Logging Concepts
Log Ingestions
Log ingestion describes collecting log data from multiple sources, such as authentication servers, application servers, web servers, and databases, and storing it in a centralized location for analysis.
- involves using logging tools like Splunk and Logstash to collect and process log data from these systems
- provide a comprehensive view of the infrastructure and the activities taking place within it
Time Synchronization
Time synchronization ensures that computer systems have accurate system time and time-related information by synchronizing the system time with a reference time source, using Network Time Protocol (NTP), an atomic clock, or a global positioning system (GPS).
- essential to establish a clear event order
Logging Levels
Logging levels are categories of severity used to categorize log events.
- Each logging level is associated with a numerical value that can be used to sort and filter log events
Common Logging Levels
- DEBUG
- used for debugging purposes
- INFO
- used for informative messages
- WARNING
- used to indicate a potential problem
- ERROR
- used to indicate a serious problem
- CRITICAL
- used to indicate a critical problem
Syslog Logging Levels
- 0 Emergency (emerg)
- system is unusable
- 1 Alert (alert)
- immediate action required
- 2 Critical (crit)
- critical conditions
- 3 Error (error)
- error conditions
- 4 Warning (warn)
- warning conditions
- 5 Notice (notice)
- normal but significant conditions
- 6 Informational (info)
- informational messages
- 7 Debug (debug)
- messages helpful for debugging
TRACE
- Another useful logging level is TRACE
- level is typically used for very detailed logging that is useful for debugging
- generally not used for production applications
- can generate overwhelming amounts of log data and cause negative performance impacts
Custom Levels
- Custom logging levels can also be defined to provide more granular control over the logging process
- e.g., an application may define a “SECURITY” level to track security-related events