Skip to content

Central logging and Machine logs

Introduction

Centralized logging is pivotal for managing server platforms as it streamlines visibility and accelerates troubleshooting. The best solutions scale with your platform, and allow for knowledge sharing and quick linking to the right logs.

syslog

Syslog is a standard logging protocol, supported by all Unix systems and many devices. Chances are you already have a centralized logging solution based on this protocol. In other cases, this protocol may be the only solution because there is not other way to expose internal logs.

Vector can be used to provide a centralized syslog target for other systems to send their logs to. Alternatively, the log files in /var/log can be watched for new lines and shipped to Observe by Cyso. For the last options, and a quick guide to Vector in general, take a look at our guide.

Alternatively, promtail, Grafana Agent and many others provide the same functionality.

systemd journald

Many modern Linux distributions have a made the switch to systemd, which provides a logging component in the form of journald, which automatically records and stores and rotates log output for units in systemd. While this component is easy to use on a single local system using the journalctl command, there is no easy way to query logs across a platform.

Vector has support for discovering and shipping logs from journald. Alternatively, promtail and Grafana Agent can be used.

Windows Event Log

The Windows Event Log is a standard way to log events on Microsoft Windows, many Windows applications will simply log to the Applications category. The Event Log is easily queried from the machine itself, and when using Active Directory it is even possible to query Event Logs on other machines in the same domain. Even though this is possible, there is still merit to ship logs to a central location. That way, the same tools can be used to query logs over multiple systems, even if these systems do not run Windows.

promtail can be used to scrape the Windows Event Log and send events to Loki.