Everyone can improve their logging. Either we’re drowning in meaningless log data or we don’t have enough. Usually, there is plenty of data but not enough information.
Linux logging is a great place to make big wins in observability. This is because of the wonderful Windows Subsystem for Linux and the preference for Linux backends, particularly in enterprise systems and of course Kubernetes.
Investing in good Linux logging is a no-brainer.
It is not unusual for a decision to move Linux platforms to be made for cost or security reasons. Different flavours of Linux often do things system-wise slightly differently – including system logging. Couple that with the need for image hardening and off-the-shelf logging solutions may not be able to cope even if they claim compliance. Or worse than that, you might not be able to cope with supporting that way of working.
The best way of ensuring that you have the information you need to better support your software is to take charge of the situation. Ensure that you create application logs in a known location which provides meaningful data just for your system. Pair these with system logs, sure, but make the emphasis on you and your team being able to support your software easily, reliably and consistently even if the platform changes.
Don’t leave logging as an afterthought.