| SPDX-FileCopyrightText | SPDX-License-Identifier | title | author | footer | description | keywords | color | class | style | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
© 2024 Menacit AB <[email protected]> |
CC-BY-SA-4.0 |
Logging course: Course recap |
Joel Rangsmo <[email protected]> |
© Course authors (CC BY-SA 4.0) |
Recap of material covered in logging course |
|
#ffffff |
|
section.center {
text-align: center;
}
table strong {
color: #d63030;
}
table em {
color: #2ce172;
}
|
- Ingestion amount
- Availability requirements
- Use-cases and intended end-users
- Hosting and sovereignty
- Support/Competence needs
- Security and access control
Most solutions available utilize "push-based" collection and centralized parsing.
Index-time parsing helps query performance, but increases onboarding and storage costs*.
Search-time parsing adds a per-query cost but increases flexibility and lowers storage costs.
Storing log data using time-based, volume-based or capacity-based retention strategies.
Optimizing cost/performance using hot, warm, cold, frozen storage tiers.
Scaling our logging capabilities using selective forwarding or federated/cross-cluster querying.
Many laws and compliance frameworks require us to log and monitor sensitive activity.
Some also prevents/restricts logging.
Some example approaches are...
- Confidentiality: Hardening, pseudonymization
- Integrity: Forwarding, append-only storage
- Availability: Replication, offline backups
Let's continue, shall we?
