The team at observIQ are avid programmers, gamers, traders, thinkers, and innovators who build elaborate home networks for fun, for work, and simply because we enjoy technology. We believe in it as medium for improving life. Everyone is constantly growing the size and footprint of their home networks and labs – adding custom apps, devices, and servers, making it challenging to gauge our technical footprint. With rising risks, it’s important to monitor performance and any potential security threats to keep yourself protected, even in your own home.
Enter log management, just as you would do with your financial health, keeping a paper trail of all your technical transactions is considered best practice. Log management solutions, such as observIQ, make your homelab activities visible to you at a glance so you are always aware of what breadcrumbs you leave online, and can maintain your home network with confidence.
With a log management solution, we can:
Follow along as we implement log management in a typical homelab consisting of a Ubiquiti access point and switch, pfSense firewall, Fedora workstation, and a Mac as a daily driver.
While other tools make gathering logs from disparate sources and devices a long, technical, drawn out process, observIQ simplifies and gets this done in minutes. With observIQ, we can use the Syslog Source to make the observIQ log agent function as a Syslog server with just a couple of clicks, allowing you to gather logs from any network device. We can also use that same agent to grab system logs directly from the Fedora workstation using observIQ’s journald Source as well.
As a prerequisite, we must first configure our network devices to output events over a TCP/UDP to a Syslog server (in this case, observIQ log agent). Below, you can see a quick snippet of the configuration for our pfSense firewall and Ubiquiti access point to send logs to a Syslog server.
We then install the observIQ log agent on the Fedora workstation by copying and running the one-line agent installation command. Installation typically takes less than 15 seconds.
Next, we’ll add two Sources to our agent. First, we’ll add a journald source that will allow us to gather system logs from our Fedora machine, in just a few clicks. After that, we’ll add a Syslog source to our agent as well – which turns the observIQ agent into a functioning syslog server. Both Sources require next-to-no configuration.
After the sources are added to the agent, we will start seeing logs from all our sources being accessible within observIQ, allowing us to sort, search and visualize all of our logs in a single place.
Now that you have all your logs collated, how can you use them to your advantage?
With the additional visibility, we can search for and identify:
observIQ lets you save time by allowing you to save search queries. So, the next time you need a search query, simply pull it up from the dropdown menu. Searching for errors with a specific application or host? Looking to track system reboots or unusual traffic? A saved search allows you to get those results quickly by delivering a quick list of queries at your fingertips.
Some events in your network might need immediate attention; ideally, you’d be notified proactively. For such events, observIQ gives you the ability to create threshold-based alert definitions. When there’s a logon attempt, network failure, app, or system failure, observIQ creates an alert in-app and can notify you via email, Slack, or Pagerduty.
Lastly, visualizing your log data is important. Using built-in Dashboards or creating custom dashboards is a simple and effective way to understand what’s happening in your environment at a quick glance.
As with every software routine, there are some tried and tested actions that are important to consider when implementing effective log management. Like a fingerprint, every homelab is unique and it is your call to pick and choose the practices that would be a right fit for you.
Implementing effective log management means being able to gather all the logs that matter most and being able to filter through the noise to understand an incident or get to a root cause quickly. With observIQ, it’s incredibly simple to gather any log file.
To get the most out of your log data, it’s important to enrich and tag your logs with useful context. With observIQ, all of your logs are enriched automatically and provide important context like IP address, Hostname, Source Name, User ID, Event ID, Severity, and more, making it easy to trace issues back to their source.
Logs say a lot about your network, often it is information that is confidential. It is best if you keep your log access to a limited number of users within your home network. Sharing access for test runs or debugging network failures should be done with caution.
For starters, we give you the ability to get up and running in under 5 mins. With observIQ’s simple yet powerful Sources like Syslog and Journald, you can gather logs from almost any device. With the observIQ Free Plan, you also gain access to the full feature set of the platform as well, including pre-made Dashboards and Live tail as well.
When you need help, our helpful support staff will assist you with your setup, for free! Get started with a trial today!