Log management can turn out to be a complex and intimidating endeavour. Things are made somewhat simpler, thanks to the availability of high-quality log management systems but, to make things even simpler and remove much of the overhead of deploying and maintaining yet another system, many administrators and managers choose to turn to cloud logging service.
But just as there are many log management systems, there are lots of cloud logging services and picking the best one for your needs can be daunting. This is why in this article we’re happy to review some of the best cloud logging services.
We’ll start off by introducing log management and discuss some of the various logging technologies that are typically encountered. We’ll then talk about the differences between log servers, log management systems, and security information and event management systems. Next, we’ll discuss the advantages of using cloud logging services as compared to locally installed log management systems before we finally get to the best part, the review of some of the very best cloud logging services.
- 1 About Log Management?
- 2 What About SIEM?
- 3 The Advantages Of Cloud-Based Logging
- 4 The Best Cloud Logging Services
About Log Management?
Before we start discussing logging services, let’s first try to define what logging is. A log—which is also sometimes referred to as a log entry with the term log referring to where these entries are collected and stored—is the automatically-produced and time-stamped documentation of an event pertaining to a particular system. Whenever an event takes place on a system, a log is generated. Systems and devices will generate logs for different types of events and many of these will give administrators some degree of control over which events will generate a log and which won’t.
As for log management, It is the processes and policies used to administer and facilitate the generation, transmission, analysis, storage, archiving and eventual disposal of significant amounts of log data. Log management usually implies a centralized system where logs from multiple sources are collected. Log management is not just log collection, though. It is the management part which is the most important. Log management systems often have multiple functionalities, collecting logs being just one of them.
And finally, logging services refer to external providers where organizations can outsource their log management needs. They are cloud-based, software as a service (SaaS) type of business that you can use instead of locally installed log management infrastructures. There are several advantages to using logging services as we’ll see shortly. For now, just keep in mind that a logging service is nothing more than a cloud-based offsite log management system.
Once logs are received by the log management system, they must be standardized into a common form as different systems format logs differently and include different data. Some start a log with the date and time, some start it with an event number. Some only include an event ID while others include a full-text description of the event. One of the purposes of log management systems is to ensure that all collected log entries are stored in a uniform format, no matter where they come from. This will make event correlation and searching easier.
Talking about event correlation and searching, these are two very important functions of most log management systems or logging services. Some of them feature a powerful search engine that allows administrators to zero-in on precisely what they need. Correlation functions will automatically group related events, even if they are from different sources. How—but, more importantly, how successfully—different log management system accomplish that is a major differentiating factor.
RELATED: Best log management tools for Linux
Log management—both local and cloud-based—would be much more difficult, perhaps not even possible, if it were not for logging protocols. A few of them exist. They define what data is to be included in logs, how it should be formatted and, sometimes, how it is to be transmitted between systems.
Syslog is one of the most-used logging protocols, especially in the Linux/Unix world. The technology was invented in the early eighties and has become the de-facto standard for all Unix-like systems. It is also the technology that is typically favoured by most networking equipment manufacturers. One of its greatest assets is how it facilitates the separation between the system or software that generates logs, the system that stores them, and the software that reports and analyzes them. Using the Syslog technology makes log management much easier.
Other logging technologies are also commonly used. For instance, Windows uses a proprietary logging system. One reason for that is that Microsoft operating systems and applications generate logs that typically contain far more detailed information than the Syslog technology permits. Or course, any decent log management system or logging service will support multiple logging protocols and technologies transparently.
Whether you’re using a locally installed log management tool or a logging service, one of the most important deployment steps is configuring your devices to send their logs to the system. This is different from other types of tools such as network monitoring systems which can fetch data from the systems they monitor. This configuration is usually a relatively simple task which is often accomplished by issuing a simple command. Furthermore, most lo management systems and logging services will provide detailed instructions on how to do it.
Log Management vs Log Servers
Since it has been available on every Unix-like system for a while, Syslog is often used as a log server with one computer receiving Syslog data from several others. While this centralized storage of logs has definite advantages, it is not enough to be called log management.
True Log Management Systems must include at least some of the more advanced functions. According to Wikipedia, “log management is comprised of the following functions: log collection, centralized log aggregation, long-term log storage and retention, log rotation, log analysis, log search, and reporting”. On the other hand, log servers typically only offer the log collection and storage and nothing more.
ALSO READ: Best Log Monitoring tools for Assist You
What About SIEM?
Another popular technology that is associated with logs and often confused with log management is Security Information and Event Management, or SIEM. It is a closely related technology but it is slightly different from log management but the line between the two is so thin that they are often confused and some products advertised as log management systems are actually entry-level SIEM systems while some basic SIEM systems are nothing more than advanced log management systems.
This confusion stems from the fact that log analysis—a basic component of log management—is also a component of SIEM systems which are different in that they perform log analysis with the specific objective of identifying security issues. They will, for instance, look for signs of unsuccessful logins which could be a tell-tale sign of an unauthorized intrusion attempt. While some SIEM systems do include extensive log management features, others use an external log management system and it’s not uncommon to see both running side by side. If you have a SIEM system, you’ll want to pick a logging service which can work with it.
The Advantages Of Cloud-Based Logging
There are several advantages to using cloud-based logging services. They range from security to convenience and evergreening. Let’s dig deeper. One of the main advantages of cloud-based logging is security. Other than system errors and various issues, one of the primary reasons for logging is to keep a trace of all accesses to systems and data. This is particularly true when you are under attack from a hacker and analyzing logs is often one of the primary ways of detecting such attacks. Hackers know that and they will often try to cover their tracks by quickly erasing logs pertaining to their activity. With local logs, they often already have gained access to your environment so it can be relatively easy to make their presence disappear. With cloud logging, things are a bit harder for them. They’d first have to hack your logging provider to be able to delete their traces. And logging providers often have very high security.
The convenience factor is also important in the decision to use cloud logging services. First and foremost, everything is already installed. Once your account is configured, all you need is to configure your devices to send your logs to the provider. The system is always up to date, all necessary patches are always installed, you always have the latest version. We could go on forever with similar advantages.
Cost can also be a factor. Depending on your logging level, storing logs locally could end up taking up a lot of storage space and, as you know, storage space is expensive. Of course, cloud logging costs also increase as you use more storage but it tends to be a more flexible option.
The Best Cloud Logging Services
We’ve searched the market and found a few of the best logging services that are available. Their feature set varies widely and you should most definitely pay close attention to their detailed specifications before picking one over the other. As with most other systems, the best system will be the one which best matches your specific needs. Don’t hesitate to take advantage of the free trial offers as they’ll allow you to see first hand how each tool interacts with your environment.
1. SolarWinds Loggly (FREE TRIAL)
SolarWinds has become a household name among network administrators. It’s making some of the best tools for almost 20 years, bringing us a great bandwidth monitoring tool and one of the best NetFlow analyzers and collectors. The company product and services portfolio has greatly expanded in the last few years through the acquisition of several great products.
Loggly is one of these SolarWinds acquisitions. Primarily a log consolidator, it also offers log analysis functionality. As a virtue of being a cloud-based service, this system requires no installation and is ready to use the minute you subscribe. The only thing you have to do is configure your systems and devices to upload their logs to the online server.
SolarWinds Loggly converts the received log data into a standard format, thereby allowing its analyzer to process records from various sources and enabling events tracking and correlation across all systems, regardless of their operating system or logging technology. The sources of log data are not limited to your on-premises servers. The service is also capable of processing logs generated by cloud-hosted services such as Amazon’s AWS or Microsoft Azure and it can include messages created by specific applications such as Docker and Logstash, just to name a few.
The SolarWinds Loggly service is available under three different plans, with increasing data processing limits and retention times. You need to pick the right one to give you enough space for your log data. The entry-level plan is called Loggly Lite. It is free to use. Under this plan, you can upload 200 MB of log data per day and the system will retain each record for seven days. Next is the Standard plan which gives you an upload allowance of 1 GB per day and retains records for 30 days. Paid plans also let you use multiple user accounts. With the Standard package, you can have three user accounts. The top tier is called Loggly Enterprise. It has no limit to the number of users accounts you can set up and prices vary depending on the amount of upload capacity and the retention period that you require. Payment for all paid plans can be either monthly or annually and a free 14-day trial is available on the Standard plan.
2. SolarWinds Papertrail (FREE PLAN AVAILABLE)
Another relatively recent SolarWinds acquisition is Papertrail, a popular logging service. It aggregates log files from a wide variety of popular products like Apache or MySQL as well as Ruby on Rails apps, different cloud hosting services and other standard syslog and text-based log files. Papertrail users can then use the web-based search interface or command-line tools to search through these files to help diagnose various issues. The tool also integrates with other SolarWinds products such as Librato and Geckoboard for graphing results.
Papertrail is a cloud-based, software as a service (SaaS) offering from SolarWinds. Being cloud-based means that it will work fine with pretty much any environment. Easy to implement, use, and understand, the platform will give you instant visibility across all systems within minutes. Furthermore, the product has a very effective search engine that can search both stored and streaming logs. And it is lightning fast.
Papertrail is available under several plans including a free plan. It is somewhat limited, though, and only allows 100 MB of logs each month. It will, however, allow 16 GB of logs in the first month which is equivalent to giving you a free 30-day trial. Paid plans start at $7/month for 1GB/month of logs, 1 year of archive and 1 week of index. Noise filtering allows the tool to preserve data by not saving useless logs.
LogDNA claims to be “the fastest, most intuitive, and cost-effective log management system”. This is a bold statement but it tends to be true. Right from the start, the product’s installation only takes a couple of minutes before you can start collecting and monitoring logs. No matter how logs are generated and transmitted, hundreds of custom integration schemes are available within the product to help you centralize logs into a single location.
LogDNA is different from the previous entries as it is available in either a cloud-based service or a self-hosted software version, depending on your preference. It is a highly scalable product that can handle hundreds of thousands of logs per second and dozens of terabytes per day while offering the utmost security as well as real-time log analysis. Both the company and its products are SOC2, PCI, and HIPAA compliant as well as being Privacy Shield certified.
LogDNA’s simple pay-per-GB pricing model eliminates contracts and fixed data allocations, which makes for one of the lowest total cost of ownership of any paid log monitoring and management solution. Several subscription plans are available with increasing features. The bottom-tier plan is free and prices for the paid plans vary from $1.50/GB/month to $3/GB/month depending on the retention duration and the number of users. A free, full-featured and unlimited 14-day trial is also available.
4. Sumo Logic
Sumo Logic is our next contender in the cloud logging services arena. The product was created to aggregate large volumes of log data from pretty much any source. But gathering log data is only the beginning. The service can also help you use the collected data to monitor performance, improve applications, and potentially even address security issues and compliance.
Sumo Logic‘s next-generation log management and machine data analytics service delivers actionable insights into application and infrastructure operations while dramatically reducing complexity and cost. Sumo Logic claims to deliver the only cloud-native, real-time machine data analytics platform that provides continuous intelligence.
Sumo Logic is available under three different plans. There’s the free plan which is targeting individuals and teams looking to try out Sumo Logic for smaller projects, for an unlimited period of time. Next is the Professional plan at $90/month per 1GB average daily log data. And at the top, you have the full-featured Enterprise plan at $150/month per 1GB average daily log data. Note that a 30-day trial is available on both paid plans.
Last on our list is Datadog, a hybrid cloud logging tool which can help you pull together the metrics you need and give you enhanced visibility over your environment. One of the tool’s best features is its dynamic indexing policies. They make it a lot easier and quicker to inspect and manage high volumes of logs.
Although Datadog is primarily intended for development and operations teams that are getting applications ready for market, it is also an excellent service to use for log monitoring of typical business environments. One of the product’s drawbacks, according to some of its users is how initial setup can get complicated. But as long as you set your expectations right and don’t plan on starting to use the service minutes after starting, you should be okay. No matter what and despite its minor quirks, this is a great, dependable solution.
Datalog offers infrastructure monitoring as well as application performance monitoring in addition to log management services. The log management component is competitively priced and comes in three flavours. $1.91/month per million log event will give you 7 days data retention, $2.55/month per million log events brings retention up to 15 days while the top tier, at $375/month per million log event has a retention time of 30 days. These prices are considerably cheaper when you choose yearly billing and a 30-day free trial is also available.