Log-Monitoring

Log-monitoring is an aspect of monitoring with a strict focus on logging. With trends towards IT landscapes with many but much smaller apps the classicial approach to write log-files to the disc and let operators read those via SSH became entirely obsolete. Nowadays we have up to hundreds or even thousands of apps that themselves are clustered into multiple nodes. Therefore you should establish a centralized log monitoring system in the environment and let all your nodes log directly into that system. This approach gives the following benefits:

  • all log information available in one place

  • full-text search accross all logfiles

  • ability to automatically trigger alerts from specific log patterns

  • ability to do data-mining on logs and visualize in dashboards

Options for log-monitoring

Typical products for such a log monitoring system are:

In devonfw we are not biased for any of these products. Therefore, feel free to make your choice according to the requirements of your project.

For Quarkus applications, you can get an insight into the topic by reading the guide about centralized log management.

API for log-monitoring

The "API" for logging to a log-monitoring system for your app is pretty simple:

  • Write your logs to standard out.

  • Use JSON logging as format.

Then the container infrastructure can automatically collect your logs from standard out and directly feed those into the log monitoring system. As a result, your app does not need to know anything about your log monitoring system and logging becomes most simple. Further, if you do not write log-files anymore, you might not need to write any other files and therefore may not even need write permissions on the filesystem of your container. In such case an attacker who may find a vulnerability in your app will have less attack surface in case he can not write any file.

Last updated 2022-01-24 21:30:19 UTC