Stop Staring at Traffic Lights. Start Asking Questions.
It’s 03:14 AM. Your PagerDuty fires. You open Grafana. Every single panel is green. CPU is at 40%, memory is fine, disk space is ample. Yet, your biggest e-commerce client in Oslo is screaming that nobody can complete a purchase.
This is the failure of Monitoring.
In the traditional sysadmin world, we cared about "Is it up?" We pinged servers. We checked disk usage. If the light was green, we went back to sleep. But in 2020, with distributed microservices and container orchestration becoming the norm even here in Norway, "green" means nothing if the user experience is broken.
Monitoring is for known knowns. You know disk space can run out, so you monitor it. Observability is for the unknown unknowns. It allows you to ask arbitrary questions of your system to understand behavior you never anticipated. To achieve this, we need to move beyond simple Nagios checks and embrace the three pillars: Metrics, Logs, and Traces.
1. Metrics: The "What" (But Faster)
Metrics are cheap to store and fast to query. They give you the trend lines. But in high-load environments, standard polling isn't enough. You need high-resolution scraping.
If you are running Kubernetes (k8s) v1.18+, you should be using Prometheus with a dynamic service discovery configuration. Don't hardcode IP addresses. Here is a battle-tested prometheus.yml snippet we use for scraping annotated pods, ensuring we catch ephemeral containers the moment they spin up:
scrape_configs:
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
Pro Tip: High-cardinality metrics (like tracking latency per user ID) will explode your Prometheus memory usage. Drop unnecessary labels in the relabel_configs section before they hit your time-series database (TSDB). If your VPS runs on spinning rust (HDD), Prometheus compaction will kill your I/O. This is why CoolVDS standardizes on NVMe storage—TSDBs eat IOPS for breakfast.
2. Logging: The "Why" (Context is King)
Grepping through /var/log/syslog is dead. If you are managing more than three servers, you need centralized logging. The ELK Stack (Elasticsearch, Logstash, Kibana) remains the heavy lifter in 2020, though Grafana Loki is gaining traction for being lightweight.
The problem with logs is usually formatting. A raw text line is useless to a machine. You need structured JSON logging. Configure your Nginx ingress or web servers to output JSON so Logstash doesn't have to burn CPU parsing regex.
Here is how you configure nginx.conf to output meaningful JSON logs that can be ingested directly into Elasticsearch:
log_format json_combined escape=json
'{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status": "$status",'
'"body_bytes_sent": "$body_bytes_sent",'
'"request_time": "$request_time",'
'"upstream_response_time": "$upstream_response_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
access_log /var/log/nginx/access.log json_combined;Once you visualize this in Kibana, you can correlate request_time spikes with specific upstream_response_time delays. Suddenly, you see that the latency isn't the web server—it's the database waiting on a lock.
3. Tracing: The "Where"
This is where most setups fail. You have metrics and logs, but you can't stitch a request as it hops from your Load Balancer to the Frontend, then to the Auth Service, and finally to the Database. Distributed Tracing (using tools like Jaeger or Zipkin) solves this.
With the OpenTracing standard (and the emerging OpenTelemetry project), you inject a correlation ID into headers. Here is a conceptual example of how you might instrument a Python Flask service to propagate a trace context:
from flask import Flask, request
from jaeger_client import Config
def init_tracer(service_name='payment-service'):
config = Config(
config={
'sampler': {'type': 'const', 'param': 1},
'logging': True,
'reporter_batch_size': 1,
},
service_name=service_name,
)
return config.initialize_tracer()
tracer = init_tracer()
@app.route("/checkout")
def checkout():
span_ctx = tracer.extract(Format.HTTP_HEADERS, request.headers)
with tracer.start_span('checkout-op', child_of=span_ctx) as span:
span.set_tag('http.method', request.method)
# Business logic here
return "Processed", 200The Schrems II Reality Check
We need to talk about the elephant in the room: Schrems II. As of July 2020, the Privacy Shield is invalid. Sending personal data (IP addresses in logs are personal data!) to US-owned cloud providers is now a legal minefield for Norwegian companies.
If you pipe your observability data—which contains user IPs, emails in query strings, and user-agent strings—into a SaaS monitoring tool hosted in the US, you are likely non-compliant with GDPR under the new ruling. The Datatilsynet (Norwegian Data Protection Authority) is clear on this.
| Feature | US Cloud SaaS Monitoring | Self-Hosted on CoolVDS (Norway) |
|---|---|---|
| Data Residency | Uncertain / US Jurisdiction | Strictly Norway (Oslo) |
| Latency | Variable (WAN travel) | <5ms to NIX |
| Cost Predictability | Pay per metric/log line | Flat rate resources |
| GDPR Compliance | Complex (SCCs required) | Native |
Infrastructure Matters: The "Noisy Neighbor" Problem
Observability tools are resource hogs. Elasticsearch eats RAM; Prometheus eats Disk I/O. If you run these on cheap, shared hosting where the CPU is oversold, your monitoring system will fail exactly when you need it—during a traffic spike.
At CoolVDS, we don't play the "burst" game. You get dedicated cores and NVMe storage. When you run an aggregation query on 50GB of logs to find a security breach, you need sustained read speeds, not throttled IOPS.
Summary
1. Instrument code, not just servers. Use OpenTracing/Jaeger.
2. Structure your logs. JSON is mandatory, not optional.
3. Own your data. Post-Schrems II, self-hosting your ELK or Prometheus stack in Norway is the safest legal play.
Don't wait for the next outage to realize you're flying blind. Spin up a high-memory KVM instance on CoolVDS today and build an observability stack that actually tells you the truth.