As the title says, what logging and/or alerting setup do you have? I’ve used graylog in the past, but find it a bit too complex and “heavy”. I would like to something a bit more lightweight. Alternatives I’ve looked into:
- Dozzle - this looks nice, and would have been a perfect fit but it looks like it’s only for docker containers, I would like to collect all syslogs and everything in one place
- Grafana Loki - Haven’t looked too much into this, but considering replacing Graylog with this. I don’t know if it feels less complex so I’m a bit on the fence.
Any other recommendations?
I found graylog and the likes nice but as you said heavy on resources. I now have a central rsyslog server (on debian 12) that first does some filtering of log lines I don’t care about and then stores log in postgress. Grafana lives on that same host and I’m very happy with it. It performs quite well with just a fraction of resources graylog had as bare minimum. (The server has 4 sockets and 8Gb mem, storage to SSD while 4 firewalls, 3 switches, 4 AP’s and 20 servers logging to it) In the proxmox console I see 2Gb mem is used and the cpu is bored (<5%)
Graylog is probably one of the more simple log aggregators out there, so if that was a bit much, you’re in for a surprise.
SigNoz is probably the best all in one tooling out there at the moment. It’s also a bit heavy, but it’s an open source alternator DataDog, so there’s a lot happening.
Simple setup for me.
Traefik Log Dashboard - A real-time dashboard for analyzing Traefik logs and OpenTelemetry traces with IP geolocation, status code analysis, and service metrics.
I have paired this with a custom n8n workflow that monitors Traefik access logs on my homelab every two minutes to detect and send pushover alerts on public access attempts to internal services to my phone.
Nothing yet. Using ELK stack, logging operator and filebeat/auditbeat at work but I find that way too convoluted.
