By default, the PingDirectory Server logs to files on the server filesystem. This provides the best option for performance and reliability of the logging mechanism itself.
However, this also has the following disadvantages:
- If the system crashes in an unrecoverable manner, such as if the storage becomes corrupted, then the log data might be lost.
- If an attacker is able to gain access to the underlying system, they might be able to alter or delete log files to cover their tracks. Even if the log files are signed so that you can tell that log files have been modified, that doesn’t help you determine what the original content was.
- It requires more effort to analyze log files and aggregate results when they are spread across multiple systems.
- In some cases, such as when running in a container like Docker, it might not be easy or possible to get direct access to the instance filesystem.
These issues can be addressed by centralizing log content, and PingDirectory software offers several options to assist with this.
Because PingDirectory Server allows you to define multiple loggers of the same type, you can both log to local files and to one or more centralized locations. This can provide the best combination of usefulness and availability.