The team at observIQ are avid programmers, gamers, traders, thinkers, and innovators who build elaborate home networks for fun, for work, and simply because we enjoy technology. We believe in it as medium for improving life. Everyone is constantly growing the size and footprint of their home networks and labs – adding custom apps, devices, and servers, making it challenging to gauge our technical footprint. With rising risks, it’s important to monitor performance and any potential security threats to keep yourself protected, even in your own home.
Enter log management, just as you would do with your financial health, keeping a paper trail of all your technical transactions is considered best practice. Log management solutions, such as observIQ, make your homelab activities visible to you at a glance so you are always aware of what breadcrumbs you leave online, and can maintain your home network with confidence.
With a log management solution, we can:
- Track and monitor logon behavior – know who is accessing our network and devices
- More effectively use our network’s assets; declutter hardware/ software usage with useful insights from logs
- Gain insights into the operational health of our labs – apps, servers, networks
- Visualize your log data in dashboards to easily understand trends
- React faster to incidents in our networks
Follow along as we implement log management in a typical homelab consisting of a Ubiquiti access point and switch, pfSense firewall, Fedora workstation, and a Mac as a daily driver.
The Setup (A Simple Diagram)
Setup in 3 Simple Steps
While other tools make gathering logs from disparate sources and devices a long, technical, drawn out process, observIQ simplifies and gets this done in minutes. With observIQ, we can use the Syslog Source to make the observIQ log agent function as a Syslog server with just a couple of clicks, allowing you to gather logs from any network device. We can also use that same agent to grab system logs directly from the Fedora workstation using observIQ’s journald Source as well.
Prerequisites: Configure your Network Devices to output to Syslog
As a prerequisite, we must first configure our network devices to output events over a TCP/UDP to a Syslog server (in this case, observIQ log agent). Below, you can see a quick snippet of the configuration for our pfSense firewall and Ubiquiti access point to send logs to a Syslog server.
Step 1: Install the observIQ log agent
We then install the observIQ log agent on the Fedora workstation by copying and running the one-line agent installation command. Installation typically takes less than 15 seconds.
Step 2: Add Syslog and pfSense log sources to the observIQ log agent
Next, we’ll add two Sources to our agent. First, we’ll add a journald source that will allow us to gather system logs from our Fedora machine, in just a few clicks. After that, we’ll add a Syslog source to our agent as well – which turns the observIQ agent into a functioning syslog server. Both Sources require next-to-no configuration.
Step 3: Complete setup and begin exploring the logs
After the sources are added to the agent, we will start seeing logs from all our sources being accessible within observIQ, allowing us to sort, search and visualize all of our logs in a single place.
Using Your Logs Effectively
Now that you have all your logs collated, how can you use them to your advantage?
With the additional visibility, we can search for and identify:
- Errors in your network’s devices
- Login attempts and failures from both authorized and unauthorized users
- New devices accessing your network
- Malware attacks and service attacks that are denied
- Password and access credentials changes
- Event logs for shared access folders and files
- Service installations and configurations
- Process runs and unwarranted pauses in processes
Create Saved Searches
observIQ lets you save time by allowing you to save search queries. So, the next time you need a search query, simply pull it up from the dropdown menu. Searching for errors with a specific application or host? Looking to track system reboots or unusual traffic? A saved search allows you to get those results quickly by delivering a quick list of queries at your fingertips.
Create Alerts Definitions
Some events in your network might need immediate attention; ideally, you’d be notified proactively. For such events, observIQ gives you the ability to create threshold-based alert definitions. When there’s a logon attempt, network failure, app, or system failure, observIQ creates an alert in-app and can notify you via email, Slack, or Pagerduty.
Lastly, visualizing your log data is important. Using built-in Dashboards or creating custom dashboards is a simple and effective way to understand what’s happening in your environment at a quick glance.
Best Practices in Log Management for Homelabs
As with every software routine, there are some tried and tested actions that are important to consider when implementing effective log management. Like a fingerprint, every homelab is unique and it is your call to pick and choose the practices that would be a right fit for you.
Gather the logs that matter most
Implementing effective log management means being able to gather all the logs that matter most and being able to filter through the noise to understand an incident or get to a root cause quickly. With observIQ, it’s incredibly simple to gather any log file.
Enriching your logs
To get the most out of your log data, it’s important to enrich and tag your logs with useful context. With observIQ, all of your logs are enriched automatically and provide important context like IP address, Hostname, Source Name, User ID, Event ID, Severity, and more, making it easy to trace issues back to their source.
Keep your logs safe
Logs say a lot about your network, often it is information that is confidential. It is best if you keep your log access to a limited number of users within your home network. Sharing access for test runs or debugging network failures should be done with caution.
Why is observIQ the Obvious Choice for Your Network?
For starters, we give you the ability to get up and running in under 5 mins. With observIQ’s simple yet powerful Sources like Syslog and Journald, you can gather logs from almost any device. With the observIQ Free Plan, you also gain access to the full feature set of the platform as well, including pre-made Dashboards and Live tail as well.
When you need help, our helpful support staff will assist you with your setup, for free! Get started with a trial today!