A Monitoring stack is a collection of resources designed to capture and prioritise operational events for insights, troubleshooting, and automation. It is comprise of resources that facilitate both the storage, interrogation, and detection of logged events. The role of the Logging stack is to deliver:
- A central location for logs to be recorded and interrogated.
- A data source for detection and triage of estate events.
Centralised logs improve the efficacy of triage and detection processes. This is particularly relevant to security solutions which may draw from a range of audit and log sources to detect security breaches.
Cloudmarque workload components use a service locator pattern to identify the services they provide and specify dependencies. This component provides and relies on the following services:
This component creates resources with the following service tags:
- Logging - A service for storing and interrogating event logs from cloud environments.
- App Logging - A service for application-level monitoring services.
- Log Store - A persistent blob or file store for recording cloud events which should not (or cannot) be persisted in the wider searchable log capability. This may be used as a target for “noisy” event sources like verbose network logs.
- P1 - Notification channels for priority one alerts: sent immediately for review.
- P2 - Notification channels for priority two alerts: sent immediately for review.
- P3 - Notification channels for priority three alerts: sent for review at the end of each day.
- P4 - Notification channels for priority four alerts: notifications sent at the end of each week for review.
- P5 - Notification channels for priority five alerts: notifications which can be summarised and reviewed at the end of each month.
- No dependencies - this is therefore typically the first component to be deployed to a cloud environment by a DevOps Pipeline.
Edit this page on GitHub
The content on this page is published under Open Source licenses via GitHub. To submit issues or provide feedback please visit the repository.Visit