Autoscaling Environment Logs Collection using LogEntries
LogEntries
Managing log data across large autoscaling environments can be a time-consuming and expensive job. Logentries has designed a scalable service that dynamically supports autoscaling environment as log volumes expand and change dynamically. By centralizing all logs across distributed instances into one secure location, we can efficiently monitor and track log events in real time, without complex configurations i.e.
autoscaling environment logs collection using LogEntries.
Use Case
We have instances brought up as cloned instances in our production environment. In our case, we can use the Agent and it’s configuration file as this would enable us to continue logging to Logentries and continue logging to the same logs without creating any orphaned logs.
Config File
The agent stores configuration in ~/.le/config for ordinary users and in /etc/le/config for root (daemon). It is created with init or reinit commands and can be created or modified manually.
There are two ways to follow logs:
1)Follow log files through server-side configuration
2)Follow log files through your configuration file
We would be using the second way & the configure file will be like this:
[js][Main]
user-key = ACCOUNT-KEY
pull-server-side-config = False
[Syslog]
path = /var/log/syslog
destination = Production/Syslog
[Auth]
path = /var/log/auth.log
destination = Production/Auth
[Boot]
path = /var/log/boot.log
destination = Production/Boot[/js]
Simply paste this into the file /etc/le/config.
This configuration tells the Agent to follow Syslog, auth.log and boot.log and to send their contents to a Log set called Production, each log will be sent to a log inside that log set. If the destination exists then we reuse the token that exists for that Log in Logentries, if it does not exist then the Agent will create a new Log set called Production and a new log.
If we use the config as described below and reuse it across your environments then it will not create a new log set. If we want to have three Log Sets in our Account such as Production, Staging, Development then you would need three separate configuration files that would be used on each of those environments.
*For example if we had three Production servers we could use the same Production configuration file (like below) in all three of those servers. The Agent will tag each log message with the hostname so you will be able to identify where the logs originated from as well.
Installing LogEntries
On an Ubuntu instance our installation commands would be the following:
[js]#!/bin/bash
sudo echo ‘deb http://rep.logentries.com/ trusty main’ > /etc/apt/sources.list.d/logentries.list
sudo gpg –keyserver pgp.mit.edu –recv-keys C43C79AD && gpg -a –export C43C79AD | apt-key add –
sudo apt-get update
sudo apt-get install logentries -y
sudo mkdir /etc/le
cd /etc/le/
sudo wget
sudo apt-get install logentries-daemon[/js]
* We are fetching the config file from s3 bucket “logentries”
We will get the logs in our LogEntries account as follows:
Autoscaling the setup
We will make AMI of the above set up the server and we can use it to form a launch configuration for an autoscaling environment. Now the servers coming up in the autoscaling environment will be using the same config file and environment and thus will be sending their logs to the desired destination in our log entries account.
This is how the LogEntries screen will look like, where we can further do the following:
– Tagging the logs
– SettinG Alerts on Logs including inactivity alert
– Graphical representation and analysis of logs
– Performing search on logs using Regular Expressions