Take Five With Tom Fenton
5 Reasons To Use a Log Consolidator and Analyzer
The humble log analyzer can be more helpful than you probably think.
Logs are one of the key ways to monitor a datacenters health. For instance, system problems are reported in logs, so the resolution to these problems can be divined from reviewing the logs. More importantly, proactively monitoring logs can help prevent some common problems.
The issue is that constantly monitoring the individual logs on each device isn't practical. Fortunately, there are dozens of products currently on the market, including vRealize Log Insight, Splunk and ELK, that collect and analyze logs. If you have yet to implement a log consolidator and analyzer in your datacenter, here are five reasons you should.
- Convenience. Consolidators offer a single pane of glass through which to monitor all the logs in your datacenter. No longer do you need to access each individual system to see its log, because a consolidator does all the grunt work. All you have to do is review the logs it collects.
- Holistic troubleshooting. Very seldom does an event affect just one component in a datacenter. A data collector offers a quick and convenient way to identify not only the main component, but the other affected datacenter components as well. On the flip side, you can also determine if other components in your datacenter caused the issues. With a log collector, you can see the big picture of your datacenter, not just the individual parts.
- Security. Security is tricky, and people who want to compromise systems are clever. By using well architected log collection, topography and zones of security, you can make it harder for people to erase their nefarious activities. If you do a log analysis, you may be able to detect unusual or suspicious activities and trends over your whole datacenter; this is much more effective than reviewing each single device, as these activities may not be as apparent.
- Log availability. Logs are great for troubleshooting problems, but if a system goes down you may lose the logs on a system that would have been able to help you decipher what went wrong. If you're using a log collector, however, log data is instantly transferred to it, which means that even if you suffer a catastrophic failure you'll see the detailed events that led up to it.
- Historical reference. It's not easy not to back up all logs on all systems, but by using a collector you only need to back up one single system. As a bonus, many collectors have filters either on the sending or receiving side, so only the logs most critical to your datacenter are archived.
There are dozens of log consolidators and analyzers available. Some are free, some are geared to a specific technology, and others are more generic. Spend some time and research log collectors and analyzers and find the one meets your needs; you'll be glad you did.
Tom Fenton works in VMware's Education department as a Senior Course Developer. He has a wealth of hands-on IT experience gained over the past 20 years in a variety of technologies, with the past 10 years focused on virtualization and storage. Before re-joining VMware, Tom was a Senior Validation Engineer with The Taneja Group, were he headed their Validation Service Lab and was instrumental in starting up its vSphere Virtual Volumes practice. He's on Twitter @vDoppler.