SlideShare ist ein Scribd-Unternehmen logo

Centralized + Unified Logging

Gabor Kozma
Gabor Kozma

Vday 2014 , Fluentd Introduction

Technologie
1 von 21
Downloaden Sie, um offline zu lesen
Centralized + Unified Logging Gabor Kozma / gabo@ustream.tv / @kozmag82
Everybody wants to write logs! ✓ Application Logs (frontend / backend) ➢ php, java, ruby, python, bash ✓ Access Logs ➢ apache, nginx, tomcat, jetty ✓ System Logs ➢ syslog, hardware error log ✓ Database Logs ➢ history, transaction
Centralized Logging
Central Logging Architecture ✓ Collection ➢ file, syslog, database ✓ Transport ➢ chukwa, heka, syslog, logstash, flume, fluentd, kafka, nsq, nxlog, other custom solution. Typical: syslog-ng, rsyslog ✓ Storage / Store ➢ Amazon S3, Glacier, NAS ...
Central Logging Architecture ✓ Analysis (You need a way to analyze them!) ➢ Apache Hadoop + HDFS + Map-Reduce jobs ■ Hive, Pig, HBase, Impala.... ➢ Elasticsearch + Graylog2 / Kibana ➢ MongoDB + Map-Reduce/Aggregation Framework ➢ Graphite, Statsd + Dashboards ✓ Alerting (Errors almost always indicate a problem!) ➢ Airbreak/Errbit, Sentry, Honeybadger, Nagios, Zabbix, Open/PagerDuty
Unified Logging Layer
Unified Logging Layer ✓ Ubiquity ➢ Various format problem ➢ Various source and destination ➢ You must be optimize most of use case! ✓ Rigidity vs. Flexibility ➢ Apache Thrift , Apache Avro, Protocol Buffer , JSON / BSON, MessagePack
Unified Logging Layer ✓ Reliability and Scalability ➢ Scalable ➢ Support retryable data transfer ➢ Sync / Async data transfer ➢ Push / Pull base system ✓ Extensibility ➢ Support new input / output ■ You don’t have to modify anything else.
Fluentd - Pluggable architecture ✓ Input, Output, Buffer, Parser, Formatter 300+ plugins
Fluentd - Minimum res. require ✓ Combination of C language and Ruby ✓ 1 node ✓ 30/40 Mbyte RAM ✓ 1 CPU core 13.000 event / sec
Fluentd - Built-in Reliability ✓ Buffer ➢ file or memory ✓ Retrying ✓ Error handling ➢ transaction, failover, secondary node support (heartbeat)
Fluentd - Event structure (log) ✓ Time ➢ Second unit ➢ From data source or adding parsed time ✓ Tag ➢ for message routing ✓ Record ➢ JSON format ■ MessagePack internally :) ■ none structured
Fluentd - Useful plugins ✓ Output ➢ stdout, file, forest, graphite, mongo, mysql, elasticsearch, splunk, null, s3, geoip, webhdfs ✓ Input ➢ syslog, tail, http, udp, tcp, scribe ✓ Buffer ➢ memory, file ✓ Formatter and/or Parser ➢ lstv, json, multiline
Examples
Fluentd - Examples <source> type tail format /^(?<host>[^ ]*):(?<port>[^ ]*) (?<ip>[^ ]*) (?<user>[^ ]*) (?<remotelog>[^ ]*) [(?<time>[^]]*)] "(?<method>S+)(?: +(?<path>[^ ]*) +S*)?" (?<code>[^ ]*) (?<size>[^ ]*) (?: "(?<referer>[^"]*)" ""(?<agent>[^"]*)"")?(?: "(?<referer>[^"]*)" "(?<agent> [^"]*)")?$/ path /var/log/apache2/other_vhosts_access.log.* pos_file /var/log/fluent/apache2.other_vhosts_access.log.pos time_format %d/%b/%Y:%H:%M:%S %z tag apache2.access.raw read_from_head true </source>
Fluentd - Examples <match apache2.*.raw> type record_reformer enable_ruby false renew_record false remove_keys remotelog tag ${tag_prefix[-2]}.reformed <record> hostname ${hostname} </record> </match> <match apache2.*.reformed> type geoip geoip_lookup_key ip geoip_database /usr/share/GeoIP/GeoIPCity.dat <record> geo_city ${city['ip']} ... geo_region ${region['ip']} </record> add_tag_suffix .geoip flush_interval 5s </match>
Fluentd - Examples <match apache2.access.reformed.geoip> type forward flush_interval 5s buffer_type file buffer_queue_limit 512 buffer_chunk_limit 100M buffer_path /opt/fluent/buffer/apache2/ <server> name hostname host xxx.xxx.xxx.xxx weight 10 </server> ... <server> name hostname host xxx.xxx.xxx.xxx standby </server> <secondary> type file path /var/log/fluent/forward-failed/ apache2/ </secondary> </match>
Fluentd - Examples <match apache2.access.**> type copy <store> type file path /opt/fluent/apache2/access time_format %Y%m%dT%H%M%S%z flush_interval 60s append true compress gzip utc num_threads 4 ... ... </store> <store> type datacounter ... </store> <store> type graphite ... </store> </match>
Fluentd - Testimonials
Questions? http://www.fluentd.org http://docs.fluentd.org/ http://fluentular.herokuapp.com/ https://rubygems.org/search?query=fluent-plugin-http:// msgpack.org/

Empfohlen

Fluentd unified logging layer
Fluentd unified logging layerFluentd unified logging layer
Fluentd unified logging layerKiyoto Tamura
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentdTreasure Data, Inc.
 
Fluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log ManagementFluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log ManagementNTT Communications Technology Development
 
Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12N Masahiro
 
Fluentd introduction at ipros
Fluentd introduction at iprosFluentd introduction at ipros
Fluentd introduction at iprosTreasure Data, Inc.
 
Advanced troubleshooting linux performance
Advanced troubleshooting linux performanceAdvanced troubleshooting linux performance
Advanced troubleshooting linux performanceForthscale
 
Fluentd meetup #2
Fluentd meetup #2Fluentd meetup #2
Fluentd meetup #2Treasure Data, Inc.
 
Redis modules 101
Redis modules 101Redis modules 101
Redis modules 101Dvir Volk
 

Empfohlen

Fluentd unified logging layer
Fluentd unified logging layerFluentd unified logging layer
Fluentd unified logging layerKiyoto Tamura
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentdTreasure Data, Inc.
 
Fluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log ManagementFluentd vs. Logstash for OpenStack Log Management
Fluentd vs. Logstash for OpenStack Log ManagementNTT Communications Technology Development
 
Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12N Masahiro
 
Fluentd introduction at ipros
Fluentd introduction at iprosFluentd introduction at ipros
Fluentd introduction at iprosTreasure Data, Inc.
 
Advanced troubleshooting linux performance
Advanced troubleshooting linux performanceAdvanced troubleshooting linux performance
Advanced troubleshooting linux performanceForthscale
 
Fluentd meetup #2
Fluentd meetup #2Fluentd meetup #2
Fluentd meetup #2Treasure Data, Inc.
 
Redis modules 101
Redis modules 101Redis modules 101
Redis modules 101Dvir Volk
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com琛琳 饶
 
Fluentd - Set Up Once, Collect More
Fluentd - Set Up Once, Collect MoreFluentd - Set Up Once, Collect More
Fluentd - Set Up Once, Collect MoreSadayuki Furuhashi
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentdTreasure Data, Inc.
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 
Introduction to redis - version 2
Introduction to redis - version 2Introduction to redis - version 2
Introduction to redis - version 2Dvir Volk
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 
JRuby with Java Code in Data Processing World
JRuby with Java Code in Data Processing WorldJRuby with Java Code in Data Processing World
JRuby with Java Code in Data Processing WorldSATOSHI TAGOMORI
 
Like loggly using open source
Like loggly using open sourceLike loggly using open source
Like loggly using open sourceThomas Alrin
 
Fluentd meetup
Fluentd meetupFluentd meetup
Fluentd meetupSadayuki Furuhashi
 
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...Data Con LA
 
Fluentd and WebHDFS
Fluentd and WebHDFSFluentd and WebHDFS
Fluentd and WebHDFSSATOSHI TAGOMORI
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.
 
Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Life of an Fluentd event
Life of an Fluentd eventLife of an Fluentd event
Life of an Fluentd eventKiyoto Tamura
 
Perl Programming - 04 Programming Database
Perl Programming - 04 Programming DatabasePerl Programming - 04 Programming Database
Perl Programming - 04 Programming DatabaseDanairat Thanabodithammachari
 
Tuning Solr for Logs
Tuning Solr for LogsTuning Solr for Logs
Tuning Solr for LogsSematext Group, Inc.
 
Linux administration training
Linux administration trainingLinux administration training
Linux administration trainingiman darabi
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first moduleredivy
 
PostgreSQL 8.4 TriLUG 2009-11-12
PostgreSQL 8.4 TriLUG 2009-11-12PostgreSQL 8.4 TriLUG 2009-11-12
PostgreSQL 8.4 TriLUG 2009-11-12Andrew Dunstan
 
Perl Memory Use - LPW2013
Perl Memory Use - LPW2013Perl Memory Use - LPW2013
Perl Memory Use - LPW2013Tim Bunce
 
Consolidez vos journaux et vos métriques avec Elastic Beats
Consolidez vos journaux et vos métriques avec Elastic BeatsConsolidez vos journaux et vos métriques avec Elastic Beats
Consolidez vos journaux et vos métriques avec Elastic Beatsgcatt
 
Déploiement ELK en conditions réelles
Déploiement ELK en conditions réellesDéploiement ELK en conditions réelles
Déploiement ELK en conditions réellesGeoffroy Arnoud
 

Weitere ähnliche Inhalte

Was ist angesagt?

ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com琛琳 饶
 
Fluentd - Set Up Once, Collect More
Fluentd - Set Up Once, Collect MoreFluentd - Set Up Once, Collect More
Fluentd - Set Up Once, Collect MoreSadayuki Furuhashi
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 
Introduction to redis - version 2
Introduction to redis - version 2Introduction to redis - version 2
Introduction to redis - version 2Dvir Volk
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 
JRuby with Java Code in Data Processing World
JRuby with Java Code in Data Processing WorldJRuby with Java Code in Data Processing World
JRuby with Java Code in Data Processing WorldSATOSHI TAGOMORI
 
Like loggly using open source
Like loggly using open sourceLike loggly using open source
Like loggly using open sourceThomas Alrin
 
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...Data Con LA
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.
 
Life of an Fluentd event
Life of an Fluentd eventLife of an Fluentd event
Life of an Fluentd eventKiyoto Tamura
 
Linux administration training
Linux administration trainingLinux administration training
Linux administration trainingiman darabi
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first moduleredivy
 
PostgreSQL 8.4 TriLUG 2009-11-12
PostgreSQL 8.4 TriLUG 2009-11-12PostgreSQL 8.4 TriLUG 2009-11-12
PostgreSQL 8.4 TriLUG 2009-11-12Andrew Dunstan
 
Perl Memory Use - LPW2013
Perl Memory Use - LPW2013Perl Memory Use - LPW2013
Perl Memory Use - LPW2013Tim Bunce
 

Was ist angesagt? (20)

ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
 
Fluentd - Set Up Once, Collect More
Fluentd - Set Up Once, Collect MoreFluentd - Set Up Once, Collect More
Fluentd - Set Up Once, Collect More
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentd
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibana
 
Introduction to redis - version 2
Introduction to redis - version 2Introduction to redis - version 2
Introduction to redis - version 2
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 
JRuby with Java Code in Data Processing World
JRuby with Java Code in Data Processing WorldJRuby with Java Code in Data Processing World
JRuby with Java Code in Data Processing World
 
Like loggly using open source
Like loggly using open sourceLike loggly using open source
Like loggly using open source
 
Fluentd meetup
Fluentd meetupFluentd meetup
Fluentd meetup
 
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
Big Data Day LA 2016/ Big Data Track - Fluentd and Embulk: Collect More Data,...
 
Fluentd and WebHDFS
Fluentd and WebHDFSFluentd and WebHDFS
Fluentd and WebHDFS
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
 
Elk stack
Elk stackElk stack
Elk stack
 
Life of an Fluentd event
Life of an Fluentd eventLife of an Fluentd event
Life of an Fluentd event
 
Perl Programming - 04 Programming Database
Perl Programming - 04 Programming DatabasePerl Programming - 04 Programming Database
Perl Programming - 04 Programming Database
 
Tuning Solr for Logs
Tuning Solr for LogsTuning Solr for Logs
Tuning Solr for Logs
 
Linux administration training
Linux administration trainingLinux administration training
Linux administration training
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first module
 
PostgreSQL 8.4 TriLUG 2009-11-12
PostgreSQL 8.4 TriLUG 2009-11-12PostgreSQL 8.4 TriLUG 2009-11-12
PostgreSQL 8.4 TriLUG 2009-11-12
 
Perl Memory Use - LPW2013
Perl Memory Use - LPW2013Perl Memory Use - LPW2013
Perl Memory Use - LPW2013
 

Andere mochten auch

Consolidez vos journaux et vos métriques avec Elastic Beats
Consolidez vos journaux et vos métriques avec Elastic BeatsConsolidez vos journaux et vos métriques avec Elastic Beats
Consolidez vos journaux et vos métriques avec Elastic Beatsgcatt
 
Déploiement ELK en conditions réelles
Déploiement ELK en conditions réellesDéploiement ELK en conditions réelles
Déploiement ELK en conditions réellesGeoffroy Arnoud
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslogamiable_indian
 
The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!Michele Leroux Bustamante
 
Chapitre3 elk concepts_avances
Chapitre3 elk concepts_avancesChapitre3 elk concepts_avances
Chapitre3 elk concepts_avancesFabien SABATIER
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
Apache Kafka, Un système distribué de messagerie hautement performant
Apache Kafka, Un système distribué de messagerie hautement performantApache Kafka, Un système distribué de messagerie hautement performant
Apache Kafka, Un système distribué de messagerie hautement performantALTIC Altic
 

Andere mochten auch (9)

Consolidez vos journaux et vos métriques avec Elastic Beats
Consolidez vos journaux et vos métriques avec Elastic BeatsConsolidez vos journaux et vos métriques avec Elastic Beats
Consolidez vos journaux et vos métriques avec Elastic Beats
 
Déploiement ELK en conditions réelles
Déploiement ELK en conditions réellesDéploiement ELK en conditions réelles
Déploiement ELK en conditions réelles
 
Centralized Logging with syslog
Centralized Logging with syslogCentralized Logging with syslog
Centralized Logging with syslog
 
Docker Logging Webinar
Docker Logging WebinarDocker Logging Webinar
Docker Logging Webinar
 
The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!The Ultimate Logging Architecture - You KNOW you want it!
The Ultimate Logging Architecture - You KNOW you want it!
 
Chapitre3 elk concepts_avances
Chapitre3 elk concepts_avancesChapitre3 elk concepts_avances
Chapitre3 elk concepts_avances
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Apache Kafka, Un système distribué de messagerie hautement performant
Apache Kafka, Un système distribué de messagerie hautement performantApache Kafka, Un système distribué de messagerie hautement performant
Apache Kafka, Un système distribué de messagerie hautement performant
 

Ähnlich wie Centralized + Unified Logging

Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4N Masahiro
 
Distributed tracing with erlang/elixir
Distributed tracing with erlang/elixirDistributed tracing with erlang/elixir
Distributed tracing with erlang/elixirIvan Glushkov
 
Fluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At FossasiaFluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At FossasiaN Masahiro
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commandsRishu Seth
 
Fluentd at HKOScon
Fluentd at HKOSconFluentd at HKOScon
Fluentd at HKOSconN Masahiro
 
Hadoop Architecture_Cluster_Cap_Plan
Hadoop Architecture_Cluster_Cap_PlanHadoop Architecture_Cluster_Cap_Plan
Hadoop Architecture_Cluster_Cap_PlanNarayana B
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyOlivier Bourgeois
 
MongoDB Use Cases: Healthcare, CMS, Analytics
MongoDB Use Cases: Healthcare, CMS, AnalyticsMongoDB Use Cases: Healthcare, CMS, Analytics
MongoDB Use Cases: Healthcare, CMS, AnalyticsMongoDB
 
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석INSIGHT FORENSIC
 
Building your own simple live streaming platform. Slides form BOS video meetu...
Building your own simple live streaming platform. Slides form BOS video meetu...Building your own simple live streaming platform. Slides form BOS video meetu...
Building your own simple live streaming platform. Slides form BOS video meetu...Jordi Cenzano
 
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsPostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsCommand Prompt., Inc
 
Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalizationRainer Gerhards
 
Andriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsAndriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsOWASP Kyiv
 
Troubleshooting .NET Applications on Cloud Foundry
Troubleshooting .NET Applications on Cloud FoundryTroubleshooting .NET Applications on Cloud Foundry
Troubleshooting .NET Applications on Cloud FoundryAltoros
 

Ähnlich wie Centralized + Unified Logging (20)

Php perf
Php perfPhp perf
Php perf
 
Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4Fluentd and Embulk Game Server 4
Fluentd and Embulk Game Server 4
 
Distributed tracing with erlang/elixir
Distributed tracing with erlang/elixirDistributed tracing with erlang/elixir
Distributed tracing with erlang/elixir
 
Fluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At FossasiaFluentd Unified Logging Layer At Fossasia
Fluentd Unified Logging Layer At Fossasia
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commands
 
Fluentd at HKOScon
Fluentd at HKOSconFluentd at HKOScon
Fluentd at HKOScon
 
Hadoop Architecture_Cluster_Cap_Plan
Hadoop Architecture_Cluster_Cap_PlanHadoop Architecture_Cluster_Cap_Plan
Hadoop Architecture_Cluster_Cap_Plan
 
Tips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development EfficiencyTips and Tricks for Increased Development Efficiency
Tips and Tricks for Increased Development Efficiency
 
MongoDB Use Cases: Healthcare, CMS, Analytics
MongoDB Use Cases: Healthcare, CMS, AnalyticsMongoDB Use Cases: Healthcare, CMS, Analytics
MongoDB Use Cases: Healthcare, CMS, Analytics
 
(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석(Fios#02) 2. elk 포렌식 분석
(Fios#02) 2. elk 포렌식 분석
 
Building your own simple live streaming platform. Slides form BOS video meetu...
Building your own simple live streaming platform. Slides form BOS video meetu...Building your own simple live streaming platform. Slides form BOS video meetu...
Building your own simple live streaming platform. Slides form BOS video meetu...
 
Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'Handout: 'Open Source Tools & Resources'
Handout: 'Open Source Tools & Resources'
 
Suricata
SuricataSuricata
Suricata
 
Introduction to Apache Beam
Introduction to Apache BeamIntroduction to Apache Beam
Introduction to Apache Beam
 
Logstash
LogstashLogstash
Logstash
 
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsPostgreSQL Administration for System Administrators
PostgreSQL Administration for System Administrators
 
Flour
FlourFlour
Flour
 
Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalization
 
Andriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tipsAndriy Shalaenko - GO security tips
Andriy Shalaenko - GO security tips
 
Troubleshooting .NET Applications on Cloud Foundry
Troubleshooting .NET Applications on Cloud FoundryTroubleshooting .NET Applications on Cloud Foundry
Troubleshooting .NET Applications on Cloud Foundry
 

Kürzlich hochgeladen

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 

Kürzlich hochgeladen (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 

Centralized + Unified Logging

  • 1. Centralized + Unified Logging Gabor Kozma / gabo@ustream.tv / @kozmag82
  • 2. Everybody wants to write logs! ✓ Application Logs (frontend / backend) ➢ php, java, ruby, python, bash ✓ Access Logs ➢ apache, nginx, tomcat, jetty ✓ System Logs ➢ syslog, hardware error log ✓ Database Logs ➢ history, transaction
  • 4. Central Logging Architecture ✓ Collection ➢ file, syslog, database ✓ Transport ➢ chukwa, heka, syslog, logstash, flume, fluentd, kafka, nsq, nxlog, other custom solution. Typical: syslog-ng, rsyslog ✓ Storage / Store ➢ Amazon S3, Glacier, NAS ...
  • 5. Central Logging Architecture ✓ Analysis (You need a way to analyze them!) ➢ Apache Hadoop + HDFS + Map-Reduce jobs ■ Hive, Pig, HBase, Impala.... ➢ Elasticsearch + Graylog2 / Kibana ➢ MongoDB + Map-Reduce/Aggregation Framework ➢ Graphite, Statsd + Dashboards ✓ Alerting (Errors almost always indicate a problem!) ➢ Airbreak/Errbit, Sentry, Honeybadger, Nagios, Zabbix, Open/PagerDuty
  • 7. Unified Logging Layer ✓ Ubiquity ➢ Various format problem ➢ Various source and destination ➢ You must be optimize most of use case! ✓ Rigidity vs. Flexibility ➢ Apache Thrift , Apache Avro, Protocol Buffer , JSON / BSON, MessagePack
  • 8. Unified Logging Layer ✓ Reliability and Scalability ➢ Scalable ➢ Support retryable data transfer ➢ Sync / Async data transfer ➢ Push / Pull base system ✓ Extensibility ➢ Support new input / output ■ You don’t have to modify anything else.
  • 9.
  • 10. Fluentd - Pluggable architecture ✓ Input, Output, Buffer, Parser, Formatter 300+ plugins
  • 11. Fluentd - Minimum res. require ✓ Combination of C language and Ruby ✓ 1 node ✓ 30/40 Mbyte RAM ✓ 1 CPU core 13.000 event / sec
  • 12. Fluentd - Built-in Reliability ✓ Buffer ➢ file or memory ✓ Retrying ✓ Error handling ➢ transaction, failover, secondary node support (heartbeat)
  • 13. Fluentd - Event structure (log) ✓ Time ➢ Second unit ➢ From data source or adding parsed time ✓ Tag ➢ for message routing ✓ Record ➢ JSON format ■ MessagePack internally :) ■ none structured
  • 14. Fluentd - Useful plugins ✓ Output ➢ stdout, file, forest, graphite, mongo, mysql, elasticsearch, splunk, null, s3, geoip, webhdfs ✓ Input ➢ syslog, tail, http, udp, tcp, scribe ✓ Buffer ➢ memory, file ✓ Formatter and/or Parser ➢ lstv, json, multiline
  • 16. Fluentd - Examples <source> type tail format /^(?<host>[^ ]*):(?<port>[^ ]*) (?<ip>[^ ]*) (?<user>[^ ]*) (?<remotelog>[^ ]*) [(?<time>[^]]*)] "(?<method>S+)(?: +(?<path>[^ ]*) +S*)?" (?<code>[^ ]*) (?<size>[^ ]*) (?: "(?<referer>[^"]*)" ""(?<agent>[^"]*)"")?(?: "(?<referer>[^"]*)" "(?<agent> [^"]*)")?$/ path /var/log/apache2/other_vhosts_access.log.* pos_file /var/log/fluent/apache2.other_vhosts_access.log.pos time_format %d/%b/%Y:%H:%M:%S %z tag apache2.access.raw read_from_head true </source>
  • 17. Fluentd - Examples <match apache2.*.raw> type record_reformer enable_ruby false renew_record false remove_keys remotelog tag ${tag_prefix[-2]}.reformed <record> hostname ${hostname} </record> </match> <match apache2.*.reformed> type geoip geoip_lookup_key ip geoip_database /usr/share/GeoIP/GeoIPCity.dat <record> geo_city ${city['ip']} ... geo_region ${region['ip']} </record> add_tag_suffix .geoip flush_interval 5s </match>
  • 18. Fluentd - Examples <match apache2.access.reformed.geoip> type forward flush_interval 5s buffer_type file buffer_queue_limit 512 buffer_chunk_limit 100M buffer_path /opt/fluent/buffer/apache2/ <server> name hostname host xxx.xxx.xxx.xxx weight 10 </server> ... <server> name hostname host xxx.xxx.xxx.xxx standby </server> <secondary> type file path /var/log/fluent/forward-failed/ apache2/ </secondary> </match>
  • 19. Fluentd - Examples <match apache2.access.**> type copy <store> type file path /opt/fluent/apache2/access time_format %Y%m%dT%H%M%S%z flush_interval 60s append true compress gzip utc num_threads 4 ... ... </store> <store> type datacounter ... </store> <store> type graphite ... </store> </match>
  • 21. Questions? http://www.fluentd.org http://docs.fluentd.org/ http://fluentular.herokuapp.com/ https://rubygems.org/search?query=fluent-plugin-http:// msgpack.org/