Centralised Logs

Header graylog

We have recently added a log centralisation module to the Onesait Platform. The aim is not only to bring together the Platform’s logs in a single place, but also to facilitate their search and analysis.

By using Graylog, we will be able to analyse in real time the content of our logs quickly and easily.

What is Graylog?

Graylog is an open-source centralised log management solution that, among other things, provides us with standard log capture systems, sorting and real-time analysis of our logs.

Use in the Onesait Platform

I will now describe how the modules of the Platform are connected and how any application developed on top of it can also be.

Connection: inputs

These are the mechanisms that Graylog allows as log input to its system. In our case, we will use GELF (Graylog Extended Log Format) via TCP through port 12201.

Classification: Streams

Streams are a mechanism for classifying and categorising logs. By using rules, Graylog can classify each log entry into a stream. In the Platform, each module generates logs that carry a series of custom fields by which we can classify the source of the logs. The most important is the «app_name» field, which indicates the source module of each entry.

To make searching easier, we have created a stream per module, so that you can quickly select when searching:

You don’t have to worry any more about configuring the inputs or the streams, because both will be created automatically from our initial configuration module.

Searches

Any fields, whether custom or not, can be used in your searches, both for display and for filters:

Besides, you can do full text searches (in quotation marks), with regular expressions or single words. Once you have a search that interests you, you can save it as a Dashboard:

Video tutorial, currently available only in Spanish.

YouTube | Release 2.3.0 Graylog

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *