The task of centralized management of logs in the network of situation centers of public author-ities and approaches to prototyping its software solution

Abstract

Event logging in distributed systems is one of the most important factors for ensuring proper monitoring and management of IT systems, and the use of log information is an important area of activity of DevOps and DevSecOps teams that ensure effective interaction between develop-ers, testers, and IT security professionals. The article discusses some possible approaches to prototyping solutions for the implementation of a centralized LMS (Log Management System) in the National Network of Situation Centers of Public Authorities (SCPA). As part of the first approach, which consists in the use of ready-made market products, a review of the declared capabilities, advantages, and disadvantages of popular free open-source systems and individual LMS tools (ELK Stack, Graylog, Grafana Loki, Logstash, Fluentd, LOGalyze, Filebeat, etc.) is carried out. In the context of the formulated basic requirements for a centralized LMS, taking into account the existing experience of using the tools under consideration, the expediency of choosing solutions among two complex, full-featured systems, namely the ELK Stack (Elas-ticsearch + Logstash + Kibana complex) and the complete, self-sufficient Graylog package, is substantiated. The advantages and disadvantages of each system are considered, and the gener-alized data on the implementation of ELK – Graylog, their use and evaluation by real users, formed on the basis of materials presented by the research company Gartner, are provided. An example of the possible implementation of the second approach to creating a prototype of LMS, which consists in creating new tools, is the developed specialized system for diagnosing errors registered in log files. The structure of the system, the functions of the main components, and the results of testing in a corporate banking network are described.