Czanik@BalaBit

Cloud and Software as a Service are two very important words in IT recently. They are made possible by the Internet, which is getting faster every day. This can also be utilized for syslog messages: as a pioneer in this field, Loggly ( http://loggly.com/ ) created “Logging as a Service”. I tested in the past few days and would like to share my experiences.

While there are already a few cloud logging services under development, Loggly’s is the first, which is actually open for use. I tested the free developer account, which has some limitations on daily log amount, archival time and there is no encryption, but was perfect for my purposes.

From registering at https://www.loggly.com/signup/ to run my first queries on my logs, only a few minutes passed. After filling my details in the form I was greeted by a welcome e-mail and my account was ready to get started. I logged in and set it up in a wizard like interface. I also got instructions how to configure syslog-ng to send logs to the cloud. There was only a minor setting to change: my configuration used a different source name than the generated example, so I had to adjust it after copy & paste from the wizard.

The user interface is for modern geeks. It’s a web interface, but actually a command line. It’s very easy to search for information from logs, and create graphs. After a few days of collecting logs, I could create a nice graph from DHCP requests. One can see, that at the weekend the building is almost empty. Most traffic is on Monday

Their search interface is lacking just one important syslog related feature: searching based on facility or priority. It’s on the roadmap, so I hope to see it soon…

One can send logs also using the HTTP protocol. Loggly has an easy to use API to send logs and query resources. I did a few tests from a browser and from the command line, and it worked nicely. For more details on the API and how the Loggly cloud works, see the documentation at http://wiki.loggly.com/