Cyber Defense with MITRE Framework | Graylog + SOC Prime | On-Demand Webinar >> ​

Supercharge Storage Optimization Via Graylog

Just how smart is your storage management?

Storage is one of the most promising ways to shift from the “more is better” philosophy to the “work smarter” philosophy.

What do I mean by that?  Historically, IT managers who needed more storage responded in the most obvious way: they bought more.  Then they deployed it, integrated it, and waited until the problem recurred.  

An alternate and better approach would be to look for smarter ways to utilize the storage already in the infrastructure — then improve that utilization over time.  

Toward that end, Graylog helps by providing insight into the storage you have and how it’s used, thus illustrating how you might reallocate or redeploy it to generate numerous impressive benefits.

Virtualizing storage, for instance, is one such opportunity. Graylog can play an important role by analyzing system logs to determine where and how much free storage exists throughout an infrastructure, no matter how complex or distributed it might be.  

Once you know this, it becomes possible (given appropriate solutions such as a SAN volume controller) to treat storage as a fluid entity that can be allocated whenever and wherever it’s required in as close to real-time as possible.  

Since storage will no longer be tied to particular systems, it will get more right away whenever a service needs more storage.  Virtualized storage also drives down total costs by minimizing waste; instead of buying more, you waste less.

There are endless opportunities to refine things further yet.   

For instance, any time storage as a field experiences a breakthrough, it’s not just a question of deploying the breakthrough — although that’s certainly important — but of making the smartest possible use of it in a business context. 

Example: solid-state drives (SSD).  SSD delivers performance roughly an order of magnitude faster than traditional disk media.  SSD also, because it involves no moving parts, is substantially more reliable than disk.   

These characteristics make SSD a practically ideal storage tier for any form of core business information, such as mission-critical databases leveraged every day to generate revenue, fulfill customer requests, execute internal initiatives, etc.  SSD can drive up both performance and service robustness in all of these contexts to remarkable levels.

But all that premium appeal comes with a premium price tag.  Few organizations will have the resources (or even the need) to use SSD as the sole or primary storage tier. Instead, they’ll want to deploy SSD where it makes the most business sense.

Lessons From the Real World

So how to go about that?  One approach, and an increasingly popular one, is to create a heat map to reflect how data is used in a virtualized infrastructure.

This approach tracks how busy and how essential different services are and then ensures the most important services are the ones that use SSD.  It’s a great way to optimize storage management — if you have the right information driving that automation and if that information is recent enough.  

How do you get that information?  Graylog can provide it.  

Since Graylog can pull log data from all your production servers and related assets, it can be configured to track database utilization throughout a virtualized infrastructure (whether we’re talking about virtual servers running on physical hosts or a full-blown private cloud).   It can then display this information in whatever customized manner would be most helpful for the administrator.  And that information can tell you how to reallocate SSD storage where it logically belongs.

Picture a car manufacturer called Edison.  Edison doesn’t have dealers but instead takes orders for its cars online.  This means it must constantly interact with the public via Web services that include prototyping and visualizing cars, quantifying costs, taking orders, and fulfilling those orders.  

Like most organizations, Edison has a large array of databases.  But which of them are the best fit for SSD storage?

Graylog can answer that by tracking their activity via analysis of system and database logs.  Given that insight, storage admins always know which data sees the most “action” and is most business-critical.  Then that insight can be used to migrate the hottest databases to SSD either manually or automatically, based on policies running in service management software, to minimize the impact on up-and-running services.   


Using Graylog, you can create strategies to virtualize your storage, ensuring that you waste as little as possible and that services always get the storage they need.  You can also optimize storage, so only the most important services use SSD. This way, your infrastructure will continually be tracking which data is of the highest use, and you can migrate that data to the most appropriate storage tier.  It’s just a smarter form of storage management at a basic level.


Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.