Description
A key success factor in managing (governing) Cloud deployments and controlling costs is to have integrated application-infrastructure monitoring, logging and reporting. This includes Security logging. SIEM, SIAM integration is often necessary as well. LMaaS deploys a SaaS based model to aggregate logging and reporting. This model uses existing products that the client may deploy (onto EC2) such as Nagios, as well as integrating native AWS services (Cloud Watch, Trail, Systems Manager etc) along with Splunk and other SaaS products.
LMaaS includes:
- Data collection from multiple sources;
- Data aggregation and collation;
- Policy-based data management and archiving;
- Storage scaling and management of hundreds of terabytes or more;
- Search --RegExp, unstructured -- and filtering;
- Criteria-based alerts and notifications;
- Customized reports, dashboards and visualizations; and
- Data analysis, trending and anomaly detection.
Administrators use log management to aggregate event data and telemetry from all sources in an IT environment so they can trace related activity across multiple systems.
The collection of information from disparate sources is straightforward because log data is inherently portable, typically written to text files. Those files come in one of a few structured formats, such as syslog, JSON, common event format and extended log format or comma-separated values (CSV).
Diagram
