NTG Pre-Weekend Project: Loggly
-
Splunk. It's pretty straightfoward to get up and running, and gives you a great centralized view of what's going on with your logs.
-
@Dashrender said:
what's the importance of indicating non PBX systems?
Gonna be a lot of call logs. We are not mixing the two as they are managed by different teams. Not a big thing but in case someone was going to ask how well it was picking up Asterisk logs.... We don't know yet
-
@alexntg said:
Splunk. It's pretty straightfoward to get up and running, and gives you a great centralized view of what's going on with your logs.
We've had it in the past and I've used it at a lot if non-NTG locations. It is very nice but there is something awesome about SaaS too.
-
@scottalanmiller said:
@alexntg said:
Splunk. It's pretty straightfoward to get up and running, and gives you a great centralized view of what's going on with your logs.
We've had it in the past and I've used it at a lot if non-NTG locations. It is very nice but there is something awesome about SaaS too.
Splunk also offers SaaS.
-
Loggly had little good to say about that:
http://gigaom.com/2013/10/04/did-splunk-just-surrender-on-saas/
-
Splunk Cloud is $1,000 / month and up. That's rough.
http://www.splunk.com/goto/cloud?ac=ga_s_cloud_brand_Mar14&gclid=CKTJ7rWO_L0CFaJm7Aodu3MATQ
-
Splunk Storm looks interesting. Will have to check it out. But it only applies to hosted cloud instances, it isn't as broad as Loggly.
-
So far I am liking Loggly a lot. Very easy to use and works well.
Couple install issues though. Having problems on RHEL / CentOS 5 and on Ubuntu 13.10. On the former it doesn't install but just gives an error. On the later it installs but just doesn't send any logs. Working flawlessly on RHEL / CentOS 6 and on Windows Servers.
-
Ubuntu 13.10 is working now. Now looking into RHEL 5.
-
@scottalanmiller jus wondering, if its safe to send the logs to a third party?
-
@ambarishrh said:
@scottalanmiller jus wondering, if its safe to send the logs to a third party?
No different than any other enterprise partnership. If you move to any type of hosting, you have logs and other data at a third party. And as we've learned from doing that, enterprise hosts are dramatically more secure than SMBs (on average, of course.) Good hosting providers are starting to pass the most secure enterprises and government security agencies now too. There is no reason to avoid using a third party and there are really good reasons to avoid avoiding them. But like any partnership, you have to know and trust your partner.
Remember, as IT pros, we are the "third party" to the organizations that we serve and as internal IT we have much stronger incentives to do things that are wrong. Businesses whose jobs are security and stability for hundreds of thousands of companies have effectively no incentive to break trust with an individual customer and they would lose all of them. But individual IT pros can easily be incentivized to do the wrong thing as they often have little to lose and possess targeted knowledge. The fear of enterprise hosting is generally misplaces, it is really the fear of internal IT that most businesses have.
It's good to be cautious, but also to be realistic. Little is as safe as an enterprise host.
Of course, for non-Americans, American hosts carry their own risks. So treat this advice as mostly generic but keeping your data out of the US will always be important. We are a corrupt state and if you can avoid data passing through the US, that is the best for you. Depends on what your data is, of course, but if you don't want the US government to have it, just avoid US hosting.
-
I think the next wave of hosting providers will be to have all hosting kept solely outside of the US and the UK. Those two countries have burned any long term chance of any outsiders trusting them for business transactions.
-
@scottalanmiller Nice writeup on that actually.
Few of our servers are hosted in London and some in Vancouver. I was just wondering if loggly is safe enough to push all server logs. A centralised logging option is always in my mind, but am still thinking of having a self hosted log management server to collect and analyse logs from all our servers.
-
@ambarishrh said:
@scottalanmiller Nice writeup on that actually.
Few of our servers are hosted in London and some in Vancouver. I was just wondering if loggly is safe enough to push all server logs. A centralised logging option is always in my mind, but am still thinking of having a self hosted log management server to collect and analyse logs from all our servers.
Loggly is the leading hosted log platform. It is likely safe to consider it safer than hosting your own log collection platform. Loggly is a major player.