Welcome!

Microservices Expo Authors: Flint Brenton, Jason Bloomberg, Karthick Viswanathan, Elizabeth White, Mehdi Daoudi

Related Topics: Microservices Expo, Java IoT, Industrial IoT, Agile Computing, @CloudExpo, @BigDataExpo

Microservices Expo: Article

In Defense of the Agent

They're not all bad...

Last week we published an article entitled 'Log Management 101 - Where Do Logs Come From?' to which one of our more witty readers retorted:

"Sometimes a server and an app love each other very very much..."  :-)

Screen Shot 2013-12-10 at 6.07.50 AM

The article covered some of the basics around collecting log data from various parts of the stack as shown here.

Application_Stack_Graphic

In short these fall into the following categories:

  • Libraries for common languages and frameworks - Allowing you to log directly from your application source code.
  • Collector agents - Usually built for common operating systems, agents will collect data from your file system in real time and forward it on to a third party service.
  • Syslog - Ships out of the box on all Linux and Unix distros and is commonly supported by devices such as routers and switches. It comes in a number of flavors (rsyslogsyslogdsyslog-ng...), with some more capable that others.

Over the coming weeks we'll be diving into these different options in more detail explaining the pros and cons and best practices around using these. This week we've decide to look at agents.

In Defense of the Agent
While some providers tout the evils of running agents on your system and can oft be heard shouting, "no agents here!!!", we prefer to keep an open mind at Logentries. We'd rather not dictate to our community what approach to take when collecting log data nor do we try to prescribe what's best for you - rather, we'd prefer to give you the different options and allow you to make that decision for yourself.

That being said, like most things in life, agents have their pros and cons. They are certainly not a silver bullet, but they do have their advantages in certain scenarios.

We Want Agents
The two main advantages of using an agent to forward your log data are (1) quick setup and (2) additional functionality.

Having the option to get setup with new tools and technologies quickly is important. It's often overlooked by providers, but it adds great value for users and, in my opinion, it is a critical component of a service that strives to provide a low barrier of entry to the wider community. From our many conversations with users over the past few years we have found that they do not have a lot of time when it comes to evaluating new tools and technologies. Having the ability to get setup and using features quickly is a must for many of them. I can certainly relate to this, even when I was completing my PhD - where I researched and built performance profiling tools for a living - I had a rule of thumb whereby if configuring a profiler took more than 10 minutes I usually just moved on. I generally had something more important to be doing that forced this - and that was in an academic setting where time could move more slowly than in the commercial world :) In the commercial world people usually have smaller time windows to work in.

Well built and documented agents should allow you to get up and running quickly. For example the Logentries agent can get you up and running within 60 seconds with a single command. It works as follows:

  • Copy and paste our single line instruction from our quick start guide to your terminal
  • The agent will be downloaded and installed
    • You will be asked for your Logentries credentials.
    • The install process will automatically find standard logs on your system and configure them to send data to your Logentries account.
    • The install process will automatically send some sample log events into your account to (1) make sure you have connected to our service and (2) to give you some data to play with so you can immediately play with our features without having to generate log data from your system.
    • The install process will automatically configure some sample tags and reports so you can immediately see the value of being able to highlight important events, creating alerts and building reports.

The alternative to the above is configuring syslog (which often assumes a level of understanding for syslog), where its config files live, and how to go about editing them. While this can also be documented (and we have been making our syslog process easier and easier to follow) we find that you can get more easily get tripped up, especially when there are lots of different flavous and versions of syslog. This can be particularly painstaking if you are running some outdated version where instructions or config formats can differ ever so slightly. Syslog can also be a challenge if you want to collect data from non-syslog log files that do not live in the /var/log folder.

Furthermore, if you are living in the Windows world, syslog is not going to be an option (well not out of the box anyway...you can always download and configure Snare - the windows equivalent of syslog). If you fall into this category you will likely require an agent to be able to start collecting your logs without a major time investment.

The second main advantage of agents is that they can come with additional functionality. For example the Logentries agent also provides for the following:

  • Data filtering - This can be important if you have sensitive data in your logs. The Logentries agent has a filtering component that can be configured to cleanse your data and to strip out any private information before it leaves your network.
  • A command line interface - Traditionally Sysadmins and devs worked with their logs on the command line with a combination of commands like tail -f, grep, awk, etc. So it makes sense that from time to time you may want to reuse some of these old skills even if you are using a log management tool with nice browser-based functionality (e.g. search, tagging, alerts, reports ...). The Logentries agent gives you command line access to all your logs contained within your account. For example you can easily search, export and filer data from your Logentries account via the CLI - you can also navigate your account and list your logs as if you are navigating your file system.

No Agents Here
The most common reasons for not using agents are:

  • Maintenance - If you have a large environment with 100's of server instances, the thought of installing/updating/patching another piece of code might be undesirable. This may especially be the case if your systems already ship with syslog. That being said, if you do have such a large environment, you are likely automating deployment through something like Chef or Puppet and so this may be less of an issue. Agents thus need to provide for a silent install so that they can be deployed en masse. Furthermore, if the agent is properly managed and maintained (e.g. though the various *nix package managers - as is the case with the Logentries agent) updating your agent to new versions will be fairly seamless and will happen along with the rest of your updates.
  • Trust - Running someone else's code on your system takes a level of trust. You need to know that it has been well written and isn't going to kill performance or have any major security holes. To help alleviate any concerns however, we have open sourced the Logentries agent so that you can view our code, and even modify it if you so wish. Although it is understandable if you do not have the time (or inclination) to spend reviewing our agent code base :) Furthermore, in some cases, using an agent is just not going to be an option (perhaps due to strict security policies or hard performance constraints). Again this is where syslog may be more of a known and trusted quantity.

In summary agents are not necessarily good or bad, they are not perfect, nor are they evil :) Like most of us, they have their good point and bad points.

This article originally posted on the Logentries blog.

Logentries_Try_It_Free_Promo_W

More Stories By Trevor Parsons

Trevor Parsons is Chief Scientist and Co-founder of Logentries. Trevor has over 10 years experience in enterprise software and, in particular, has specialized in developing enterprise monitoring and performance tools for distributed systems. He is also a research fellow at the Performance Engineering Lab Research Group and was formerly a Scientist at the IBM Center for Advanced Studies. Trevor holds a PhD from University College Dublin, Ireland.

@MicroservicesExpo Stories
The nature of the technology business is forward-thinking. It focuses on the future and what’s coming next. Innovations and creativity in our world of software development strive to improve the status quo and increase customer satisfaction through speed and increased connectivity. Yet, while it's exciting to see enterprises embrace new ways of thinking and advance their processes with cutting edge technology, it rarely happens rapidly or even simultaneously across all industries.
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
These days, APIs have become an integral part of the digital transformation journey for all enterprises. Every digital innovation story is connected to APIs . But have you ever pondered over to know what are the source of these APIs? Let me explain - APIs sources can be varied, internal or external, solving different purposes, but mostly categorized into the following two categories. Data lakes is a term used to represent disconnected but relevant data that are used by various business units wit...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
Many organizations adopt DevOps to reduce cycle times and deliver software faster; some take on DevOps to drive higher quality and better end-user experience; others look to DevOps for a clearer line-of-sight to customers to drive better business impacts. In truth, these three foundations go together. In this power panel at @DevOpsSummit 21st Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, industry experts will discuss how leading organizations build application success from all...
‘Trend’ is a pretty common business term, but its definition tends to vary by industry. In performance monitoring, trend, or trend shift, is a key metric that is used to indicate change. Change is inevitable. Today’s websites must frequently update and change to keep up with competition and attract new users, but such changes can have a negative impact on the user experience if not managed properly. The dynamic nature of the Internet makes it necessary to constantly monitor different metrics. O...
The last two years has seen discussions about cloud computing evolve from the public / private / hybrid split to the reality that most enterprises will be creating a complex, multi-cloud strategy. Companies are wary of committing all of their resources to a single cloud, and instead are choosing to spread the risk – and the benefits – of cloud computing across multiple providers and internal infrastructures, as they follow their business needs. Will this approach be successful? How large is the ...
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
With the rise of DevOps, containers are at the brink of becoming a pervasive technology in Enterprise IT to accelerate application delivery for the business. When it comes to adopting containers in the enterprise, security is the highest adoption barrier. Is your organization ready to address the security risks with containers for your DevOps environment? In his session at @DevOpsSummit at 21st Cloud Expo, Chris Van Tuin, Chief Technologist, NA West at Red Hat, will discuss: The top security r...
"NetApp's vision is how we help organizations manage data - delivering the right data in the right place, in the right time, to the people who need it, and doing it agnostic to what the platform is," explained Josh Atwell, Developer Advocate for NetApp, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
Today companies are looking to achieve cloud-first digital agility to reduce time-to-market, optimize utilization of resources, and rapidly deliver disruptive business solutions. However, leveraging the benefits of cloud deployments can be complicated for companies with extensive legacy computing environments. In his session at 21st Cloud Expo, Craig Sproule, founder and CEO of Metavine, will outline the challenges enterprises face in migrating legacy solutions to the cloud. He will also prese...
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...