I run a small home lab - number of servers varies from time to time. Currently five, all Linux.
When I heard about log consolidation I imagined that I would get a nice dashboard type view where I could see a consolidated, real time, view of all my server logs go by. Victoria Logs does that for me. I also imagined that there would be a way to flag particular log entries as “normal, and expected” so they would be excluded in the future - the goal being to get this dashboard to a state where if anything appears, it’s probably bad. I can’t see a way to do that in Victoria Logs. Do I need to try harder? If Victoria Logs won’t do it - is there anything that will?
What are you using to ship the logs to VL?
If you want to exclude “normal” logs you should start excluding them before they reach VL, so the only logs you have are the interesting ones.
That’s the reason I’m here asking about logging. I’m in the process of changing and wondering if I should switch it all up. I was using systemd-journal-remote, but I’m switching from Debian to Alpine so - no more systemd.
Now that confuses me. As I said in my original post - I had some preconceptions about centralised logging before I set it up, and having a single place to manage filters was certainly something I was hoping to get from it. Also any filtering would only be for reporting. I’d like to keep a full set of log data for potential problem analysis etc.