{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Deceive 欺骗 的问题《Application log aggregation, management and notifi》','https://www.manongdao.com/q-1310654.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm wondering what everyone is using for logging, log management and log aggregation on their systems.
I am working in a company which uses .NET for all it's applications and all systems are Windows based. Currently each application looks after its own logging and notifications of failures (e.g. if app A fails it will send out its own 'call for help' to an admin).
While this current practice works its a bit hacky and hard to manage. I've been trying to find some options for making this work better and I've come up with the following:
- log4net & Chainsaw (ah, if it works).
- Logging via log4net or another framework into a central database & rolling our own management tool.
- Logging to the Windows event log and using MOM or System Center Operations Manager to aggregate and manage each of these servers & their apps.
- A hand-rolled solution to suck all the log files into one point and work some magic across them.
Essentially what we are after is something which can pull log entries all together and allow for some analytics to be run across them, plus use a kind of event based system to, for example, send out a warning email when there have been 30+ warning level logs for an application in the last x minutes.
So is there anything I've missed, or something someone else can suggest?
Asked some time ago, but I think it is worth mentioning Splunk too http://www.splunk.com/
I've used it before and it is quite handy.
If you can, I'd recommend writing to the EventLog and creating rules in SCOM to monitor. We use this extensively and it works well, even to a point of putting together pieces of code which monitor certain elements of our apps and writing values to the event log, where SCOM parses for the errors, and graphs those, plus informational errors, into reports showing stats over a given time.
I am however quite keen on rewriting some that into WMI, and having SCOM poll the WMI service for those same counters, as writing queue lengths to event log every 15 minutes seems a little wasteful ;)
I'm using log4net and log4view (www.log4view.org). They have a TCP adapter that you can distribute as part of your application. You then use their client app to connect to your various applications and the log messages are displayed in real time.
It can monitor multiple logs at the same time - up to 255 if you but the commercial version (a measly $50).
It can also work with the RollingFileAppender.
They have a pretty powerful filtering UI so you can home in on what you want to look at.
We've used MOM with pretty good success since it handles the purging, viewing, and other concerns outside of data entry. The caveat to MOM is that it doesn't do *NIX out of the box(at least the version we have). There are connectors and such. Another option is look into LogLogic. This takes log info from network devices, but has an open web service API that you could tie into. MOM has APIs as well, so you could funnel down to something like LogLogic.
log4net is definitely the place to go for simple logging that outputs to the most common targets. log4net can log to windows eventlog as well as put messages out to db, email or file. It's fairly trivial to setup and the documentation is pretty good.
For log aggregation, Snare is a little old but worth mentioning.
Snare Agent for IIS Servers
I used this old version a long time ago and it worked well by forwarding/sending/replicating IIS logs over a network via syslog.
Today, they have a newer version called Snare Epilog
The code is also open source; you might want to give it a try.
Also, you could use something like ELMAH combined with the RSS/Email features to help notify and alert you of any critical issues.