LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

They should be paying attention to the lumberjack project

They should be paying attention to the lumberjack project

Posted Apr 14, 2012 23:38 UTC (Sat) by dlang (✭ supporter ✭, #313)
In reply to: They should be paying attention to the lumberjack project by dlang
Parent article: Toward more reliable logging

There appear to be a lot of people working on 'improved logging' nowdays that are not aware of what is currently available.

Besides the repeated statement that syslog does not support structured logging, there are a lot of features that people list and say "since syslog can't do this, we have to create a new logging infrastructure". Every list along these lines that I have seen has resulted in answers of "modern syslog daemons have supported items 1,2,3,4,5 for years, you can do #2 this way, we do something very similar to #6 already so it'll be implemented this weekend, and #7 is already on the roadmap but will take a little more time to get finished"

There are three modern syslog daemons that I am aware of, syslog-ng, rsyslog, and nxlog, all of these can do a lot of fancy stuff with logs (filtering, sending to multiple destinations, reformatting, inserting into databases, etc)

Anyone who is looking at doing a lot with logging should really look at these and see what they will do before going off and creating a new logging infrastructure.

(Log in to post comments)

They should be paying attention to the lumberjack project

Posted Apr 17, 2012 16:46 UTC (Tue) by k8to (subscriber, #15413) [Link]

Well, this is more about generating useful log messages, which is the application side. Handling those messages reasonably is the featureset you're referring to.

Although I think handling/transferring is really just the basic work, and where we are headed is to searching/reporting/alerting. Good logs and a good infrastructure that you feed them to can give you a very large amount of knowledge about your systems relatively easily.

They should be paying attention to the lumberjack project

Posted Apr 17, 2012 19:00 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]

Things work better if everyone generating structured messages use the same structure, otherwise you end up having to use heuristics to guess which structure the incoming log is in, and that path leads us right back the the current mess where every app (and frequently every log message in every app) defines it's own 'structure'.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds