This was actually a bumper sticker that came as swag from a logging software company that sat on a coworker’s desk for more than a year—no one really did love logs enough to put it on his car. Logging is one of those necessary evils that exist in a network. Monitoring logs is essential to maintaining high availability in the network, but without proper planning and design of a logging system, it can quickly become a bane of those running the network.
In looking at developing a logging posture that enables increased high availability in your network, it is important to understand the basics of logging and how a little planning can make logging not only more efficient, but also far more effective in achieving your goals of high availability.
From its start in the early 1980s to its eventual formalization in 2001 to the current day, syslog has been the standard on which many network monitoring solutions are built. The flexibility and ubiquity of the protocol have allowed networking device makers and operating system manufacturers to create frameworks with which to transmit the minutest events occurring on their systems.
In its most simplistic terms, the syslog protocol provides a transport to allow a machine to send event notification messages across IP networks to event message collectors, also known as syslog servers. Since each process, application, and operating system was written somewhat independently, there is little uniformity to the content of syslog ...