Welcome!

Microservices Expo Authors: Stackify Blog, Aruna Ravichandran, Dalibor Siroky, Kevin Jackson, PagerDuty Blog

Related Topics: Microservices Expo, Java IoT, Industrial IoT, Agile Computing, @CloudExpo, @DXWorldExpo

Microservices Expo: Article

In Defense of the Agent

They're not all bad...

Last week we published an article entitled 'Log Management 101 - Where Do Logs Come From?' to which one of our more witty readers retorted:

"Sometimes a server and an app love each other very very much..."  :-)

Screen Shot 2013-12-10 at 6.07.50 AM

The article covered some of the basics around collecting log data from various parts of the stack as shown here.

Application_Stack_Graphic

In short these fall into the following categories:

  • Libraries for common languages and frameworks - Allowing you to log directly from your application source code.
  • Collector agents - Usually built for common operating systems, agents will collect data from your file system in real time and forward it on to a third party service.
  • Syslog - Ships out of the box on all Linux and Unix distros and is commonly supported by devices such as routers and switches. It comes in a number of flavors (rsyslogsyslogdsyslog-ng...), with some more capable that others.

Over the coming weeks we'll be diving into these different options in more detail explaining the pros and cons and best practices around using these. This week we've decide to look at agents.

In Defense of the Agent
While some providers tout the evils of running agents on your system and can oft be heard shouting, "no agents here!!!", we prefer to keep an open mind at Logentries. We'd rather not dictate to our community what approach to take when collecting log data nor do we try to prescribe what's best for you - rather, we'd prefer to give you the different options and allow you to make that decision for yourself.

That being said, like most things in life, agents have their pros and cons. They are certainly not a silver bullet, but they do have their advantages in certain scenarios.

We Want Agents
The two main advantages of using an agent to forward your log data are (1) quick setup and (2) additional functionality.

Having the option to get setup with new tools and technologies quickly is important. It's often overlooked by providers, but it adds great value for users and, in my opinion, it is a critical component of a service that strives to provide a low barrier of entry to the wider community. From our many conversations with users over the past few years we have found that they do not have a lot of time when it comes to evaluating new tools and technologies. Having the ability to get setup and using features quickly is a must for many of them. I can certainly relate to this, even when I was completing my PhD - where I researched and built performance profiling tools for a living - I had a rule of thumb whereby if configuring a profiler took more than 10 minutes I usually just moved on. I generally had something more important to be doing that forced this - and that was in an academic setting where time could move more slowly than in the commercial world :) In the commercial world people usually have smaller time windows to work in.

Well built and documented agents should allow you to get up and running quickly. For example the Logentries agent can get you up and running within 60 seconds with a single command. It works as follows:

  • Copy and paste our single line instruction from our quick start guide to your terminal
  • The agent will be downloaded and installed
    • You will be asked for your Logentries credentials.
    • The install process will automatically find standard logs on your system and configure them to send data to your Logentries account.
    • The install process will automatically send some sample log events into your account to (1) make sure you have connected to our service and (2) to give you some data to play with so you can immediately play with our features without having to generate log data from your system.
    • The install process will automatically configure some sample tags and reports so you can immediately see the value of being able to highlight important events, creating alerts and building reports.

The alternative to the above is configuring syslog (which often assumes a level of understanding for syslog), where its config files live, and how to go about editing them. While this can also be documented (and we have been making our syslog process easier and easier to follow) we find that you can get more easily get tripped up, especially when there are lots of different flavous and versions of syslog. This can be particularly painstaking if you are running some outdated version where instructions or config formats can differ ever so slightly. Syslog can also be a challenge if you want to collect data from non-syslog log files that do not live in the /var/log folder.

Furthermore, if you are living in the Windows world, syslog is not going to be an option (well not out of the box anyway...you can always download and configure Snare - the windows equivalent of syslog). If you fall into this category you will likely require an agent to be able to start collecting your logs without a major time investment.

The second main advantage of agents is that they can come with additional functionality. For example the Logentries agent also provides for the following:

  • Data filtering - This can be important if you have sensitive data in your logs. The Logentries agent has a filtering component that can be configured to cleanse your data and to strip out any private information before it leaves your network.
  • A command line interface - Traditionally Sysadmins and devs worked with their logs on the command line with a combination of commands like tail -f, grep, awk, etc. So it makes sense that from time to time you may want to reuse some of these old skills even if you are using a log management tool with nice browser-based functionality (e.g. search, tagging, alerts, reports ...). The Logentries agent gives you command line access to all your logs contained within your account. For example you can easily search, export and filer data from your Logentries account via the CLI - you can also navigate your account and list your logs as if you are navigating your file system.

No Agents Here
The most common reasons for not using agents are:

  • Maintenance - If you have a large environment with 100's of server instances, the thought of installing/updating/patching another piece of code might be undesirable. This may especially be the case if your systems already ship with syslog. That being said, if you do have such a large environment, you are likely automating deployment through something like Chef or Puppet and so this may be less of an issue. Agents thus need to provide for a silent install so that they can be deployed en masse. Furthermore, if the agent is properly managed and maintained (e.g. though the various *nix package managers - as is the case with the Logentries agent) updating your agent to new versions will be fairly seamless and will happen along with the rest of your updates.
  • Trust - Running someone else's code on your system takes a level of trust. You need to know that it has been well written and isn't going to kill performance or have any major security holes. To help alleviate any concerns however, we have open sourced the Logentries agent so that you can view our code, and even modify it if you so wish. Although it is understandable if you do not have the time (or inclination) to spend reviewing our agent code base :) Furthermore, in some cases, using an agent is just not going to be an option (perhaps due to strict security policies or hard performance constraints). Again this is where syslog may be more of a known and trusted quantity.

In summary agents are not necessarily good or bad, they are not perfect, nor are they evil :) Like most of us, they have their good point and bad points.

This article originally posted on the Logentries blog.

Logentries_Try_It_Free_Promo_W

More Stories By Trevor Parsons

Trevor Parsons is Chief Scientist and Co-founder of Logentries. Trevor has over 10 years experience in enterprise software and, in particular, has specialized in developing enterprise monitoring and performance tools for distributed systems. He is also a research fellow at the Performance Engineering Lab Research Group and was formerly a Scientist at the IBM Center for Advanced Studies. Trevor holds a PhD from University College Dublin, Ireland.

@MicroservicesExpo Stories
The nature of test environments is inherently temporary—you set up an environment, run through an automated test suite, and then tear down the environment. If you can reduce the cycle time for this process down to hours or minutes, then you may be able to cut your test environment budgets considerably. The impact of cloud adoption on test environments is a valuable advancement in both cost savings and agility. The on-demand model takes advantage of public cloud APIs requiring only payment for t...
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, discussed how by using ne...
Many enterprise and government IT organizations are realizing the benefits of cloud computing by extending IT delivery and management processes across private and public cloud services. But they are often challenged with balancing the need for centralized cloud governance without stifling user-driven innovation. This strategy requires an approach that fundamentally reshapes how IT is delivered today, shifting the focus from infrastructure to services aggregation, and mixing and matching the bes...
"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in order to enable customers to go all the way from planning to development to testing down to release into the operations," explained Aruna Ravichandran, Vice President of Global Marketing and Strategy at CA Technologies, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
While we understand Agile as a means to accelerate innovation, manage uncertainty and cope with ambiguity, many are inclined to think that it conflicts with the objectives of traditional engineering projects, such as building a highway, skyscraper or power plant. These are plan-driven and predictive projects that seek to avoid any uncertainty. This type of thinking, however, is short-sighted. Agile approaches are valuable in controlling uncertainty because they constrain the complexity that ste...
Cavirin Systems has just announced C2, a SaaS offering designed to bring continuous security assessment and remediation to hybrid environments, containers, and data centers. Cavirin C2 is deployed within Amazon Web Services (AWS) and features a flexible licensing model for easy scalability and clear pay-as-you-go pricing. Although native to AWS, it also supports assessment and remediation of virtual or container instances within Microsoft Azure, Google Cloud Platform (GCP), or on-premise. By dr...
"This all sounds great. But it's just not realistic." This is what a group of five senior IT executives told me during a workshop I held not long ago. We were working through an exercise on the organizational characteristics necessary to successfully execute a digital transformation, and the group was doing their ‘readout.' The executives loved everything we discussed and agreed that if such an environment existed, it would make transformation much easier. They just didn't believe it was reali...
"We're developing a software that is based on the cloud environment and we are providing those services to corporations and the general public," explained Seungmin Kim, CEO/CTO of SM Systems Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
It’s “time to move on from DevOps and continuous delivery.” This was the provocative title of a recent article in ZDNet, in which Kelsey Hightower, staff developer advocate at Google Cloud Platform, suggested that “software shops should have put these concepts into action years ago.” Reading articles like this or listening to talks at most DevOps conferences might make you think that we’re entering a post-DevOps world. But vast numbers of organizations still struggle to start and drive transfo...
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
The cloud revolution in enterprises has very clearly crossed the phase of proof-of-concepts into a truly mainstream adoption. One of most popular enterprise-wide initiatives currently going on are “cloud migration” programs of some kind or another. Finding business value for these programs is not hard to fathom – they include hyperelasticity in infrastructure consumption, subscription based models, and agility derived from rapid speed of deployment of applications. These factors will continue to...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...
Let's do a visualization exercise. Imagine it's December 31, 2018, and you're ringing in the New Year with your friends and family. You think back on everything that you accomplished in the last year: your company's revenue is through the roof thanks to the success of your product, and you were promoted to Lead Developer. 2019 is poised to be an even bigger year for your company because you have the tools and insight to scale as quickly as demand requires. You're a happy human, and it's not just...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...
DevOps teams have more on their plate than ever. As infrastructure needs grow, so does the time required to ensure that everything's running smoothly. This makes automation crucial - especially in the server and network monitoring world. Server monitoring tools can save teams time by automating server management and providing real-time performance updates. As budgets reset for the New Year, there is no better time to implement a new server monitoring tool (or re-evaluate your current solution)....
We just came off of a review of a product that handles both containers and virtual machines in the same interface. Under the covers, implementation of containers defaults to LXC, though recently Docker support was added. When reading online, or searching for information, increasingly we see “Container Management” products listed as competitors to Docker, when in reality things like Rocket, LXC/LXD, and Virtualization are Dockers competitors. After doing some looking around, we have decided tha...
"Opsani helps the enterprise adopt containers, help them move their infrastructure into this modern world of DevOps, accelerate the delivery of new features into production, and really get them going on the container path," explained Ross Schibler, CEO of Opsani, and Peter Nickolov, CTO of Opsani, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
The benefits of automation are well documented; it increases productivity, cuts cost and minimizes errors. It eliminates repetitive manual tasks, freeing us up to be more innovative. By that logic, surely, we should automate everything possible, right? So, is attempting to automate everything a sensible - even feasible - goal? In a word: no. Consider this your short guide as to what to automate and what not to automate.
identify the sources of event storms and performance anomalies will require automated, real-time root-cause analysis. I think Enterprise Management Associates said it well: “The data and metrics collected at instrumentation points across the application ecosystem are essential to performance monitoring and root cause analysis. However, analytics capable of transforming data and metrics into an application-focused report or dashboards are what separates actual application monitoring from relat...