{"id":19845,"date":"2015-05-24T01:00:04","date_gmt":"2015-05-23T19:30:04","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=19845"},"modified":"2016-12-19T15:07:34","modified_gmt":"2016-12-19T09:37:34","slug":"autoscaling-environment-log-collection-using-logentries","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/autoscaling-environment-log-collection-using-logentries\/","title":{"rendered":"Autoscaling Environment Logs Collection using LogEntries"},"content":{"rendered":"<h3 style=\"text-align: justify;color: #ff9900\"><span style=\"color: #ff9900\">LogEntries<\/span><\/h3>\n<p>Managing log data across large autoscaling environments can be a time-consuming and expensive job. Logentries has designed a scalable service that dynamically supports autoscaling environment as log volumes expand and change dynamically. By centralizing all logs across distributed instances into one secure location, we can efficiently monitor and track log events in real time, without complex configurations i.e. <strong><br \/>\n<\/strong><\/p>\n<h3><span style=\"color: #ff9900\">autoscaling environment logs collection using LogEntries.<\/span><\/h3>\n<h3 style=\"text-align: justify;color: #ff9900\"><span style=\"color: #ff9900\">Use Case<\/span><\/h3>\n<p><span style=\"color: #000000\">We have instances brought up as cloned instances in our production environment. In our case, we can use the Agent and <\/span>it&#8217;s<span style=\"color: #000000\"> configuration file as this would enable us to continue logging to Logentries and continue logging to the same logs without creating any orphaned logs.<\/span><\/p>\n<h3 style=\"text-align: justify;color: #ff9900\"><span style=\"color: #ff9900\">Config File<\/span><\/h3>\n<p>The agent stores configuration in ~\/.le\/config for ordinary users and in \/etc\/le\/config for root (daemon). It is created with init or reinit commands and can be created or modified manually.<\/p>\n<h3 style=\"text-align: justify;color: #ff8000\"><span style=\"color: #ff9900\">There are two ways to follow logs:<\/span><\/h3>\n<p>1)Follow log files through server-side configuration<br \/>\n2)<span style=\"color: #000000\">Follow log files through your configuration file<\/span><\/p>\n<p>We would be using the second way &amp; the configure file will be like this:<\/p>\n<p>[js][Main]<br \/>\nuser-key = ACCOUNT-KEY<br \/>\npull-server-side-config = False<\/p>\n<p>[Syslog]<br \/>\npath = \/var\/log\/syslog<br \/>\ndestination = Production\/Syslog<\/p>\n<p>[Auth]<br \/>\npath = \/var\/log\/auth.log<br \/>\ndestination = Production\/Auth<\/p>\n<p>[Boot]<br \/>\npath = \/var\/log\/boot.log<br \/>\ndestination = Production\/Boot[\/js]<\/p>\n<p style=\"text-align: justify;color: #0000ff\">Simply paste this into the file \/etc\/le\/config.<\/p>\n<p><span style=\"color: #000000\">This configuration tells the Agent to follow Syslog, auth.log and boot.log and to send their contents to a Log set called Production, each log will be sent to a log inside that log set. If the destination exists then we reuse the token that exists for that Log in Logentries, if it does not exist then the Agent will create a new Log set called Production and a new log.<\/span><\/p>\n<p><span style=\"color: #000000\">If we\u00a0use the config as described below and reuse it across your environments then it will not create a new <span class=\"il\">log<\/span> set. If we want to have three <span class=\"il\">Log<\/span> Sets in our Account such as Production, Staging, Development then you would need three separate configuration files that would be used on each of those environments.<\/span><\/p>\n<p><span style=\"color: #000000\">*For example if we had three Production servers we could use the same Production configuration file (like below) in all three of those servers. The Agent will tag each <span class=\"il\">log\u00a0<\/span>message with the hostname so you will be able to identify where the logs originated from as well.<\/span><\/p>\n<h3 style=\"text-align: justify;color: #ff9900\"><span style=\"color: #ff9900\">Installing LogEntries<\/span><\/h3>\n<p>On an Ubuntu instance our installation commands would be the following:<\/p>\n<p>[js]#!\/bin\/bash<br \/>\nsudo echo &#8216;deb http:\/\/rep.logentries.com\/ trusty main&#8217; &amp;gt; \/etc\/apt\/sources.list.d\/logentries.list<br \/>\nsudo gpg &#8211;keyserver pgp.mit.edu &#8211;recv-keys C43C79AD &amp;amp;&amp;amp; gpg -a &#8211;export C43C79AD | apt-key add &#8211;<br \/>\nsudo apt-get update<br \/>\nsudo apt-get install logentries -y<br \/>\nsudo mkdir \/etc\/le<br \/>\ncd \/etc\/le\/<br \/>\nsudo wget<br \/>\nsudo apt-get install logentries-daemon[\/js]<\/p>\n<p style=\"text-align: justify;color: #0000ff\">* We are fetching the config file from s3 bucket &#8220;logentries&#8221;<\/p>\n<p>We will get the logs in our LogEntries account as follows:<br \/>\n<a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/05\/LE.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-19875\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/05\/LE.png\" alt=\"LE\" width=\"1366\" height=\"768\" \/><\/a><\/p>\n<h3 style=\"text-align: justify;color: #ff9900\"><span style=\"color: #ff9900\">Autoscaling the setup<\/span><\/h3>\n<p>We will make AMI of the above set up the server and we can use it to form a launch configuration for an autoscaling environment. Now the servers coming up in the autoscaling environment will be using the same config file and environment and thus will be sending their logs to the desired destination in our log entries account.<\/p>\n<p>This is how the LogEntries screen will look like, where we can further do the following:<\/p>\n<p style=\"text-align: justify;color: #0000ff\">&#8211; Tagging the logs<br \/>\n&#8211; SettinG Alerts on Logs including inactivity alert<br \/>\n&#8211; Graphical representation and analysis of logs<br \/>\n&#8211; Performing search on logs using Regular Expressions<\/p>\n","protected":false},"excerpt":{"rendered":"<p>LogEntries Managing log data across large autoscaling environments can be a time-consuming and expensive job. Logentries has designed a scalable service that dynamically supports autoscaling environment as log volumes expand and change dynamically. By centralizing all logs across distributed instances into one secure location, we can efficiently monitor and track log events in real time, [&hellip;]<\/p>\n","protected":false},"author":166,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":2},"categories":[1174],"tags":[1217,1784,1787,561,1783,1782,1785,1786],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/19845"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=19845"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/19845\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=19845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=19845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=19845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}