Nothing Special   »   [go: up one dir, main page]

At the end of November, we’ll be migrating the Sematext Logs backend from Elasticsearch to OpenSearch

Event Log

Table of contents

Definition: What Is an Event Log?

An event log is a chronologically ordered record of events occurring within a system or process, often used for troubleshooting and analysis purposes.

It can include various types of events, such as errors, warnings, information messages, and user actions. Each event is typically timestamped and includes additional information such as the source of the event, its severity, and any relevant data associated with the event.

Just as a heads up, if you need a little boost in understanding log levels, then check out this video below:

Benefits: Why You Should Monitor Event Logs

Event logs are an effective resource for identifying the root cause of any problems and incidents. This is why event logging is important:

  • Resolves Issues. Event logs help you quickly identify and troubleshoot issues within your system or application. By monitoring logs, you can detect errors, warnings, and other events that could indicate a problem, allowing you to take corrective action before encountering any major issue.
  • Detects Security Issues. Logs are also useful assets in detecting security breaches, as they can track suspicious user activities and login attempts. Monitoring logs generated by various devices, applications, and services makes it easier to detect and respond swiftly to security issues.
  • Improves System Performance. Event logging will also help you increase performance by tracking metrics such as response times, resource usage, and user behavior. You can use this data to identify memory bottlenecks, optimize processes, and make other improvements that can enhance the overall performance of your system.
  • Meets Compliance Requirements. Many industries have specific compliance requirements that mandate the monitoring and retaining event logging data. By monitoring event logs, you can ensure that you meet these requirements and avoid potential legal or regulatory issues.

Types of Event Logs

While the classification of event logs can vary between organizations, you can broadly organize them into the following types:

System Event Logs

These logs are generated by the operating system and contain information about system events such as startup and shutdown, system errors, and warnings.

Security Event Logs

These logs track security-related events such as user logins, failed login attempts, and other security-related activities. You can use them to identify potential security breaches or unauthorized access to your system.

Application Event Logs

They are generated by software applications and contain information about application events such as errors, warnings, and other important events.

Server Event Logs

Server event logs are generated by web, application, or database servers. These logs contain information about server activity, such as server errors, uptime and downtime, performance, and security issues. This information is useful for system administrators to identify and solve server-related problems.

Network Event Logs

Network event logs are generated by network devices such as routers, switches, firewalls, and load balancers. They contain information about network activity, including traffic volumes, network errors, and network connectivity issues, which help network administrators find and fix network performance issues, such as latency.

Cloud Service Event Logs

Cloud service event logs are logs generated by cloud-based services, such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) providers. These logs provide information about cloud services’ health, performance, and security, and help administrators identify issues and troubleshoot problems.

The Elements of an Event Log

An event log should contain enough information to help troubleshoot or analyze a problem or incident.

To understand the key elements of an event log, let’s take an example in the context of a 400 error received while making an API call:

  1. Severity: A log must indicate the severity level of the event or log entry, such as ERROR, WARNING, INFORMATION, or DEBUG.
  2. Timestamp: A log must record the exact date and time an event occurred, or the log entry was created. For example, the time stamp may be 2022-05-03 14:30:02.
  3. Event ID: A log must assign a unique identifier to each event or log entry, which can be used to track and search for specific events, for example, 4506.
  4. Source: A log must define the application, system, or device that generated the event or log entry, such as API Client.
  5. Message: A log must provide a detailed description of the event or log entry, including information about the activity or issue that occurred. For example: API call failed with status code 400: Bad Request.
  6. User name: A log must identify the user who initiated the activity or was affected by the event. For instance, it would include Mat Pong.
  7. Destination: Optionally, a log could have the destination of the activity or event. This could be an IP address or some other location. For example: 192.248.0.2

How to View and Check Event Logs

The method of viewing and checking the event logs depends on the OS and the program generating the logs. For example:

  • All the logs in Windows can be viewed using Windows Event Viewer. You can access Windows Event Viewer by running eventvwr.msc from the Windows Run dialog.
  • In the case of Unix-like operating systems such as Linux or macOS, you will have to use a terminal or command prompt.
  • However, regardless of your operating system, you can also read event logging data for any application or service using log analysis tools like Sematext Logs.

Below, you can find examples of how to check the different types of event logs:

System Event Log

To view and check the system event log in a Unix-like operating system, type the following command in the terminal:

sudo tail -f /var/log/syslog

In Windows, you can select System logs in Windows Event Viewer to limit the logs to system event logs.

Security Event Log

To view and check security event logs in a Unix-like operating system type the following command in the terminal:

sudo tail -f /var/log/auth.log

Within the Windows operating system, you can specifically target Security logs using the Windows Event Viewer. Doing so allows you to narrow down the log entries to only display security-related events.

Application Event Log

To inspect application event logs in Unix-like environments, use this command:

sudo tail -f /var/log/syslog | grep -i "application"

In Windows, you can select Applications logs in Windows Event Viewer to limit the logs to application event logs. Use the available filters to further drill down to application-specific logs.

Aside from system tools, you can also use the application’s feature to locate its log. For instance, if you want to view and check MySQL Server errors, you can use MySQL Workbench, its GUI tool, to access the logs.

Server Event Log

You can view server event logs using available system tools or log management tools.

To view and check security event logs in a Unix-like operating system type the following command in the terminal.

sudo tail -f /var/log/message

If you know the location of the logs, you can directly specify the log name in the terminal to view them. For example, if you want to check the Apache Server log using a Unix-like system, you can type the following command in the terminal.

sudo tail -f /var/log/apache2/access.log

In Windows, you use Windows Event Viewer to view these logs. On top of the system tools, you can also locate the server’s log files using Windows Explorer to view and check these logs.

Network Event Log

Network event logging data is accessible through a similar process to system event logs. Alternatively, you can also use third-party log monitoring tools to view and check the network event logs.

Network devices and programs also provide graphical and command-line built-in interfaces that facilitate access to these logs. For instance, Google Chrome offers developer tools for inspecting network logs in real-time. Similarly, devices like Cisco let you check event logs using SSH, Telnet, or a web-based interface.

Cloud Service Event Log

While the method to view and check the logs for cloud service events depends on the cloud service provider, almost all providers have dedicated tools or sections for event logging and monitoring that you can use to view logs.

AWS provides tools like CloudTrail, VPC Flow, ELB Logs, and CloudWatch. Azure has Log Analytics, Event Hubs, and Activity Log, whereas Google Cloud Platform has Stackdriver Logging, VPC Flow, and Cloud SQL Logs.

How Long Should You Retain Event Logs?

There is no fixed consensus on how long you should retain the log. The retention length depends on compliance requirements, the company’s information security policy, storage capacity, or external requirements like GDPR.

Generally, retaining logs for a minimum of 90 days and potentially longer is considered good practice. However, you should work with your organization’s legal and compliance teams to determine the appropriate duration for your specific needs.

Event Log Management and Monitoring with Sematext

Sematext Logs is a seamless solution tailored to streamline log aggregation and analysis for faster troubleshooting. With its user-friendly features, it allows you to effortlessly correlate logs with various system or infrastructure events (e.g. your deployments) and metrics across your infrastructure, all centralized for your convenience so that you don’t have to have multiple browser tabs open for multiple monitoring tools.

You know how when applications or infra breaks all of a sudden there is a spike in warnings or errors in your logs? You can catch that with threshold-based alerts. These alerts notify you when the number of logs matches some conditions in a specific time frame, for example, when the number of error logs in one minute exceeds 100. This way, you can be promptly informed about critical events. And if you cannot or do not want to specify a hard-coded threshold, just use the anomaly detection alert type. Sematext helps you stay on top of performance issues by sending you alert events to one or more notification platforms suitable for you and your team.

Sematext Logs provides out-of-the-box dashboards with pre-configured visualizations for common applications and infrastructure. These visualizations give you the most important information coming from your logs, help you troubleshoot faster, keep the downtime to the minimum, and just keep your operation running smoothly.

Furthermore, check the pipeline capabilities! You can also use Logs Pipelines to customize your logs in all kinds of ways and save money. Sematext enables you to extract specific information into new fields (for example, extracting a number from a log event field, putting it in a new field, and then charting that or creating an alert on that metric), mask sensitive data, filter out irrelevant logs, and much more. This way you increase the value of your logs, get rid of the noise from your logs without actually changing any code or config changes in your applications and – perhaps most importantly – really cut your costs.

This is why you will see a cost breakdown in the Sematext Logs pricing that shows a separate price for GB received (vey cheap) and a separate price for GB stored. With Log Pipelines you are able to control which log events and how many you actually store. Anything that you do not store is charged only at that very low “received” rate, thus reducing your Sematext costs.

You can get the feel for these and various other capabilities from the video below. Or, better yet, start the 14-day free trial and experience the benefits of Sematext yourself!

Sematext Logs Product Overview | Centralized Logging for all of your Applications