Presentation at LinuxCon Europe 2016 (Berlin). I introduced the concepts of logging for containers, aggregation patterns, distributted logging, data serialization, Fluentd: internals, architecture, Fluent Bit and it library API.
10. Structured Logs
●
Often based in Key-Value pairs
●
Two minimum keys: time and message
Distribution Channels
Structured logging makes data processing easier
11. Structured Logs
●
JSON: readable format for structured data
●
MessagePack: Binary serialization (json-like)
Common format
Structured logging makes data processing easier
12. Structured Logs
Docker log example
Original Log Message
This is a test message
Structured Log Message
{
"container_id":"bfdd5b9...",
"container_name":"/infallible_mayer",
"source":"stdout",
"log": "This is a test message"
}
14. Microservices
Monolithic
●
A service produces all
data about users access
Microservices
●
Many services produce
data about users access
●
Log needs to be collected
from many services.
15. Microservices
●
How to deal with different input formats ?
●
Parse plain text is really expensive.
●
Not all containers have permanent storage.
●
Where to write the logs ?
Logging Challenges
18. Distributed Logging
Workflow
Collector
●
Retrieve raw logs: file system / network.
●
Parse log content.
Aggregator
●
Get data from multiple sources.
●
Convert incoming data into Streams.
Destination
●
Retrieve data streams from Aggregator.
●
Store formatted logs (records) .
22. Aggregation Patterns
Without Source Aggregation
Pros
●
Simple Configuration
Cons
●
Fixed Aggregator endpoint address
●
Many network connections
●
High load on Aggregator
23. Aggregation Patterns
With Source Aggregation
Pros
●
Less connections
●
Lower load in aggregator
●
Less config in Containers
Cons
●
Need more resources (1 aggregate container
per host.
25. Aggregation Patterns
Without Destination Aggregation
Pros
●
Less Nodes
●
Simpler configuration
Cons
●
Storage side changes affects collector side
●
Worse performance: many small write requests
on storage
26. Aggregation Patterns
With Destination Aggregation
Pros
●
Collector side configuration is
free from storage side changes.
●
Better performance with fine
tune on destination side
aggregator.
Cons
●
More Nodes.
●
More complex configuration.
27.
28. Open Source Data/Log Collector
●
High Performance
●
Built-in Reliability
●
Structured Logs
●
Pluggable Architecture
●
More than 300 plugins! (input/filtering/output)
30. Full Collector/Aggregator for Containers
●
Docker Interoperability
Native Docker logging driver to use Fluentd
●
Kubernetes
Fluentd as main aggregator (notes)
●
OpenShift
Fluentd as main aggregator
42. Fluent Bit
Lightweight log aggregator
●
Written in C
●
High Performance
●
Pluggable Architecture
●
Built-in CPU / Memory metrics / Network TLS support
●
Event-Driven
●
Fluentd Compatible