We all know that logging is necessary and we do log a lot of different types of data on a regular basis. Data like user transactions, customer behaviour, machine behaviour, security threats, fraudulent activities etc etc. Historically, logs were mostly a tool for troubleshooting problems. But more recently, they have become important for network and system performance optimization, recording user actions, providing helpful data for investigating suspicious activity, and assisting with proactive monitoring of the environment. In many cases, having log data easily available can provide early warnings about problems before they go out of control.
There are three broad areas where logging is helpful namely troubleshooting, resource tracking, and security.
Troubleshooting:
Logging helps in troubleshooting, finding and fixing problems. The event logs are usually the best source of information for determining whether a system or network is experiencing problems. Different events such as a disk space filling to capacity, or the failure of a necessary piece of equipment, failure of a driver to load, or the detection of an IP address conflict can be recorded in the event logs. Event logs also helps in reporting diagnostic information for background processes.
Resource Tracking and Monitoring applications:
Logging helps in resource tracking, monitoring and improving service levels. It helps in providing real time insights of the system. Information on the capacity and usage of system resources should be logged. Any type of system metric that can change over time should be reported and logged. These metrics may include the frequency of users on the system, maximum number of users, the duration of the use of specific applications, the amount of available disk space crossing a threshold, memory usage, DB resources, the load on the system crossing a threshold, the number of processes running on the system at any given time etc. All these logged data will help you tune your systems before disaster strikes.
Security:
Logging is also a very important part of security of the system. It helps in mitigating security exposures and risks. It is impossible to make a system 100% secure. There are always some security flaws that can be exploited, and unfortunately the greatest risks to security are the human users themselves. If illegal access to a system cannot be completely prevented, then at least they should be recorded and tracked. These logs will help in discovering the potential problems or signs of problems and will help in resolving them.
Why (benefits of) Centralized Logging:
Centralized logging (logging all data in a Central log server or repository) provides a number of benefits than logging on local servers.
In my next post I'll try to explain steps to install scribe and write a scribe client in PHP for logging messages to a Central log server.
- All of the logs are in one place, this makes things like searching through logs and analysis across multiple servers easier than bouncing around between boxes. Greatly simplifying log analysis and correlation tasks.
- It helps in having the answers to "why" quickly and accurately. All your logs are in one location and you can quickly access them and find the trouble.
- Suppose your system is down or overloaded and unable to tell you what happened. If you have remote copies of all your system logs you can look at exactly what's been going-on on that system.
- Local logs from the server may be lost in the event of an intrusion or system failure. But by having the logs elsewhere you at least have a chance of finding something useful about what happened.
- It reduces disk space usage and disk I/O on core servers that should be busy doing something else.
- Log processing and log rotation mechanism can also be centralized, if any.
- Centralized logging can provide clues for making things better.
No comments:
Post a Comment