Why one place for every log

With more than a couple of machines, "SSH in and grep the log" stops scaling. You don't know which box the interesting line is on, logs rotate away, and correlating across machines is hopeless. The fix is to ship every log line to one searchable place.

This lab uses Loki (Loki-Server, 10.100.100.5) as that place, with a small agent called Promtail on every single host pushing logs to it. Loki is built by the Grafana folks and is intentionally lightweight: it indexes labels (like which host, which service) rather than the full text, which keeps it cheap to run.

every host --(Promtail agent)--> Loki (10.100.100.5) --> Grafana (search)

Why we use this: centralised logging is one of those things that feels like overkill at three machines and indispensable at ten. Setting it up early — and baking the agent into the VM template so every new box ships logs from birth — means you never have to retrofit it.

Diagram