close

Building a Trustworthy Cloud Environment Duology - Windows Log Solution

Preface

In the previous article, we gained a basic understanding of logs. From the perspective of individual users, we can already investigate what happened on our computers by checking the logs when issues arise. However, if we consider the perspective of an enterprise, and we need to manage multiple machines simultaneously, how would we plan our architecture?

Building a Trustworthy Cloud Environment Duology - Windows Log Solution
示意圖
 
Let's start by imagining managing ten local hosts. Firstly, we would need a host to receive and store the logs from these ten hosts. For convenient viewing of log data, we would require a frontend to develop a visualization interface. Merely viewing data may not meet our expectations; if our requirement is to receive notifications when certain operational logs occur, then we would need to set up an automated scheduling tool to analyze the data and use a messaging notification system to send alerts. The time and cost required for each of these tasks are considerable, so we would need to integrate all of these functionalities through a third-party log monitoring platform.

Introduction to Alibaba Cloud Log Service (SLS)
Building a Trustworthy Cloud Environment Duology - Windows Log Solution
 

Alibaba Cloud SLS (Log Service)
Alibaba Cloud's Log Service (SLS) is a cloud-native observability platform. Its functionalities can be roughly categorized as follows:

  • Data Collection
  • Query and Analysis
  • Visualization
  • Alerting
  • Data Processing
  • Consumption and Delivery
  • Log Audit

Introduction to Log Monitoring Solution

Building a Trustworthy Cloud Environment Duology - Windows Log Solution
解決方案架構圖
 

The solution proposed in this article primarily relies on four key functionalities: data collection, query and analysis, visualization, and alerting. As illustrated in the architecture diagram, we have two hosts each deployed on-premises and in the cloud. On each host, we install the Alibaba Cloud SLS service agent, which facilitates the transmission of logs from the respective host to the logstore within the Alibaba Cloud SLS service, either via the internet or Alibaba Cloud's intranet.

Next, let's examine the functionalities realized by this solution!

Windows Server Log Dashboard

 
Building a Trustworthy Cloud Environment Duology - Windows Log Solution
Windows Server Log 儀表盤示意圖


The primary objective of this solution is to monitor the logs of multiple Windows Server hosts. Through the native visualization charts provided by SLS, we can clearly observe the types and quantities of various event IDs. Clicking on the visualized charts allows us to filter the data as needed. Additionally, SLS offers various native visualization charts to choose from.

Alert Configuration

Building a Trustworthy Cloud Environment Duology - Windows Log Solution

Alert Email Illustration

In addition to visualizing log reports, from an auditing perspective, we also want to receive notifications. For example, notifications for user creation/modification and deletion on Windows Server. We can write SQL queries in the SLS service to retrieve the event IDs corresponding to these operations from the logstore where the log data is stored, and set up alerts in the SLS service. Users can then receive the alert emails as shown in the image above.

Now that we have a basic understanding of the log solution for Windows Server hosts, besides Windows Server logs, we also have other log monitoring solutions! Let's share more about them in the future!

Author

 

 

Solution Architecture
歐律廷 Lambert Ou

share to