Log management is a process of handling copious volumes of logs that are made up of several processes, such as log collection, log aggregation, storage, rotation, analysis, search, and reporting.
Log aggregation, therefore, is a step in the overall management process in which you consolidate different log formats coming from different sources all into one place to make it easier for you to analyze, search, and report on your data. Let’s take a closer look at why log aggregation is important, methods, and tools that can make the process simpler.
Logs are very important to any system because they give you an idea of what is happening and what your system is doing. Most processes that are run on your system create logs. The problem is that these files are often found on different systems and in different formats. If you have a variety of hosts, then you might end up with different logs hosted on different locations.
If you have an error and you need to refer to your logs to see what went wrong, it would mean that you would need to search in dozens, or even hundreds, of files. Even with good tools, you will spend a lot of time doing this and it can easily frustrate even the hardiest system administrators. Log aggregation is a good way to bring together all these logs into one location.
Gamesparks shares their experience, indicating that the company faced several challenges wherein log aggregation impressively helped. For one, they had distributed servers and needed a better way to transmit multi-line log entries from different sources. They also needed their servers to be highly available or to risk losing valuable information.
Being able to aggregate logs in a centralized location with almost real-time access allowed the company to easily and promptly troubleshoot problems, while also being able to do trend analysis and pinpoint anomalies.
There are a few methods you can employ to aggregate logs.
Replicate your log files. It is very easy to copy your files to a central location using rsync and cron. This is the easy way that can serve the purpose of getting all your data in one place, but it’s technically not true aggregation. Plus, since you have to follow a cron schedule, you cannot access your files in real time.
Syslog, rsyslog, or syslog-ng. What these do is to tell processes to send log entries to them, and the configuration will direct these messages to a central location. You would need to set up a central syslog daemon somewhere on your network as well as on the different clients to enable these clients to forward messages to the daemons. Urban Airship has a great tutorial on how to set this up at this page. With syslog, chances are it already exists in your system, so it’s just a matter of configuring it right and making sure that your central syslog server is always available.
Log management and aggregation are made simple thanks to the availability of tools that can automate the process. These tools are great in that they work the same way as syslog, syslog-ng or rsyslog, but have other features that make them worth your while.
Different tools have their own strengths, but most rely on a similar architecture: using a logging client on each host and then collecting these files to a central location, making use of a storage tier that is easily scalable to accommodate all the data coming in over time. A few of the tools in this space include:
There are several cloud service providers that offer log management and aggregation as a service. This effectively takes away most of the work you need to do when it comes to storing or accessing your files, as well as guaranteeing that you would spend no time maintaining and setting up any infrastructure you may need. You just have to configure your syslog daemons or agents and these “as a service” providers will take care of the rest. A few of the cloud-based tools include:
There are a few important features to look for in a tool, including:
For a more comprehensive list of tool options, check out our list of the top 51 log management and monitoring tools here.
For more information on log management, monitoring, and aggregation, visit the following resources and tutorials:
Log aggregation is critical for modern development, as today’s developers are managing a variety of data from myriad sources – and errors and bugs could be coming from any number of them. It’s simply not efficient to manually search through dozens of files to locate the root of a problem; log aggregation eliminates this massive time-suck.