1

I'm trying to find a solution that will help me to monitor the product's machines and log files in each one of them. here are some fact about my working environment:

  • I have a product that's installed on labs composed of several machine (some of them 3 and some 8 VMs) of Windows server 2016 and up and Windows 10.

  • My laptop is in one LAN and the Lab in another LAN

  • The product creates several log files (*.log) with different name and purpose in each machine.

  • I think that those log files are created by the log4net feature...

  • There are 5 services to follow up: IIS, SQL, RabbitMQ, Product's service

  • I cannot UNC (like: \server-name\logs\product.log) to those machines from my laptop and vice-versa.

  • Machines have no access to internet

  • Currently If I want to monitor a log file I need to RDP to each machine and run the following PowerShell script line: Get-Content C:\Product\Logs\Product.log -wait -tail 1000

    OR

    to run this script from "outside" (from my laptop) with SSL Connection and and wrap the script line with Invoke-Command command:

...

#region SSL connecting to server 
 Add-Type @"
 using System.Net;
 using System.Security.Cryptography.X509Certificates;
 public class TrustAllCertsPolicy : ICertificatePolicy {
 public bool CheckValidationResult(
   ServicePoint srvPoint, X509Certificate certificate,
   WebRequest request, int certificateProblem
   ) 
 {
   return true;
 }
}
"@
 [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
 $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
 [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
#endregion

Enter-PSSession -ComputerName $hqappIP -Credential $cred
Invoke-Command -ComputerName $hqappIP -Credential $cred -ScriptBlock {
   Get-Content C:\Product\Logs\Product.log -wait -tail 1000
}

...
  • I was suggested to raise in my laptop a Docker engine that will run ELK\logstash + Kibana, and install in the Lab's machines - filebeat that would talk with the server in the Docker, but I found that the Lab's machine are in one LAN and cannot ping to my laptop that residence in a different LAN (What's make me confused because I can ping from my laptop to those machines and run the script in the way that I produced to you in the previous section)
  • I would not going to get additional machine in the Lab's LAN, so this is not an option
  • My laptop has Windows 10 OS

So, I left with a secured Lab in one hand, and my organization laptop in other hand - How can I build in such environment - a monitoring server in my laptop, especially with a free tools (as I mentioned some in the background)?

Hiddai
  • 67
  • 2
  • 10

1 Answers1

1

Install and use a centralized logging service. Free software examples in this space include Graylog or ELK (Elasticsearch, Logstash, and Kibana). Either provides for running agents on hosts, and forwarding log file contents or Windows event logs to a database.

A considerable amount of work to deploy and configure, true, but quite a bit more powerful than staring at individual log files across multiple hosts. Querying for http 500 errors across all web servers, for example.

I cannot UNC (like: \server-name\logs\product.log) to those machines.

Tail-ing logs on file shares might work in the small scale. Either all the files on one central share, or the application server exports the share. However, some applications can't or won't log to a path compatible with this. And following a handful of files from your workstation merely replaces "terminal jungle" with "lots of BareTail tabs".

John Mahowald
  • 30,009
  • 1
  • 17
  • 32