Tag: IoT Logging

10 Ways to Implement Effective IoT Log Management

Posted on by eugene evdokimov

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All kinds of everyday things make up this network – fridges, kettles, light switches – you name it. If it’s connected to WiFi, it’s part of the Internet of Things.

IoT raises significant challenges that could stand in your way of fully realizing its potential benefits. The matter of widespread adoption to a secure, functioning global device network still needs to be addressed. Plus, other concerns related to the hacking of Internet-connected devices and privacy fears have captured public attention.

Many of the challenges related to IoT are wide reaching and may be outside the scope of whatever you’re working on. That said, with effective IoT log management, you’ll be able to manage and troubleshoot these challenges and allow stakeholders to derive insights from data embedded in log events.

Key Challenges Facing IoT and How Your Logs Can Help You Handle Them

Here are some of the key IoT logging challenges along with some potential solutions that you can use to overcome them.

1. Log Management

In general, log management is especially important for IoT applications because of their dynamic, distributed, and fleeting nature. In a short period of time, IoT devices can generate millions of logged events. This in itself is a challenge. You’ll need to ensure that the data captured is accurate, that the common data types are standardized across all logs, and that the logs are protected.

Logs provide value to both troubleshooting and business insights. You can extract interesting metadata for optimization such as improving the onboarding process and making it more secure for connectivity purposes. In order to derive such insights, you’ll need to centralize your logs.

As IoT becomes more and more complex, so does the task of managing it. The goal is to get ahead of problems, and logging lets you do that. Rather than reacting to issues, proactively cut them off and fix them immediately.

IoT Log management has key functions that, if followed, will ensure your logging and monitoring go smoothly. This includes:

  • Log aggregation to centralized log storage. This means collectIng only the required logs from the needed source or endpoints and having dedicated servers that does buffering, parsing and enriching
  • Log search and analysis. Stored and indexed, your aggregated log files are now searchable
  • Log monitoring and alerting. Log management helps keep you on your toes, constantly providing data about how your IoT applications are performing

A log management policy for IoT will provide guidelines as to what types of actions need to be logged in order to trace inappropriate use (privacy), performance issues, and security breaches. 

2. Communication Protocols

Message Queuing Telemetry Transport (MQTT) is a very common example of a communication protocol widely used in IoT. A challenge with MQTT is exposed endpoints and the potential deployment of thousands of unsecure MQTT hosts. This results from a lack of secure configurations and the likelihood of misconfigurations in devices that use MQTT.

The use of any communication protocol of this nature has to ensure secure endpoints. Unsecure endpoints can expose records and leak information, some of which can be related to critical sectors, for any casual attacker to see. Then, of course, remains the risk of vulnerabilities that enable denial of service, or worse.

As MQTT does not check the data or payload that they transport, the information they carry can be really anything, posing data validation issues on the connected systems. Organizations should pay adequate attention to IoT security.

As an example, AWS IoT, part of Amazon Web Services (AWS), is essentially a managed MQTT service with strong and enforced security policies. It monitors AWS IoT using CloudWatch Logs to monitor, store, and access your log files. It can send progress events about each message, as it passes from your devices through the message broker and rules engine.  

Security teams with the right analytics tools, can use these captured logs for cyber forensic analysis. This can help to understand how to design secure IoT and ensure users do not connect an IoT device in an unsecure way. Otherwise cyber attackers will continue to take advantage of any exposed data that includes personal or potentially company sensitive information.

3. Application of Security in IoT

Each new IoT device provides a potential entry point for hackers to target your IoT network. Rather than allowing any device onto the network, new devices should be “provisioned”. This means you’ll need a robust, predictable process.

Data transmitted over IoT networks is at risk of being intercepted by criminal parties, so organizations should use only secure, password-protected wireless networks to ensure data is encrypted.

To guard against potential threats, organizations should build their networks with the assumption that any device connected to it is ’zero trust network’. Even if someone makes it into your network, they should still need authentication in order to access anything.

4. Connectivity Bottlenecks

The growth of IoT devices has already placed strain on many networks. Without the right ‘edge’ computing framework in place, company networks can become bogged down by latency and sub par bandwidth.

Device connectivity can be unreliable. 4G connections regularly disconnect and reconnect and don’t offer the same stability available to a typical broadband connection. Take a jogger with their smartwatch going out for a run, for example. They’re going from areas with strong connectivity to areas with poor connectivity and back again. Prolonged disconnections can result in the device running out of buffer memory to store its logs.

The biggest part of logging in IoT in these situations, is to understand where to store the generated data. Having a centralized log management system and a requirement that devices are connected to the Internet when they are updating, will ensure greater stability and reduce these types of bottlenecks.

It is important for companies developing IoT technology, to carefully examine their IoT connectivity providers and choose one with a strong record of service and innovation. If you want to take it to the next level, you can intelligently switch between networks, based on their relative strength at any given time.

5. Power Management

With a growing number of IoT devices comes growing power management requirements. Some IoT devices, like kitchen appliances, are located in accessible locations and draw on stable power sources. As we know, this isn’t always the case. Many devices rely solely on a battery for power.

Power consumption is not just a hardware issue. Greedy software can consume more resources than it needs and drain the limited power available to the device.

Power consumption is best captured using device log management and having a centralized location for those logs to be analyzed.  

Modern device data capture techniques integrating with cloud platform services, will help with power problems in IoT devices. Techniques captured from hardware-based power measurements, software-based power measurements embedded in devices and power tracking with anomaly detection, improve efficiency in power management requirements.  It will ensure the storage, RAM and CPU capacities of IoT devices are more effective and efficient in their use.       

The analysis of this data using forensics, security auditing, network tracing, or data analytics, enables the deep dive into power consumption details. This also gives context to historical power consumption.

6. Data Management

IoT networks generate huge amounts of data. Keeping track of all this data is a challenge in and of itself.

Edge computing can help here. Edge computing is an architectural decision to process data at or near the source. This pushes processing overhead down to the client, lowering the burden on some central system to keep track of everything. We do this instinctively in normal software, with fluentbit and fluentd transformations that format logs on the box, before sending them to a log collection server like Elasticsearch

Edge computing, data governance policies, and metadata management help organizations deal with issues of scalability and agility, security, and usability. This further assists them to decide whether to manage data on the edge or only after sending it to the cloud.

Organizations need to ensure they are collecting the specific data logging they are looking to isolate. They must then find the right software to keep track of this data and analyze it effectively. Whether in a centralized location or processed near the data source, the right storage is needed. Cloud storage is a solution but others options can rely on the local IoT device itself.

7. Device Management

From an organizational perspective, the advent of the IoT has made the range of devices IT needs to administer limitlessly. Devices need to be regularly patched and inspected to ensure they are at the highest possible level of performance and reliability. Remember, in an IoT system, someone can spill a glass of water and fry one of your devices. The hardware matters just as much as the software.

With the introduction of IoT device management software, this enables an onboarding process of device provisioning and provides a capability to monitor usage and performance metrics. The metrics captured locally and stored in a centralized data storage location for analytics purposes. 

This software provides secure on-boarding, organizing, monitoring, troubleshooting, and sending of firmware updates ‘over the air’ (OTA). It will assign them to devices and makes connected devices ready for service quickly. Device management software allows you to quickly zone in on one specific device, in a network of thousands.

8. Complexity of Data Captured

A major challenge of capturing IoT data is due to its complex nature. Often, organizations must not only prepare timestamp or geotag data, but combine it with more structured sources. Today an organization must figure out a way to leverage the resources they have in order to prepare the increasingly complex IoT data.

Organizations must equip their teams with data preparation platforms that can handle the volume and complexity of IoT data, as well as understand how this data can and will be joined with other sources across the organization. By adopting intelligent data preparation solutions and integrating them with a centralized logging repository, the universe of IoT and big data no longer overwhelms. This can be provided from IoT cloud services and ensures organizations are only collecting data that is useful for analytics, forensics, and intelligence purposes.

9. Threat of Cyber Attacks

One of the biggest security challenges is the creation of Distributed Destruction of Service (DDoS) attacks that employ swarms of poorly protected IoT devices, to attack public infrastructure through coordinated misuse of communication channels. An example is the use of IoT botnets that can direct enormous swarms of connected sensors, to cause damaging and unpredictable spikes in infrastructure use, leading to things like power surges, destructive water hammer attacks, or reduced availability of critical infrastructure on a wide scale.

A very large percentage of traffic from IoT devices to our honeypots is automated. A honeypot being the computer security mechanism set to detect, deflect, or counteract attempts at unauthorized use of information. This is a dangerous scenario, given that most modern bot armies and malware are scripted to attack at scale.

Centralizing all access logs will allow organizations to maintain all vulnerable devices under their control. The captured logs can be used for cyber forensic work and allows us to connect the dots and find correlations between events that may otherwise look unrelated.  

10. Compatibility and Updates

New waves of technology often feature a large stable of competitors jockeying for market share, and IoT is certainly no exception. When it comes to home automation using mesh networking, several competitors have sprung up to challenge Bluetooth’s mesh network offerings. Continued compatibility for IoT devices also depends upon users keeping their devices updated and patched. Unpatched IoT devices present serious security vulnerabilities and increase consumer risk.

Wrap-Up

IoT is one of the most exciting engineering developments of the past decade. It opens up a whole world of new capabilities and tooling, that can bring convenience and support to many consumers. With all of these new features, however, comes risk.

Without focusing on our observability responsibilities, a thousand disparate devices is a maintenance and security nightmare. Check out how Coralogix can make your life easier and consume all of those logs for you, in real-time

What You Need to Know About IoT Logging

Posted on by eugene evdokimov

The Internet of Things (or, IoT) is an umbrella term for multiple connected devices sharing real-time data, and IoT logging is an important part of this. Troubleshooting bug fixes, connection problems, and general malfunctions rely heavily on logs, making them an invaluable asset not only in designing systems but also in system maintenance. 

To maximize system potential, this plethora of generated data needs to be managed efficiently. In this post, we’ll look at the different types of logs involved in IoT logging, different storage options and some common issues you may face.  

IoT Logging

Types of Logs 

IoT logging has many different flavors. Some are asynchronous and need to be stored only periodically whereas others need to be synchronous to ensure device uptime. Below are some of the many types of logs involved in IoT logging. 

Status Log

Status logs show the state of the device and whether it is online, offline, transmitting, or in an error state. They are important to give the user a holistic picture of the general state of the device(s). They’re usually stored and sent in frequent and regular intervals.

Error Log

Error logs are more specific than the status log and should generally trigger an alert for monitoring purposes. Errors mean downtime and that should be avoided. A good error log should provide contextual information such as what caused the error and where it occurred (a particular line of code, for instance). Error logs are usually asynchronous and sent whenever there is an error (provided internet connectivity has not been hindered). 

Authentication Log

Authentication logs enable you to see if a registered user(s) is logged in or not. It may be unfeasible to store each login attempt (as end-users might log in multiple times a day), but unsuccessful login attempts can be monitored to determine who is trying to gain access to the system/device.

Configuration Log 

Device attributes are pertinent to keep track of in case of future updates and bug fixes. A configuration log helps track all the different attributes for various IoT devices. This may not be useful for the end-user but it could be of vital importance for developers. If the configuration only really changes with a software update then it is worth storing and retrieving configuration logs asynchronously (i.e., with each update or downgrade). 

Memory Dump 

If you have a software crash, a memory dump or crash dump is particularly useful to determine what went wrong and where. In Microsoft Windows terminology, a memory dump file contains a small amount of information such as the stop message and its data and parameters, a list of loaded drivers, the processor context for the processor which stopped, and so on.

IoT Logging Storage

Given that many of these IoT logging types are needed retroactively, the next question is about where the logs will be stored. You have two options here, local (on-device) storage or cloud storage. Both have their own merits and may be more or less suitable depending on the situation.

On-Device Storage

On-device storage of logs is a highly scalable approach, only in as far as the number of devices is concerned. It is not affected by the number of devices as each device saves its own logs on local storage. This also means that each device will need manual intervention if there is downtime or if it runs out of memory for log storage.

Furthermore, storing logs locally requires a physical connection to a remote computer or bridge for download/upload of data. This may impact user perception of the device and may not be possible if devices cannot be accessed easily or if there are many devices. 

Cloud Storage

Cloud storage is the preferred option if you want immediate feedback and timely information about device status and performance. This approach is more scalable but relies on the existence of a fully functional log management system. 

The log management system should be able to aggregate data from many heterogeneous devices transmitting in real-time and process, index, and store them in a database that facilitates visualization through charts, dashboards, or other means.

Common Problems with IoT Logging

With many devices transmitting data over potentially unstable connections, guaranteeing a certain level of Quality of Service (QoS) becomes a real challenge. If you cannot get vital information about device downtime promptly, then the QoS rapidly declines. Below are some commonly encountered logging issues that arise with IoT devices.

Network Dropping

Lack of internet connectivity is among the most commonly encountered IoT logging issues. There could be many reasons for this including network congestion, lack of bandwidth, poor connection with wireless devices, and firewall issues. Moving the device to an area with better Wi-Fi strength, an antenna upgrade, and limiting the simultaneous number of connections (MAC address filtering) can help solve some of these issues.

Log Buffering

Log buffering for IoT devices is important, especially in instances when the network drops. Determining the right size for your log buffer is just as important, as it can have serious implications when issues arise. A smaller log buffer saves storage, but will contain fewer log messages which can impact your ability to troubleshoot network issues.

Latency

Latency can have far-reaching consequences, especially when it comes to system maintenance. In cases where a cyclic status message is received a few hours late, it can impact your ability to correctly troubleshoot an issue. To get around this, the device latency can be calculated by subtracting the server latency from end-to-end latency. This can help illustrate if the problem is with the device or with the server.   

Conclusion

IoT logging is a vital part of any system. Its function in system development and debugging cannot be understated. Using a centrally managed logging system for IoT devices has many advantages and can go a long way towards ensuring device downtime is kept to a minimum. 

Coralogix provides a fully managed log analytics solution for all of your IoT logging requirements. Tools like Loggregation for log clustering, benchmark reporting for build quality, and advanced anomaly detection alerts are all features to help you run an efficient and stable IoT system.

Minimal downtime is one of the hallmarks of a great product/service and a functioning and Coralogix can help achieve it.