Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Syslog - Is it a good idea to dump all of your applications' logs to Syslog?

Tags:

logging

syslog

I am developing many applications that working together and now having discussion how to consolidate logs. What I am seeing from many applications, they all dump logs to /var/log/ or any directory related to application itself.

Ex. /var/log/hadoop, /var/log/access_log, etc.

But my colleague said "just put everything in Syslog". So, everything is centralised and easy to troubleshoot. We don't have to know where log is setting in each application.

So, what is the advantage of using syslog over putting log file in your own application? Is it just developer centric to put log file in /var/log/ or any directory of their choices? or it is actually the best practice over syslog?

like image 977
A-letubby Avatar asked Nov 12 '14 05:11

A-letubby

People also ask

What is the benefit of syslog?

A big advantage of syslog is that the log server can monitor a vast number of syslog events via log files. Routers, switches, firewalls, and servers can generate log messages, as well as many printers and other devices.

How does using a syslog server make processing more efficient?

As large networks generate a lot of Syslog data they need to be able to store the Syslog data for quick retrieval and easy reference. It is hard to find specific log entries in a large amount of data. A Syslog server allows you to collect as well as filter the logs.

What is difference between syslog and Rsyslog?

Rsyslog is mainly available for Linux and recently for Solaris. The syslog-ng application is highly portable and available for many more platforms including AIX, HP-UX, Linux, Solaris, Tru64 and most variants of BSD. This makes syslog-ng more suitable for sites with diverse platforms.

1 Answers

When you send your logs to syslog, logs can be processed by the syslog daemon (rsyslog for instance) in various ways:

  • You can write filters to process each piece of log differently (by the producing app, by the severity/facility, ...)
  • You can easily forward logs to some central log server, with integrity and confidentiality (TLS)
  • You have properly identified fields that caracterize each line (timestamp, appname, process id, ...)
  • You can anyway write logs to /var/log/... if you wish
  • You get buffers with rsyslog, to avoid any log loss
  • You can use reliable protocols for log forwarding (eg. RELP)
  • You can parse the message it self to extract more metadata
  • You can send logs to some Elasticsearch database
  • Processing is done more or less synchronously
  • You don't have to parse stupid flat log files when you want to analyze them
  • Logs with sensitive information don't have to be written in clear to the local filesystem

In fact I don't see any good reason to write logs directly to some file.

like image 136
Stephane Martin Avatar answered Sep 21 '22 13:09

Stephane Martin
Sign in to Comment

Related questions

SXSSF workbook createSheet() fails on linux environments
How to store MySQL warnings in database?
How to log Spring transaction content
Can I split/merge output streams of subprocess.Popen?
I can't read mysql binary log
Celery truncates log messages
Heroku log for Resque worker
How to find out what a hash means?
How should one log when an exception is triggered?
List of events that are getting fired in the DOM
Log4j 2 root logger overrides everything?
Configuring LogBack DBAppender programmatically
Tail multiple logs fluentd

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!