Best platform for self-hosted logs?
Best platform for self-hosted logs?
BLUF: Is there a "datadog-for-home"?
I've a ton of stuff running at home ranging from a 5-node PI cluster with various containers running on them including things like self-written python scripts doing "super important" stuff, node-red running everything about my energy setup, pfsense, TrueNAS etc.
Logging is painful and I've just lost about 4 hours trying to find a fault which stopped car charging. Lots of rabbit holes were entered as I currently don't have an end-to-end logging solution.
What does everyone else use?
I tried some tools and the one that I am currently using is OpenObserve, it's light has a very good compression and is simple to manage, as an observability platform I think that open observe has some features that can be used instead of datadog like log injestion and open telemetry traces
1Also using Graylog, dead simple to set up with rsyslog and at work we even use the sidecar for window logs.
1Try BlackESK https://github.com/amitn322/blackesk
1Splunk
1Anyone else looking at openobserve. Looks OK for homelab, but not really stable
1What do you mean by not stable? It's in use in production by hundreds of organizations.
1They state in their documentation that the software is alpha (https://openobserve.ai/docs/ OpenObserve is currently in alpha, but don't let that stop you from trying it out.) . To be honest I didn't bother to investigate why ingesting data stops working after a few days, might be my installation then.
I'm very curious which organisation uses alpha software in production
1
Just write your logs as files on a centralized syslog server with good file structure and you'll be good.
You may really underestimate how fast and convenient grep+less combo is in comparison to webui-based solutions.
1s/grep/ripgrep 😉
1
It's a hybrid solution but I prefer putting my logs with an S3 provider, it's just cheap storage that I don't have to care about. And there are a lot of tools to do it with, like loki for example.
1Another vote for graylog, runs well with opensearch instead of elastic.
1I use the ELK stack (Elasticsearch, Kibana, Beats)
1https://github.com/openobserve/openobserve . Built in rust - No JVM. Much lighter than the alternatives mentioned here and with extremely good UI. Beautiful dashboards. Could even run on raspberry pi.
1Graylog
1A simple syslog server is ready.
Look into ELK stack. I personally hate it but if you can learn it there's a chance you can build a career on it.
1Anyone here got a solution working in Unraid? I looked into this recently but got a bit stuck.
1Depending on your existing monitoring stack, some options might be:
- Grafana Loki
- Sentry can be self-hosted for application logging
- Logstash is self-explanatory, use with other parts of Elastic's software like Kibana for visualization.
1ELK
1Dozzle may be a bit basic for your needs, but it could be one tool in your toolbox.
1You can also view application logs with Dozzle in addition to container logs.
1Dozzle is fantastic!
1
Loki to Grafana.
1Opted for loki since it allows using the same interface for multiple purposes
1I like Grafana/Loki/promtail etc.
But Datalust Seq is also nice.
Graylog can do a lot but its too bloated and too hungry for my taste (damn elasticsearch).
1OneUptime.com - looks like they have it on the roadmap to launch by Q4 of this year.
1I come from a Cybersecurity background which might explain my answer: Security Onion had proven adept at cross referencing logs and pcaps which is pretty awesome for troubleshooting
And +1 for Dozzle to see real-time Docker logs.
1For most self hosted use cases Splunk's free 500MB (per day) license should be enough. It's way easier to set up and maintain than ELK and has tons of free extensions for parsing log formats and dashboards.
1I considered it, seems nice.
Problem is that they recommend a 12 physical cores and 12GB which is a waste for the usual selfhosted lab.
1I ran it on a VM with 2 cores tops and a couple of GB of RAM for about 50MB of logs per day.
1