SlideShare ist ein Scribd-Unternehmen logo

Logonomics

Steve Feldman
Steve Feldman
TechnologieBusiness
1 von 52
Downloaden Sie, um offline zu lesen
LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs     by  steve  feldman   @PerfForensics  
Logging  Doesn’t  Suck  
It’s  Like  Fishing  in  the  Night…  
So  Why  Don’t  We  Talk  About  Logs   More  OJen?  
At  least  20%  of  all  people  in  this  room   don’t  know  where  to  find  their  logs.  
At  least  50%  of  all  people  in  this  room   don’t  look  at  their  logs.  
At  least  60%  of  all  people  in  this  room   don’t  visualize  their  log  data.  
At  least  75%  of  all  people  in  this  room   don’t  correlate  data  between  logs.  
At  least  90%  of  all  people  in  this  room   don’t  standardize  the  management  of   logs  to  a  centralized  service.  
At  least  95%  of  all  people  in  this  room   don’t  alert  IT  staff  based  on  a  specific   log  event.  
If  a  System  Doesn’t  Output  to  a  Log  Do   We  Assume  Nobody  is  Using  it?  
If  a  System  ConZnuously  Spews  Data   to  a  Log  Do  We  Ignore  it?  
What  We  Can  Do  With  Our  Log  Data   LOGONOMICS:  The  Hidden  Side  of     Blackboard  Logs    
Trending  and  Intelligence     Service  Levels     Threats  and  VulnerabiliZes     Responsiveness    Reliability    
Primer  Data  Points  Everyone  Should   Know   Unique  Requests   Time  Series  of  Requests   ConcentraZon  of  Request  Types   Origin  of  Requests   Quick  Averages   Cascading  Issues  Across  Logs  
Combining  Other  Data  with  Log  Data   CorrelaZon   Root  Cause   InterpretaZon   CompleZon  of  Message   Full  Picture   Sequence  and  Timelines  
Types  of  Data  We  Can  Get  LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs    
Business  AnalyZcs:  AdopZon  and   Growth  
System  Health  
Capacity  Planning  
Security  and  Threat  Analysis  
Quality  and  Experience:  MeeZng  SLAs  
Replay  and  Benchmarking  
Insight  into  the  BbLogs  LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs    
Four  Horseman  of  Logs  
Bablefield  of  Other  Logs   •  AuthenZcaZon   •  Plugins  Directory   •  NauZlus  for  events   •  Monitoring  (System  Logs)   – Syslogs  and  Rsyslogs  (/var/messages)   – Windows  Event  Logs  
Is  there  a  Most  Important  Log?  
Access  Log   Log  Formafng  Mabers   Log  Levels     (INFO,  WARN,  ERROR)   mod_log_forensic   Use  %k,  %T  and  %D   Decompose  the  URI   Log  Formafng  Mabers  
Is  there  a  2nd  Most  Important  Log?  
Tomcat  and  Java  Logs   Stack  Traces   Startup  OpZons   GC  Events   GC  Pauses  and  Status  
Tools  We  Should  Consider  LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs    
It’s  All  About  the  Right  Fishing  Rod  
CAT! GREP! TAIL! SED!AWK! SORT!
GROK!
SomeZmes  a  Net  is  Beber  to  Cast  
Log  CentralizaZon  
Please  Take  All  My  Logs     Format  Lots  of  Log  Data     Send  it  Down  the  River  
•  amqp   •  exec   •  file   •  gelf   •  redis   •  stdin   •  stomp   •  syslog   •  tcp   •  twiber   •  xmpp   •  zeromq   •  amqp   •  elasZcsearch   •  elasZcsearch_ river   •  file   •  ganglia   •  gelf   •  graphite   •  internal   •  loggly   •  mongodb   •  nagios   •  date   •  dns   •  gelfify   •  grep   •  grok   •  grokdisco very   •  json   •  mulZline   •  mutate   •  split   •  null   •  redis   •  statsd   •  stdout   •  stomp   •  tcp   •  websocket   •  xmpp   •  zabbix   •  zeromq   Inputs   Filters   Outputs  
Configure  Apache  for  JSON  log   •  hbp://cookbook.logstash.net/recipes/apache-­‐ json-­‐logs/  
Configure  Tomcat  for  MulZ-­‐Line  Filter  
Setup  Bb  to  feed  logstash  
What  We  Use  Logstash   Log  AggregaZon   Non-­‐FuncZonal   Requirements   Event  NoZficaZon   IntegraZon  with   Zabbix   Kibana  Front-­‐End   Redis  Inputs  &  Outputs   Indexing  
Simple  Challenge  to  All   •  Setup  Logstash  architecture  (All  Single  Node)   •  Start  shipping  basic  log  files   – Apache  2.X  access  log  or  IIS  web  server  log   – Tomcat  Catalina  log  file   •  Output  results  to  statsD  (Etsy  Project)   – Simple  Use  Case:  IncremenZng  HTTP  codes  (200,   300,  400)   •  Visualize  statsD  data  with  Graphite  
Bonus  Challenge  to  All   •  Take  the  Vagrant  VM  and  integrate  Logstash   shipper  with  configuraZon  files.   •  Add  Postgres  support  (Development  Only)   •  Basic  syslog  funcZonality  for  CentOs   •  Custom  Log  Interface  for  a  B2  
Let’s  Add-­‐on  to  the  IniZaZve   developer.blackboard.com    

Empfohlen

A Call for Sanity in NoSQL
A Call for Sanity in NoSQLA Call for Sanity in NoSQL
A Call for Sanity in NoSQLC4Media
 
Microservices Tracing with Spring Cloud and Zipkin
Microservices Tracing with Spring Cloud and ZipkinMicroservices Tracing with Spring Cloud and Zipkin
Microservices Tracing with Spring Cloud and ZipkinMarcin Grzejszczak
 
Open Source Monitoring Tools
Open Source Monitoring ToolsOpen Source Monitoring Tools
Open Source Monitoring Toolsm_richardson
 
Logs Are Magic! Why git workflows & commit structure should matter to you
Logs Are Magic! Why git workflows & commit structure should matter to youLogs Are Magic! Why git workflows & commit structure should matter to you
Logs Are Magic! Why git workflows & commit structure should matter to youJohn Anderson
 
AS-STATS
AS-STATSAS-STATS
AS-STATSThomas Mangin
 
Microservices Tracing with Spring Cloud and Zipkin (devoxx)
Microservices Tracing with Spring Cloud and Zipkin (devoxx)Microservices Tracing with Spring Cloud and Zipkin (devoxx)
Microservices Tracing with Spring Cloud and Zipkin (devoxx)Marcin Grzejszczak
 
P6 installation
P6 installationP6 installation
P6 installationshimaa farouk
 
PTOn...Finding the Time to Dedicate Individual Projects of Passion and Role
PTOn...Finding the Time to Dedicate Individual Projects of Passion and Role PTOn...Finding the Time to Dedicate Individual Projects of Passion and Role
PTOn...Finding the Time to Dedicate Individual Projects of Passion and Role Steve Feldman
 

Weitere ähnliche Inhalte

Andere mochten auch

Cookbook for Administrating Blackboard Learn
Cookbook for Administrating Blackboard LearnCookbook for Administrating Blackboard Learn
Cookbook for Administrating Blackboard LearnSteve Feldman
 
Emerging technologies
Emerging technologiesEmerging technologies
Emerging technologiesSteve Feldman
 
Scaling Blackboard Learn™ for High Performance and Delivery
Scaling Blackboard Learn™ for High Performance and DeliveryScaling Blackboard Learn™ for High Performance and Delivery
Scaling Blackboard Learn™ for High Performance and DeliverySteve Feldman
 
Sun blackboardwp10 1_07
Sun blackboardwp10 1_07Sun blackboardwp10 1_07
Sun blackboardwp10 1_07Steve Feldman
 
Bb world 2011 capacity planning
Bb world 2011 capacity planningBb world 2011 capacity planning
Bb world 2011 capacity planningSteve Feldman
 

Andere mochten auch (7)

Cookbook for Administrating Blackboard Learn
Cookbook for Administrating Blackboard LearnCookbook for Administrating Blackboard Learn
Cookbook for Administrating Blackboard Learn
 
Emerging technologies
Emerging technologiesEmerging technologies
Emerging technologies
 
3days september
3days september3days september
3days september
 
Scaling Blackboard Learn™ for High Performance and Delivery
Scaling Blackboard Learn™ for High Performance and DeliveryScaling Blackboard Learn™ for High Performance and Delivery
Scaling Blackboard Learn™ for High Performance and Delivery
 
Sun blackboardwp10 1_07
Sun blackboardwp10 1_07Sun blackboardwp10 1_07
Sun blackboardwp10 1_07
 
Bb world 2011 capacity planning
Bb world 2011 capacity planningBb world 2011 capacity planning
Bb world 2011 capacity planning
 
Bb sql serverdell
Bb sql serverdellBb sql serverdell
Bb sql serverdell
 

Ähnlich wie Logonomics

Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Anton Chuvakin
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Anton Chuvakin
 
State of the art logging
State of the art loggingState of the art logging
State of the art loggingMilan Vukoje
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
SAP portal: breaking and forensicating
SAP portal: breaking and forensicating SAP portal: breaking and forensicating
SAP portal: breaking and forensicating ERPScan
 
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...rschuppe
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringWildan Maulana
 
Creating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleCreating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleSean Chittenden
 
ICSME2014
ICSME2014ICSME2014
ICSME2014swy351
 
Centralized logging system using mongoDB
Centralized logging system using mongoDBCentralized logging system using mongoDB
Centralized logging system using mongoDBVivek Parihar
 
Systems Monitoring with Prometheus (Devops Ireland April 2015)
Systems Monitoring with Prometheus (Devops Ireland April 2015)Systems Monitoring with Prometheus (Devops Ireland April 2015)
Systems Monitoring with Prometheus (Devops Ireland April 2015)Brian Brazil
 
MySQL Monitoring Shoot Out
MySQL Monitoring Shoot OutMySQL Monitoring Shoot Out
MySQL Monitoring Shoot OutKris Buytaert
 
Log Management Systems
Log Management SystemsLog Management Systems
Log Management SystemsMehdi Hamidi
 
I pushed in production :). Have a nice weekend
I pushed in production :). Have a nice weekendI pushed in production :). Have a nice weekend
I pushed in production :). Have a nice weekendNicolas Carlier
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Demi Ben-Ari
 
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Codemotion
 
Cassandra Troubleshooting 3.0
Cassandra Troubleshooting 3.0Cassandra Troubleshooting 3.0
Cassandra Troubleshooting 3.0J.B. Langston
 
How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)Yan Cui
 
Functional and non functional application logging
Functional and non functional application loggingFunctional and non functional application logging
Functional and non functional application loggingSander De Vos
 

Ähnlich wie Logonomics (20)

Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 
Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?Application Logging Good Bad Ugly ... Beautiful?
Application Logging Good Bad Ugly ... Beautiful?
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
 
State of the art logging
State of the art loggingState of the art logging
State of the art logging
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
SAP portal: breaking and forensicating
SAP portal: breaking and forensicating SAP portal: breaking and forensicating
SAP portal: breaking and forensicating
 
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...
 
Apache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and MonitoringApache2 BootCamp : Logging and Monitoring
Apache2 BootCamp : Logging and Monitoring
 
Creating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleCreating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at Scale
 
ICSME2014
ICSME2014ICSME2014
ICSME2014
 
Centralized logging system using mongoDB
Centralized logging system using mongoDBCentralized logging system using mongoDB
Centralized logging system using mongoDB
 
Systems Monitoring with Prometheus (Devops Ireland April 2015)
Systems Monitoring with Prometheus (Devops Ireland April 2015)Systems Monitoring with Prometheus (Devops Ireland April 2015)
Systems Monitoring with Prometheus (Devops Ireland April 2015)
 
MySQL Monitoring Shoot Out
MySQL Monitoring Shoot OutMySQL Monitoring Shoot Out
MySQL Monitoring Shoot Out
 
Log Management Systems
Log Management SystemsLog Management Systems
Log Management Systems
 
I pushed in production :). Have a nice weekend
I pushed in production :). Have a nice weekendI pushed in production :). Have a nice weekend
I pushed in production :). Have a nice weekend
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
 
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
 
Cassandra Troubleshooting 3.0
Cassandra Troubleshooting 3.0Cassandra Troubleshooting 3.0
Cassandra Troubleshooting 3.0
 
How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)How to build observability into Serverless (O'Reilly Velocity 2018)
How to build observability into Serverless (O'Reilly Velocity 2018)
 
Functional and non functional application logging
Functional and non functional application loggingFunctional and non functional application logging
Functional and non functional application logging
 

Mehr von Steve Feldman

Day 2 05 - steve feldman - logging matters
Day 2 05 - steve feldman - logging mattersDay 2 05 - steve feldman - logging matters
Day 2 05 - steve feldman - logging mattersSteve Feldman
 
So Your Boss Wants You to Performance Test Blackboard
So Your Boss Wants You to Performance Test BlackboardSo Your Boss Wants You to Performance Test Blackboard
So Your Boss Wants You to Performance Test BlackboardSteve Feldman
 
Short reference architecture
Short reference architectureShort reference architecture
Short reference architectureSteve Feldman
 
Sfeldman bbworld 07_going_enterprise (1)
Sfeldman bbworld 07_going_enterprise (1)Sfeldman bbworld 07_going_enterprise (1)
Sfeldman bbworld 07_going_enterprise (1)Steve Feldman
 
Sfeldman performance bb_worldemea07
Sfeldman performance bb_worldemea07Sfeldman performance bb_worldemea07
Sfeldman performance bb_worldemea07Steve Feldman
 
B2 2006 sizing_benchmarking (1)
B2 2006 sizing_benchmarking (1)B2 2006 sizing_benchmarking (1)
B2 2006 sizing_benchmarking (1)Steve Feldman
 
Bb performance-engineering-toad
Bb performance-engineering-toadBb performance-engineering-toad
Bb performance-engineering-toadSteve Feldman
 
Bb performance-engineering-spotlight
Bb performance-engineering-spotlightBb performance-engineering-spotlight
Bb performance-engineering-spotlightSteve Feldman
 
Dell bb quest_wp_jan6
Dell bb quest_wp_jan6Dell bb quest_wp_jan6
Dell bb quest_wp_jan6Steve Feldman
 
Hied blackboard dell_whitepaper
Hied blackboard dell_whitepaperHied blackboard dell_whitepaper
Hied blackboard dell_whitepaperSteve Feldman
 
Hied blackboard whitepaper
Hied blackboard whitepaperHied blackboard whitepaper
Hied blackboard whitepaperSteve Feldman
 
B2conference performance 2004
B2conference performance 2004B2conference performance 2004
B2conference performance 2004Steve Feldman
 
B2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draftB2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draftSteve Feldman
 
B2 2006 tomcat_clusters
B2 2006 tomcat_clustersB2 2006 tomcat_clusters
B2 2006 tomcat_clustersSteve Feldman
 
B2 2006 sizing_benchmarking
B2 2006 sizing_benchmarkingB2 2006 sizing_benchmarking
B2 2006 sizing_benchmarkingSteve Feldman
 
7.17 1130am adv.perform.forensics_bb
7.17 1130am adv.perform.forensics_bb7.17 1130am adv.perform.forensics_bb
7.17 1130am adv.perform.forensics_bbSteve Feldman
 
071410 sun a_1515_feldman_stephen
071410 sun a_1515_feldman_stephen071410 sun a_1515_feldman_stephen
071410 sun a_1515_feldman_stephenSteve Feldman
 
071310 sun d_0930_feldman_stephen
071310 sun d_0930_feldman_stephen071310 sun d_0930_feldman_stephen
071310 sun d_0930_feldman_stephenSteve Feldman
 
071510 sun b_1515_feldman_stephen_forpublic
071510 sun b_1515_feldman_stephen_forpublic071510 sun b_1515_feldman_stephen_forpublic
071510 sun b_1515_feldman_stephen_forpublicSteve Feldman
 

Mehr von Steve Feldman (20)

Day 2 05 - steve feldman - logging matters
Day 2 05 - steve feldman - logging mattersDay 2 05 - steve feldman - logging matters
Day 2 05 - steve feldman - logging matters
 
So Your Boss Wants You to Performance Test Blackboard
So Your Boss Wants You to Performance Test BlackboardSo Your Boss Wants You to Performance Test Blackboard
So Your Boss Wants You to Performance Test Blackboard
 
Short reference architecture
Short reference architectureShort reference architecture
Short reference architecture
 
Sfeldman bbworld 07_going_enterprise (1)
Sfeldman bbworld 07_going_enterprise (1)Sfeldman bbworld 07_going_enterprise (1)
Sfeldman bbworld 07_going_enterprise (1)
 
Sfeldman performance bb_worldemea07
Sfeldman performance bb_worldemea07Sfeldman performance bb_worldemea07
Sfeldman performance bb_worldemea07
 
Dell bb wp_final
Dell bb wp_finalDell bb wp_final
Dell bb wp_final
 
B2 2006 sizing_benchmarking (1)
B2 2006 sizing_benchmarking (1)B2 2006 sizing_benchmarking (1)
B2 2006 sizing_benchmarking (1)
 
Bb performance-engineering-toad
Bb performance-engineering-toadBb performance-engineering-toad
Bb performance-engineering-toad
 
Bb performance-engineering-spotlight
Bb performance-engineering-spotlightBb performance-engineering-spotlight
Bb performance-engineering-spotlight
 
Dell bb quest_wp_jan6
Dell bb quest_wp_jan6Dell bb quest_wp_jan6
Dell bb quest_wp_jan6
 
Hied blackboard dell_whitepaper
Hied blackboard dell_whitepaperHied blackboard dell_whitepaper
Hied blackboard dell_whitepaper
 
Hied blackboard whitepaper
Hied blackboard whitepaperHied blackboard whitepaper
Hied blackboard whitepaper
 
B2conference performance 2004
B2conference performance 2004B2conference performance 2004
B2conference performance 2004
 
B2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draftB2 2005 introduction_load_testing_blackboard_primer_draft
B2 2005 introduction_load_testing_blackboard_primer_draft
 
B2 2006 tomcat_clusters
B2 2006 tomcat_clustersB2 2006 tomcat_clusters
B2 2006 tomcat_clusters
 
B2 2006 sizing_benchmarking
B2 2006 sizing_benchmarkingB2 2006 sizing_benchmarking
B2 2006 sizing_benchmarking
 
7.17 1130am adv.perform.forensics_bb
7.17 1130am adv.perform.forensics_bb7.17 1130am adv.perform.forensics_bb
7.17 1130am adv.perform.forensics_bb
 
071410 sun a_1515_feldman_stephen
071410 sun a_1515_feldman_stephen071410 sun a_1515_feldman_stephen
071410 sun a_1515_feldman_stephen
 
071310 sun d_0930_feldman_stephen
071310 sun d_0930_feldman_stephen071310 sun d_0930_feldman_stephen
071310 sun d_0930_feldman_stephen
 
071510 sun b_1515_feldman_stephen_forpublic
071510 sun b_1515_feldman_stephen_forpublic071510 sun b_1515_feldman_stephen_forpublic
071510 sun b_1515_feldman_stephen_forpublic
 

Kürzlich hochgeladen

Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 

Kürzlich hochgeladen (20)

Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 

Logonomics

  • 1. LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs     by  steve  feldman   @PerfForensics  
  • 3.
  • 4.
  • 5. It’s  Like  Fishing  in  the  Night…  
  • 6.
  • 7.
  • 8. So  Why  Don’t  We  Talk  About  Logs   More  OJen?  
  • 9. At  least  20%  of  all  people  in  this  room   don’t  know  where  to  find  their  logs.  
  • 10. At  least  50%  of  all  people  in  this  room   don’t  look  at  their  logs.  
  • 11. At  least  60%  of  all  people  in  this  room   don’t  visualize  their  log  data.  
  • 12. At  least  75%  of  all  people  in  this  room   don’t  correlate  data  between  logs.  
  • 13. At  least  90%  of  all  people  in  this  room   don’t  standardize  the  management  of   logs  to  a  centralized  service.  
  • 14. At  least  95%  of  all  people  in  this  room   don’t  alert  IT  staff  based  on  a  specific   log  event.  
  • 15. If  a  System  Doesn’t  Output  to  a  Log  Do   We  Assume  Nobody  is  Using  it?  
  • 16. If  a  System  ConZnuously  Spews  Data   to  a  Log  Do  We  Ignore  it?  
  • 17.
  • 18. What  We  Can  Do  With  Our  Log  Data   LOGONOMICS:  The  Hidden  Side  of     Blackboard  Logs    
  • 19. Trending  and  Intelligence     Service  Levels     Threats  and  VulnerabiliZes     Responsiveness    Reliability    
  • 20. Primer  Data  Points  Everyone  Should   Know   Unique  Requests   Time  Series  of  Requests   ConcentraZon  of  Request  Types   Origin  of  Requests   Quick  Averages   Cascading  Issues  Across  Logs  
  • 21. Combining  Other  Data  with  Log  Data   CorrelaZon   Root  Cause   InterpretaZon   CompleZon  of  Message   Full  Picture   Sequence  and  Timelines  
  • 22. Types  of  Data  We  Can  Get  LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs    
  • 23. Business  AnalyZcs:  AdopZon  and   Growth  
  • 26. Security  and  Threat  Analysis  
  • 27. Quality  and  Experience:  MeeZng  SLAs  
  • 29. Insight  into  the  BbLogs  LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs    
  • 30. Four  Horseman  of  Logs  
  • 31. Bablefield  of  Other  Logs   •  AuthenZcaZon   •  Plugins  Directory   •  NauZlus  for  events   •  Monitoring  (System  Logs)   – Syslogs  and  Rsyslogs  (/var/messages)   – Windows  Event  Logs  
  • 32. Is  there  a  Most  Important  Log?  
  • 33. Access  Log   Log  Formafng  Mabers   Log  Levels     (INFO,  WARN,  ERROR)   mod_log_forensic   Use  %k,  %T  and  %D   Decompose  the  URI   Log  Formafng  Mabers  
  • 34. Is  there  a  2nd  Most  Important  Log?  
  • 35. Tomcat  and  Java  Logs   Stack  Traces   Startup  OpZons   GC  Events   GC  Pauses  and  Status  
  • 36. Tools  We  Should  Consider  LOGONOMICS:  The  Hidden  Side  of  Blackboard  Logs    
  • 37. It’s  All  About  the  Right  Fishing  Rod  
  • 39. GROK!
  • 40. SomeZmes  a  Net  is  Beber  to  Cast  
  • 42. Please  Take  All  My  Logs     Format  Lots  of  Log  Data     Send  it  Down  the  River  
  • 43.
  • 44. •  amqp   •  exec   •  file   •  gelf   •  redis   •  stdin   •  stomp   •  syslog   •  tcp   •  twiber   •  xmpp   •  zeromq   •  amqp   •  elasZcsearch   •  elasZcsearch_ river   •  file   •  ganglia   •  gelf   •  graphite   •  internal   •  loggly   •  mongodb   •  nagios   •  date   •  dns   •  gelfify   •  grep   •  grok   •  grokdisco very   •  json   •  mulZline   •  mutate   •  split   •  null   •  redis   •  statsd   •  stdout   •  stomp   •  tcp   •  websocket   •  xmpp   •  zabbix   •  zeromq   Inputs   Filters   Outputs  
  • 45. Configure  Apache  for  JSON  log   •  hbp://cookbook.logstash.net/recipes/apache-­‐ json-­‐logs/  
  • 46. Configure  Tomcat  for  MulZ-­‐Line  Filter  
  • 47. Setup  Bb  to  feed  logstash  
  • 48.
  • 49. What  We  Use  Logstash   Log  AggregaZon   Non-­‐FuncZonal   Requirements   Event  NoZficaZon   IntegraZon  with   Zabbix   Kibana  Front-­‐End   Redis  Inputs  &  Outputs   Indexing  
  • 50. Simple  Challenge  to  All   •  Setup  Logstash  architecture  (All  Single  Node)   •  Start  shipping  basic  log  files   – Apache  2.X  access  log  or  IIS  web  server  log   – Tomcat  Catalina  log  file   •  Output  results  to  statsD  (Etsy  Project)   – Simple  Use  Case:  IncremenZng  HTTP  codes  (200,   300,  400)   •  Visualize  statsD  data  with  Graphite  
  • 51. Bonus  Challenge  to  All   •  Take  the  Vagrant  VM  and  integrate  Logstash   shipper  with  configuraZon  files.   •  Add  Postgres  support  (Development  Only)   •  Basic  syslog  funcZonality  for  CentOs   •  Custom  Log  Interface  for  a  B2  
  • 52. Let’s  Add-­‐on  to  the  IniZaZve   developer.blackboard.com