|
@@ -0,0 +1,61 @@
|
|
|
+# Circolog
|
|
|
+
|
|
|
+Circolog proposes a different approach to the problem of having useful logs.
|
|
|
+
|
|
|
+Circolog is a syslog server which doesn't write to disk. Ever. It doesn't
|
|
|
+consume tons of RAM like elasticsearch/logstash, nor does it give you plots and
|
|
|
+a very long history. It is however a very useful tool when you want to minimize
|
|
|
+disk writes. We wrote it thinking about user privacy: your logs can be just as
|
|
|
+sensitive as your database if you log too much!
|
|
|
+
|
|
|
+[Spiegone su casi d'uso, buttare i log, debuggare rapidamente magari
|
|
|
+applicazioni verbose, eccetera]
|
|
|
+
|
|
|
+## Why it is cool in 2 minutes
|
|
|
+
|
|
|
+- It keeps your users safer.
|
|
|
+
|
|
|
+- Read logs conveniently: filter with a proper (and easy) query language!
|
|
|
+ `grep` is powerful, but sometimes you want something more expressive:
|
|
|
+
|
|
|
+```
|
|
|
+circolog-tail -where 'app_name=="apache" and message LIKE "%memory%"'
|
|
|
+circolog-tail -where '(app_name"apache" OR app_name LIKE "php%") AND message LIKE "%memory%"'
|
|
|
+circolog-tail -where 'app_name=="mysql" OR severity >= warning'
|
|
|
+```
|
|
|
+
|
|
|
+- Colors: highlight severity and visually group related message
|
|
|
+
|
|
|
+ [screenshot]
|
|
|
+
|
|
|
+ It's not only about being nice, we swear! Coloring logs also means reaching the
|
|
|
+ most important entries easily, and grouping related entries together. Output
|
|
|
+ logs in the format you prefer _now_. Depending on what you're doing, log format
|
|
|
+ might be useful... or distracting. For example, how many times have you used
|
|
|
+ the `hostname` part of it? With the common disk-based logging, you need to
|
|
|
+ choose once and for all how your logs will be saved.
|
|
|
+
|
|
|
+
|
|
|
+- Hackable: we think that `circolog-tail` is pretty cool, but you definitely can
|
|
|
+ reuse simpler tools to get logs and filter them the way you prefer. Clients
|
|
|
+ can read logs using plain HTTP (or websocket). Most of the cool features of
|
|
|
+ `circolog-tail` are actually implemented server-side, so you can use filters
|
|
|
+ (or other options) with any client.
|
|
|
+
|
|
|
+
|
|
|
+- Fast, secure by default (?), easy to deploy. Those are features that you
|
|
|
+ should expect, not be surprised of! Circolog can easily process thousands
|
|
|
+ of log entries per seconds, has sane defaults and can be deployed as a single
|
|
|
+ binary.
|
|
|
+
|
|
|
+
|
|
|
+## Security considerations
|
|
|
+
|
|
|
+While we try our best not to introduce vulnerabilities, this software is not
|
|
|
+meant to be exposed on the wider internet. Beware of binding it on something
|
|
|
+different from `localhost`.
|
|
|
+
|
|
|
+Even without being exposed, care must be given to socket permissions: don't let
|
|
|
+unprivileged users read your logs! We suggest that you use a dedicated
|
|
|
+user/group to run circolog, and make root part of that group.
|
|
|
+
|