Tips from the Team

Tips for using Papertrail to manage log files at scale

Managing log files on a single server is a cakewalk, and familiar tools such as grep, tail, and sed can expose the data you need. But it’s a completely different story once you’re working at scale and need to analyze logs across tens, hundreds, or even thousands of machines. In this case, the best solution is to aggregate your logs in the cloud and use a log viewer to analyze your logs holistically. Fortunately, that’s exactly what SolarWinds® Papertrail does.

Papertrail is a cloud-based log management tool for storing your log files in the cloud, making it quick to search through your logs. You can run filters to trim down the search results and focus on just the parts you need.

But before you can analyze those logs, you have to ship them to Papertrail. Thankfully, there are a multitude of ways to transfer logs to Papertrail no matter what app or tool you’re using.

How Do You Send Log Files to Papertrail?

Configuring your app or service to forward your log messages to Papertrail is a breeze thanks to the comprehensive help documentation on the Papertrail site. Guides exist for sending logs from Docker, MySQL, Android, Redis, and directly from apps written in C# and .NET, Java, Go, Python, and many others.

To give you an idea of how to configure things in practice, I’m going to walk you through setting up Papertrail to receive logs in three different situations: from a Go app, from Docker, and from a Windows machine.

Sending Logs From a Go App

Go includes a syslog package capable of sending log messages to Papertrail. Alternatively, you can use a fork such as srslog.

The syslog package from the Go standard library provides a Dial struct to connect to a remote syslog server such as Papertrail. Here’s how to open a connection and send log messages for the app (named “app01”). Replace “logsN.papertrailapp.com:XXXXX” with the log destinations from your Papertrail account:

import "log/syslog"

w, err := syslog.Dial("udp", "logsN.papertrailapp.com:XXXXX", LOG_EMERG | LOG_KERN, "app01")
if err != nil {
    log.Fatal("failed to dial syslog")
}
w.Info("An informational message")
w.Err("An error occurred")

Sending Logs From Docker

Getting log messages out of Docker is slightly more involved than the Go example, but you only need to set up a dedicated log routing container once and can then add as many regular containers as you like without needing to modify them. In fact, not only can you add new containers, this method works without requiring any changes to existing containers too. Everything works automatically.

You can configure Docker to route logs to Papertrail in a number of ways. I prefer running a logspout container.

To start a logspout container run:

$ docker run --restart=always -d \
    -v=/var/run/docker.sock:/var/run/docker.sock gliderlabs/logspout  \
    syslog+tls://logsN.papertrailapp.com:XXXXX

Be sure to replace the “logsN.papertrailapp.com:XXXXX” with the appropriate log destination from your account. The –restart command ensures this container starts whenever the host reboots. This logspout container attaches to all other containers on the host and routes their logs to Papertrail.

Sending Logs From Windows

Sending logs to Papertrail from Windows requires either NXLog or Eventlog-to-Syslog. Since NXLog is the preferred method, that’s the one I’ll walk you through.

Once you’ve downloaded and installed NXLog, you need to edit the nxlog.conf configuration file and replace the content with this template. Remember to replace “logsN.papertrailapp.com:XXXXX” with the appropriate log destination.

A common modification developers make to this configuration file is to enable TLS, so log files are safely transferred between Windows machines and Papertrail. To verify the Papertrail certificates, you need to download the Papertrail cert bundle and place it under the cert directory of your NXLog installation. Next, you need to add the following line at the top of the nxlog.conf file with the other defines:

define CERTDIR %ROOT%\cert

Then replace the syslogout block with this:

<Output syslogout>
Module om_ssl
Host logsN.papertrailapp.com
Port XXXXX
CAFile %CERTDIR%/papertrail-bundle.pem
AllowUntrusted FALSE
</Output>

Analyzing Log Data

Once you’ve consolidated your log data in Papertrail, you can use it to search, trim, filter, and analyze your log messages. The simple search syntax in Papertrail allows you to find the log messages you need during analysis and troubleshooting. Searching with Papertrail is as easy as performing a Google search and the syntax is very similar. Boolean operators such as AND and OR are supported, and you can find log messages that don’t contain a string by using the negation operator (). You can also use parentheses to group smaller expressions together and enforce a precedence when the expression is evaluated.

For example, the following search query returns all log messages containing either “crit” or “emerg” but without “app01”:

(emerg OR crit) AND -app01

Sometimes issues or performance problems you’re chasing are easier to troubleshoot by watching logs in real time. The Papertrail live tail feature allows you to see log messages as they’re received. This works just like running tail -f locally on your log files, except it’s much more powerful because you can search and filter through messages in real time and scroll forwards and backwards.

Traditionally, searching for log messages spanning multiple lines has been a nightmare, and stalwart command-line tools such as grep and sed don’t handle this well. Papertrail supports context links, which enable you to find log messages with shared context even when they cross multiple lines. For example, when a machine crashes, the panic message is usually spread across many lines. By clicking on the hostname field in one of those lines, the Papertrail event viewer will automatically filter out all other messages, leaving you with just the ones from that machine.

As useful as textual log messages are, you simply can’t analyze some things that way. That’s why Papertrail has the capability to visualize your log data and transform them into interactive charts using log velocity analytics. Log velocity analytics helps you answer those “How often does this happen?” questions and enables you to look at log data across time to spot trends. You can also dive into details around a specific time once you’ve found a period you want to investigate further. Just click on the date and time to drill down into the log messages.

Manage Logs in the Cloud With Papertrail

Papertrail provides a fast log management tool for aggregating and viewing and logs in the cloud. No matter what programming language you’re using for your app, and no matter which platform it’s running on, there are a bunch of ways to route your logs to Papertrail. All logs are stored in an Amazon S3 bucket, which makes searching very quick. And because they’re stored in the cloud, you also benefit from server-side encryption, since your log files are encrypted at rest in S3 using AES-256. With Papertrail, you can also control global retention policies from a single interface along with access control lists to configure which users on your team can access which files.

Whatever your circumstances, Papertrail provides frustration-free log management. Click here and start a free trial today.

Aggregate, organize, and manage your logs

Papertrail
  • Collect real-time log data from your applications, servers, cloud services, and more
  • Search log messages to analyze and troubleshoot incidents, identify trends, and set alerts
  • Create comprehensive per-user access control policies, automated backups, and archives of up to a year of historical data
Start free trial Fully Functional for 30 Days

Let's talk it over

Contact our team, anytime.
Toll Free: +1 (855) 679-0752
Phone: +1 (512) 498-6011
papertrailapp@solarwinds.com