We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
The difference between mediocre products and great products is logging.
Learn why its so, and how to tie it all together.
Before we get on to centralized logging, lets first look into why logging is such a big deal.
Two types (levels) of logging
Computers are deterministic systems, except when theyre not.
Now, logging, as I see it, is of two types:auto-generatedlogs andprogrammer-generatedlogs.
The image above shows what can be termed as anauto-generated log.
At such moments, they dig deep into the logs, trying to understand what went wrong.
But auto-generated logs can help only so much.
These are what I term asprogrammer-generated logs, and they form the backbone of sensitive industries like banking.
Is it okay for me to add this time and complete the order for you?
And heres the thing withdebugging it requires a fresh, curious mind from the start.
If a WTF thought so much as enters your brain, the whole process goes for a toss.
And what makes debugging hard?
In my experience, lack of logging, or the lack of knowledge of logging.
I particularly remember a case where the tool was going unresponsive, and no one knew why.
A few days later, the culprit was the disk I/O limit reached due to excessive traffic.
Because no one bothered to look there, no one could figure out why.
What argument would have to entertain or reject their request?
If you have extensive logging (IP address, date and time, credit card, etc.
), then youll be able to analyze all that and reach a decision.
Not having a robust logging system will show you in a bad light.
Improving existing systems
How do you go about improving the current system?
Should you merely throw more RAM and CPU threads at it?
What if your app is slow despite enough resources?
Where is the bottleneck?
More often than not, logging is the answer.
For instance, all major database systems have a feature for loggingslow queries.
Often, a small change like this works better than doubling the hardware capacity.
Theres no counting how many ways a good logging system helps you.
Just in case youre wondering, we did cover commercial cloud-based logging tools in an earlier post.
Its also unique in that it scans your collected logs for signs of security vulnerabilities and notifies you instantly.
Graylog is open-source, but theres an enterprise plan if your needs are complex.
But dont be misled: Logstash is a mothership with capabilities far outweighing any humble logging tool.
With major companies like Microsoft, Atlassian, and Twilio using the platform, Fluentd has nothing to prove.
This may or may not be what youre exactly looking for.
Flume is best for you if youre looking for a distributed, fault-tolerant data ingestion platform for heavy-duty stuff.
The source is available onGitHub, as expected, and I do think its worth a serious look.
Rsyslog
Rsyslogstands for a rocket-fast system for log processing.
It is a utility for Unix-like operating systems.
In technical terms, it is a message router with dynamically loadable inputs and outputs and is highly configurable.
It can take input from multiple data sources, transform it, and send the output to several destinations.
With Rsyslog, you might deliver 1 million messages per second over local destinations.
Rsyslog also provides aWindows agentthat works very closely with the Rsyslog Linux agent.
It is used for integration between the two environments.
This windows agent is used to forward the event logs of windows and setup file monitor service.
it’s possible for you to check out thisgetting started guideto install and see yourself how it works.
Well, say hello toLogwatch.
Once installed, LogWatch can scan your system logs and create a report of the jot down you want.
Its a somewhat dated piece of software (read reliable), though, and was written in Perl.
So, youll need Perl 5.6+ on your server to run it.
I dont have any screenshots to share as its a purely command line, daemonized process.
How the Syslog protocol works are pretty much summed up neatly in the following illustration.
If you thought lnav was nothing more than glorifiedtailf |grepyoud be wrong.
Conclusion
And there you have it!
Still, everyones needs are different, and Ive tried to cover them extensively.
From silly command-line, no-setup tools to full-blown data juggernauts, its all here!
Next, explore some of the bestprofiling softwareto optimize the utility.
