstash ships with a fairly spartan web interface though we're going to replace it with a ruby port of Kibana in the future.
Logstash can accept data from GELF senders (via the gelf input plugin I wrote) or send to gelf receivers (like Graylog2).
Graylog2 is awesome, don't get me wrong. I just had to bail on it when it was still on MongoDB because I couldn't justify the cost of instances needed to get a MongoDB instance that could hold more than 4 hours of data.