Central Logging


The classical way you'd implement this is via a tiered system.

Log Shipper --\                   /--> Log Parser --\
Log Shipper ---+--> Log Broker --+---> Log Parser ---+--> Log Storage  <-- Log Visualiser 
Log Shipper --/                   \--> Log Parser --/

However, the modern way is to use a distributed system approach. You distribute the parsing load amongst the clients, and give them the smarts to connect to storage directly 

Log Parser Shipper --\ /-- Log Storage <-\
Log Parser Shipper ---+--- Log Storage <--+-  Visualiser 
Log Parser Shipper --/ \-- Log Storage <-/

ELK (Elasticsearch Logstashand Kibana) is a good example. .

Logstash --\ /-- Elasticsearch <-\
Logstash ---+--- Elasticsearch <--+-  Kibana 
Logstash --/ \-- Elasticsearch <-/

If you a thin client or micro instance (or  windows), you'll want to deploy a log shipper, as logstash can use a noticeable amount of memory (especially on windows) and you may not want to deploy java everywhere.

However, as nxlog doesn't speak to elasticsearch you'll still need a broker and Logstash works well for that.

nxlog --\   
nxlog ---+--> Logstash ->  Elasticsearch <-- Kibana
nxlog --/ 

Subpages (2): ELK Stack NXLOG
Comments