Circolog

Circolog proposes a different approach to the problem of having useful logs.

Circolog is a syslog server which doesn't write to disk. Ever. It doesn't consume tons of RAM like elasticsearch/logstash, nor does it give you plots and a very long history. It is however a very useful tool when you want to minimize disk writes. We wrote it thinking about user privacy: your logs can be just as sensitive as your database if you log too much!

[Spiegone su casi d'uso, buttare i log, debuggare rapidamente magari applicazioni verbose, eccetera]

Why it is cool in 2 minutes

• It keeps your users safer.

• Read logs conveniently: filter with a proper (and easy) query language! grep is powerful, but sometimes you want something more expressive:

circolog-tail -where 'prog=="apache" and msg LIKE "%memory%"'
circolog-tail -where '(prog=="apache" OR prog LIKE "php%") AND msg LIKE "%memory%"'
circolog-tail -where 'prog=="mysql" OR sev >= warning'

• Colors: highlight severity and visually group related message

  [screenshot]

  It's not only about being nice, we swear! Coloring logs also means reaching the most important entries easily, and grouping related entries together. Output logs in the format you prefer now. Depending on what you're doing, log format might be useful... or distracting. For example, how many times have you used the hostname part of it? With the common disk-based logging, you need to choose once and for all how your logs will be saved.

• Hackable: we think that circolog-tail is pretty cool, but you definitely can reuse simpler tools to get logs and filter them the way you prefer. Clients can read logs using plain HTTP (or websocket). Most of the cool features of circolog-tail are actually implemented server-side, so you can use filters (or other options) with any client.

• Fast, secure by default (?), easy to deploy. Those are features that you should expect, not be surprised of! Circolog can easily process thousands of log entries per seconds, has sane defaults and can be deployed as a single binary.

Security considerations

While we try our best not to introduce vulnerabilities, this software is not meant to be exposed on the wider internet. Beware of binding it on something different from localhost.

Even without being exposed, care must be given to socket permissions: don't let unprivileged users read your logs! We suggest that you use a dedicated user/group to run circolog, and make root part of that group.