SlideShare a Scribd company logo

Graylog for open stack 3 steps to know why

Vietnam Open Infrastructure User Group
Vietnam Open Infrastructure User Group

This slide will show about Graylog

Technology
1 of 30
Download to read offline
Graylog for OpenStack : 3 steps to know WHY
MediTech JSC https://meditech.vn Private Cloud Storage Monitor Logging Managed Services About me Dinh Van Manh ● System Integration Department in MediTechJSC ● Member of Hocchudong ● Interested in OpenStack, Linux, Monitoring, Logging and new technology ● Habbit : “tra da + thuoc lao” with friends
Agenda 1. Log Overview 1.1. Logs : What & Where? 1.2. Why look at Logs 1.3. How to use Logs effectively 2. Log in OpenStack 2.1. OpenStack log statistics 2.2. OpenStack Log Management : in imagionation & in fact 3. Graylog for OpenStack 3.1. Introduce about Graylog 3.2. Key features 3.3. Architecture/Mechanism/Model of Graylog 3.4. Graylog for OpenStack: 3 steps to know WHY? 4. Demo + Q.A
Log Overview What? Where? Why? How?
1.1. Logs : What & Where What logs? (from the view of system administrator) ● System event diary ● System status records ● User activities ● Incident notify Log format
1.1. Logs : What & Where Log come from WHERE? ● Storage devices ● Application in Linux/Windows ● Cloud Services : OpenStack ● Servers ● Firewalls ● Routers, switches
1.2. Why look at Logs? Basically : Incident response higher Tracking system event higher Measuring security : metrics, trends… higher and higher Situational awareness New threat discovery Estimating about user habit, trends...
1.3. How to use Logs effectively Level 1 : Just SSH and view ! ● Understanding log location ● Command to view log : tail, more, grep ● Filtering by keyword Level 2 : Use Syslog ● Collect syslog from client ● Store in log server Level 3 : Log management Software ● Collect everything ● Retain most everything ● Analyze enough ● Summarize and report ● Advance features : visualize, alert, share...
1.3. How to use Logs effectively ● Facility ○ Application Logs ○ Event Logs ○ Service Logs ○ System Logs Log Keywords ● Severity ○ 0 - emerg ○ 1 - alert ○ 2 - crit ○ 3 - error ○ 4 - warn ○ 5 - notice ○ 6 - info ○ 7 - debug ● Rotention ○ Time to rotate log ● Retention ○ Delete, archive...log ● Syslog ○ protocol to transfer log
Log in OpenStack Which level is appropriate?
2.1. OpenStack log statistics OpenStack System : 3 Controller + 30 Compute node ● Controller Node ○ 6 log folder per OpenStack service ○ system log : auth, dmesg, kernel… ○ application log : apache, haproxy, pacemaker… ● Compute Node ○ 2 log folder per OpenStack service ○ system log : auth, dmes, kernel… ○ application log : libvirt ○ log of instances => Total : ● ~ 220 log file ● 10 GB log = 30 million messages / day
2.2. OpenStack log management : in imagionation & in fact Communication think Colleagues think In fact When i said : My job is OpenStack log management ! So Waste !!! What should we do?
Graylog for OpenStack: To infinity & beyond !
3.1. Graylog Introduce ● Log centralized management software ● Released in 2010 by Lenart Koopman with name is Graylog2 ● In 1/2015 release Graylog v1., Graylog Inc was established ● Big change from Graylog version 2.0 ● Newest version is Graylog 2.3.1, stable version is Graylog 2.3.0
3.2. Key features Various Input & Output Analyze & Search Visualize metricAlert & Trigger User management
3.3. Architecture/Mechanism/Model of Graylog Overall architecture ● Server ○ Graylog ● Client ○ Client host ○ Graylog sidecar ○ Nxlog/Filebeat Filebeat Graylog Sidecar : Break the old path ● Configuration management system ● Config in client host only ONCE ! ● All in Web ● Secure with SSL/TLS
3.3. Architecture/Mechanism/Model of Graylog Sidecar Work-flow : Easy config in 3 steps Step 1 : Config in client ● install sidecar ● declare : graylog ip, client hostname, tags ● start service Step 2 : Config in Graylog Web ● add tags ● chose what logs you want to collect Step 3 : Checking ● Check colleted log
3.3. Architecture/Mechanism/Model of Graylog Deep dive in architecture Graylog Server ● receive log message ● execute log ● communicate with other components Elasticsearch ● store log message ● search engine MongoDB ● store meta infomation ● store config data
3.3. Architecture/Mechanism/Model of Graylog Log execute processing Step 1 : ● Spooling & store in disk temporarily ● Prepare for buffer process Step 2 : ● Messages from disk go in to Input Buffer ● Mission : Filter, classify messages Step 3 : ● Messages go in to Output Buffer ● Onward to Elasticsearch or user defined output
3.3. Architecture/Mechanism/Model of Graylog Elasticsearch & Graylog ● Clustering ● Use API to communicate ● Use unicast-discovery to recogize other nodes ● Graylog as a Master Node MongoDB & Graylog ● Client - Server mechanism ● Graylog use driver to communicate with MongoDB Internal Graylog components mechanisms
3.3. Architecture/Mechanism/Model of Graylog None HA - Small production HA - Bigger Production
Code show you HOW ! Log show you WHY !
3.4. Graylog for OpenStack : 3 steps to know WHY? Just 3 steps to exploiting log in OpenStack
3.4. Graylog for OpenStack : 3 steps to know WHY? What should i do when instance spawning fail A. Try to spawn again B. Blame for customer D. Bug again! I’m quit ! C. Take a search in Graylog Incident Response Problem appear ! What should we do?
3.4. Graylog for OpenStack : 3 steps to know WHY? Step 1 : Collect logs Take log from : ● nova log ● neutron log ● cinder log ● glance log Step 2 : Analyze Make a search in Graylog : Syntax : instance id + ERROR Step 3 : Now you know WHY Just solve the problem & Go to sleep !
3.4. Graylog for OpenStack : 3 steps to know WHY? Tracking a event My instances was rebooted last night ??? When?
3.4. Graylog for OpenStack : 3 steps to know WHY? Measuring metric
DEMO & Q.A
Bonus : Graylog vs ELK Graylog is coming the closest to the Splunk architecture ! VS
Thank you ! ManhDV manh.dinhvan@meditech.vn https://meditech.vn/ https://github.com/hocchudong

Recommended

Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?
inovex GmbH
 
Graylog Engineering - Design Your Architecture
Graylog Engineering - Design Your ArchitectureGraylog Engineering - Design Your Architecture
Graylog Engineering - Design Your Architecture
Graylog
 
Graylog
GraylogGraylog
Graylog
Diwakar Upadhyay
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
NGINX, Inc.
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
Michael Gough
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
Geert Pante
 
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMGet Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
Jonathan Katz
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
Arvind Kumar G.S
 

Recommended

Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?
inovex GmbH
 
Graylog Engineering - Design Your Architecture
Graylog Engineering - Design Your ArchitectureGraylog Engineering - Design Your Architecture
Graylog Engineering - Design Your Architecture
Graylog
 
Graylog
GraylogGraylog
Graylog
Diwakar Upadhyay
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
NGINX, Inc.
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
Michael Gough
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELK
Geert Pante
 
Get Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAMGet Your Insecure PostgreSQL Passwords to SCRAM
Get Your Insecure PostgreSQL Passwords to SCRAM
Jonathan Katz
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
Arvind Kumar G.S
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
NHN FORWARD
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
Altinity Ltd
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
SATOSHI TAGOMORI
 
Elk
Elk Elk
Elk
Caleb Wang
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for Investigation
Mahendra Pratap Singh
 
Best Practices for Splunk Deployments
Best Practices for Splunk DeploymentsBest Practices for Splunk Deployments
Best Practices for Splunk Deployments
Splunk
 
Kafka: Internals
Kafka: InternalsKafka: Internals
Kafka: Internals
Knoldus Inc.
 
Loki - like prometheus, but for logs
Loki - like prometheus, but for logsLoki - like prometheus, but for logs
Loki - like prometheus, but for logs
Juraj Hantak
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservices
pflueras
 
PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language
Weaveworks
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentd
Treasure Data, Inc.
 
Introduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceIntroduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a Service
Tesora
 
Kafka on ZFS: Better Living Through Filesystems
Kafka on ZFS: Better Living Through Filesystems Kafka on ZFS: Better Living Through Filesystems
Kafka on ZFS: Better Living Through Filesystems
confluent
 
How Criteo is managing one of the largest Kafka Infrastructure in Europe
How Criteo is managing one of the largest Kafka Infrastructure in EuropeHow Criteo is managing one of the largest Kafka Infrastructure in Europe
How Criteo is managing one of the largest Kafka Infrastructure in Europe
Ricardo Paiva
 
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity PlanningFrom Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
confluent
 
A Deep Dive Into Trove
A Deep Dive Into TroveA Deep Dive Into Trove
A Deep Dive Into Trove
Tesora
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...
LibbySchulze
 
ELK introduction
ELK introductionELK introduction
ELK introduction
Waldemar Neto
 
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Vietnam Open Infrastructure User Group
 
PTG recap
PTG recapPTG recap
PTG recap
Vietnam Open Infrastructure User Group
 
Curso: SIGA
Curso: SIGACurso: SIGA
Curso: SIGA
RC Consulting
 

More Related Content

What's hot

[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
NHN FORWARD
 
Kafka on ZFS: Better Living Through Filesystems
Kafka on ZFS: Better Living Through Filesystems Kafka on ZFS: Better Living Through Filesystems
Kafka on ZFS: Better Living Through Filesystems
confluent
 

What's hot (20)

Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
[2018] NHN 모니터링의 현재와 미래 for 인프라 엔지니어
 
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
HTTP Analytics for 6M requests per second using ClickHouse, by Alexander Boc...
 
The Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and ContainersThe Patterns of Distributed Logging and Containers
The Patterns of Distributed Logging and Containers
 
Elk
Elk Elk
Elk
 
Windows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for InvestigationWindows Event Analysis - Correlation for Investigation
Windows Event Analysis - Correlation for Investigation
 
Best Practices for Splunk Deployments
Best Practices for Splunk DeploymentsBest Practices for Splunk Deployments
Best Practices for Splunk Deployments
 
Kafka: Internals
Kafka: InternalsKafka: Internals
Kafka: Internals
 
Loki - like prometheus, but for logs
Loki - like prometheus, but for logsLoki - like prometheus, but for logs
Loki - like prometheus, but for logs
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservices
 
PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentd
 
Introduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceIntroduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a Service
 
Kafka on ZFS: Better Living Through Filesystems
Kafka on ZFS: Better Living Through Filesystems Kafka on ZFS: Better Living Through Filesystems
Kafka on ZFS: Better Living Through Filesystems
 
How Criteo is managing one of the largest Kafka Infrastructure in Europe
How Criteo is managing one of the largest Kafka Infrastructure in EuropeHow Criteo is managing one of the largest Kafka Infrastructure in Europe
How Criteo is managing one of the largest Kafka Infrastructure in Europe
 
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity PlanningFrom Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
From Message to Cluster: A Realworld Introduction to Kafka Capacity Planning
 
A Deep Dive Into Trove
A Deep Dive Into TroveA Deep Dive Into Trove
A Deep Dive Into Trove
 
Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...Intro to open source observability with grafana, prometheus, loki, and tempo(...
Intro to open source observability with grafana, prometheus, loki, and tempo(...
 
ELK introduction
ELK introductionELK introduction
ELK introduction
 
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
 

Viewers also liked

Curso: SIGA
Curso: SIGACurso: SIGA
Curso: SIGA
RC Consulting
 

Viewers also liked (20)

PTG recap
PTG recapPTG recap
PTG recap
 
Curso: SIGA
Curso: SIGACurso: SIGA
Curso: SIGA
 
Ironic - Vietnam OpenStack Technical Meetup #12
Ironic - Vietnam OpenStack Technical Meetup #12Ironic - Vietnam OpenStack Technical Meetup #12
Ironic - Vietnam OpenStack Technical Meetup #12
 
[Viet openstack] 20160625_openstack summit austin 2016 recap
[Viet openstack] 20160625_openstack summit austin 2016 recap[Viet openstack] 20160625_openstack summit austin 2016 recap
[Viet openstack] 20160625_openstack summit austin 2016 recap
 
VietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VMVietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VM
 
An approach for migrating applications to interoperability cloud
An approach for migrating applications to interoperability cloudAn approach for migrating applications to interoperability cloud
An approach for migrating applications to interoperability cloud
 
[Vietstack meetup 1st] demo openstack juno
[Vietstack meetup 1st] demo openstack juno[Vietstack meetup 1st] demo openstack juno
[Vietstack meetup 1st] demo openstack juno
 
Viet stack 2nd meetup - BigData in Cloud Computing
Viet stack 2nd meetup - BigData in Cloud ComputingViet stack 2nd meetup - BigData in Cloud Computing
Viet stack 2nd meetup - BigData in Cloud Computing
 
[OSS Upstream Training] 3 how open stack is made
[OSS Upstream Training] 3 how open stack is made[OSS Upstream Training] 3 how open stack is made
[OSS Upstream Training] 3 how open stack is made
 
HA in OpenStack service - meetup #9
HA in OpenStack service - meetup #9HA in OpenStack service - meetup #9
HA in OpenStack service - meetup #9
 
Vm booting volume_v1.0
Vm booting volume_v1.0Vm booting volume_v1.0
Vm booting volume_v1.0
 
[OSS Upstream Training] 2 viet openstack_upsteam_training_info
[OSS Upstream Training] 2 viet openstack_upsteam_training_info[OSS Upstream Training] 2 viet openstack_upsteam_training_info
[OSS Upstream Training] 2 viet openstack_upsteam_training_info
 
VietOpenStack meetup 7th Auto-scaling
VietOpenStack meetup 7th Auto-scalingVietOpenStack meetup 7th Auto-scaling
VietOpenStack meetup 7th Auto-scaling
 
Viet stack 2nd meetup - Tong ket tinh hinh sau 1st meetup
Viet stack 2nd meetup - Tong ket tinh hinh sau 1st meetupViet stack 2nd meetup - Tong ket tinh hinh sau 1st meetup
Viet stack 2nd meetup - Tong ket tinh hinh sau 1st meetup
 
[Viet openstack] cloud computing - openstack meetup v2
[Viet openstack] cloud computing - openstack meetup v2[Viet openstack] cloud computing - openstack meetup v2
[Viet openstack] cloud computing - openstack meetup v2
 
[OSS Upstream Training] 9 kirigami contribution_simulation
[OSS Upstream Training] 9 kirigami contribution_simulation[OSS Upstream Training] 9 kirigami contribution_simulation
[OSS Upstream Training] 9 kirigami contribution_simulation
 
Portgroups support in ironic
Portgroups support in ironic Portgroups support in ironic
Portgroups support in ironic
 
Neutron Extension API
Neutron Extension APINeutron Extension API
Neutron Extension API
 
Viet stack 2nd meetup - Virtualization & Nova in OpenStack
Viet stack 2nd meetup - Virtualization & Nova in OpenStackViet stack 2nd meetup - Virtualization & Nova in OpenStack
Viet stack 2nd meetup - Virtualization & Nova in OpenStack
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 

Similar to Graylog for open stack 3 steps to know why

004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
nitinscribd
 
Query and audit logging in cassandra
Query and audit logging in cassandraQuery and audit logging in cassandra
Query and audit logging in cassandra
Vinay Kumar Chella
 

Similar to Graylog for open stack 3 steps to know why (20)

004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx004 - Logging in the Cloud -- hide01.ir.pptx
004 - Logging in the Cloud -- hide01.ir.pptx
 
Sumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - AdministrationSumo Logic Cert Jam - Administration
Sumo Logic Cert Jam - Administration
 
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORINGEko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
 
Eko10 Workshop Opensource Database Auditing
Eko10 Workshop Opensource Database AuditingEko10 Workshop Opensource Database Auditing
Eko10 Workshop Opensource Database Auditing
 
Docker Logging Webinar
Docker Logging WebinarDocker Logging Webinar
Docker Logging Webinar
 
Logs @ OVHcloud
Logs @ OVHcloudLogs @ OVHcloud
Logs @ OVHcloud
 
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Splunk, SIEMs, and Big Data - The Undercroft - November 2019Splunk, SIEMs, and Big Data - The Undercroft - November 2019
Splunk, SIEMs, and Big Data - The Undercroft - November 2019
 
Query and audit logging in cassandra
Query and audit logging in cassandraQuery and audit logging in cassandra
Query and audit logging in cassandra
 
MongoDB Operational Best Practices (mongosf2012)
MongoDB Operational Best Practices (mongosf2012)MongoDB Operational Best Practices (mongosf2012)
MongoDB Operational Best Practices (mongosf2012)
 
PyConUK 2014 - PostMortem Debugging and Web Development Updated
PyConUK 2014 - PostMortem Debugging and Web Development UpdatedPyConUK 2014 - PostMortem Debugging and Web Development Updated
PyConUK 2014 - PostMortem Debugging and Web Development Updated
 
Meetup milano #4 log management and anypoint advanced monitoring
Meetup milano #4 log management and anypoint advanced monitoringMeetup milano #4 log management and anypoint advanced monitoring
Meetup milano #4 log management and anypoint advanced monitoring
 
Integrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperationsIntegrating Puppet and Gitolite for sysadmins cooperations
Integrating Puppet and Gitolite for sysadmins cooperations
 
Post-Mortem Debugging and Web Development
Post-Mortem Debugging and Web DevelopmentPost-Mortem Debugging and Web Development
Post-Mortem Debugging and Web Development
 
Google Cloud Platform Special Training
Google Cloud Platform Special TrainingGoogle Cloud Platform Special Training
Google Cloud Platform Special Training
 
Node.js Web Apps @ ebay scale
Node.js Web Apps @ ebay scaleNode.js Web Apps @ ebay scale
Node.js Web Apps @ ebay scale
 
Seminario eMadrid 2015 09 10 sobre Serious Games (UCM) Manuel Freire - RAGE:...
Seminario eMadrid 2015 09 10 sobre Serious Games (UCM) Manuel Freire - RAGE:...Seminario eMadrid 2015 09 10 sobre Serious Games (UCM) Manuel Freire - RAGE:...
Seminario eMadrid 2015 09 10 sobre Serious Games (UCM) Manuel Freire - RAGE:...
 
Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018Using Sumo Logic - Apr 2018
Using Sumo Logic - Apr 2018
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears Training
 
2015-09-16 georchestra @ foss4g2015 Seoul
2015-09-16 georchestra @ foss4g2015 Seoul2015-09-16 georchestra @ foss4g2015 Seoul
2015-09-16 georchestra @ foss4g2015 Seoul
 

More from Vietnam Open Infrastructure User Group

More from Vietnam Open Infrastructure User Group (20)

Room 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with Ceph
Room 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with CephRoom 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with Ceph
Room 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with Ceph
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
 
Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...
Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...
Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
 
Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...
Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...
Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...
 
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
 
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
 
Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...
Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...
Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
 
Room 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combination
Room 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combinationRoom 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combination
Room 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combination
 
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practiceRoom 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
 
Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...
Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...
Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...
 
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsiRoom 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
 
Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...
Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...
Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...
 
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
 
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
 
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
 
Room 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache James
Room 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache JamesRoom 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache James
Room 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache James
 
Phiên sáng - 05 - Chia sẻ về Open Infrastructure trên thế giới
Phiên sáng - 05 - Chia sẻ về Open Infrastructure trên thế giớiPhiên sáng - 05 - Chia sẻ về Open Infrastructure trên thế giới
Phiên sáng - 05 - Chia sẻ về Open Infrastructure trên thế giới
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Graylog for open stack 3 steps to know why

  • 1. Graylog for OpenStack : 3 steps to know WHY
  • 2. MediTech JSC https://meditech.vn Private Cloud Storage Monitor Logging Managed Services About me Dinh Van Manh ● System Integration Department in MediTechJSC ● Member of Hocchudong ● Interested in OpenStack, Linux, Monitoring, Logging and new technology ● Habbit : “tra da + thuoc lao” with friends
  • 3. Agenda 1. Log Overview 1.1. Logs : What & Where? 1.2. Why look at Logs 1.3. How to use Logs effectively 2. Log in OpenStack 2.1. OpenStack log statistics 2.2. OpenStack Log Management : in imagionation & in fact 3. Graylog for OpenStack 3.1. Introduce about Graylog 3.2. Key features 3.3. Architecture/Mechanism/Model of Graylog 3.4. Graylog for OpenStack: 3 steps to know WHY? 4. Demo + Q.A
  • 5. 1.1. Logs : What & Where What logs? (from the view of system administrator) ● System event diary ● System status records ● User activities ● Incident notify Log format
  • 6. 1.1. Logs : What & Where Log come from WHERE? ● Storage devices ● Application in Linux/Windows ● Cloud Services : OpenStack ● Servers ● Firewalls ● Routers, switches
  • 7. 1.2. Why look at Logs? Basically : Incident response higher Tracking system event higher Measuring security : metrics, trends… higher and higher Situational awareness New threat discovery Estimating about user habit, trends...
  • 8. 1.3. How to use Logs effectively Level 1 : Just SSH and view ! ● Understanding log location ● Command to view log : tail, more, grep ● Filtering by keyword Level 2 : Use Syslog ● Collect syslog from client ● Store in log server Level 3 : Log management Software ● Collect everything ● Retain most everything ● Analyze enough ● Summarize and report ● Advance features : visualize, alert, share...
  • 9. 1.3. How to use Logs effectively ● Facility ○ Application Logs ○ Event Logs ○ Service Logs ○ System Logs Log Keywords ● Severity ○ 0 - emerg ○ 1 - alert ○ 2 - crit ○ 3 - error ○ 4 - warn ○ 5 - notice ○ 6 - info ○ 7 - debug ● Rotention ○ Time to rotate log ● Retention ○ Delete, archive...log ● Syslog ○ protocol to transfer log
  • 10. Log in OpenStack Which level is appropriate?
  • 11. 2.1. OpenStack log statistics OpenStack System : 3 Controller + 30 Compute node ● Controller Node ○ 6 log folder per OpenStack service ○ system log : auth, dmesg, kernel… ○ application log : apache, haproxy, pacemaker… ● Compute Node ○ 2 log folder per OpenStack service ○ system log : auth, dmes, kernel… ○ application log : libvirt ○ log of instances => Total : ● ~ 220 log file ● 10 GB log = 30 million messages / day
  • 12. 2.2. OpenStack log management : in imagionation & in fact Communication think Colleagues think In fact When i said : My job is OpenStack log management ! So Waste !!! What should we do?
  • 13. Graylog for OpenStack: To infinity & beyond !
  • 14. 3.1. Graylog Introduce ● Log centralized management software ● Released in 2010 by Lenart Koopman with name is Graylog2 ● In 1/2015 release Graylog v1., Graylog Inc was established ● Big change from Graylog version 2.0 ● Newest version is Graylog 2.3.1, stable version is Graylog 2.3.0
  • 15. 3.2. Key features Various Input & Output Analyze & Search Visualize metricAlert & Trigger User management
  • 16. 3.3. Architecture/Mechanism/Model of Graylog Overall architecture ● Server ○ Graylog ● Client ○ Client host ○ Graylog sidecar ○ Nxlog/Filebeat Filebeat Graylog Sidecar : Break the old path ● Configuration management system ● Config in client host only ONCE ! ● All in Web ● Secure with SSL/TLS
  • 17. 3.3. Architecture/Mechanism/Model of Graylog Sidecar Work-flow : Easy config in 3 steps Step 1 : Config in client ● install sidecar ● declare : graylog ip, client hostname, tags ● start service Step 2 : Config in Graylog Web ● add tags ● chose what logs you want to collect Step 3 : Checking ● Check colleted log
  • 18. 3.3. Architecture/Mechanism/Model of Graylog Deep dive in architecture Graylog Server ● receive log message ● execute log ● communicate with other components Elasticsearch ● store log message ● search engine MongoDB ● store meta infomation ● store config data
  • 19. 3.3. Architecture/Mechanism/Model of Graylog Log execute processing Step 1 : ● Spooling & store in disk temporarily ● Prepare for buffer process Step 2 : ● Messages from disk go in to Input Buffer ● Mission : Filter, classify messages Step 3 : ● Messages go in to Output Buffer ● Onward to Elasticsearch or user defined output
  • 20. 3.3. Architecture/Mechanism/Model of Graylog Elasticsearch & Graylog ● Clustering ● Use API to communicate ● Use unicast-discovery to recogize other nodes ● Graylog as a Master Node MongoDB & Graylog ● Client - Server mechanism ● Graylog use driver to communicate with MongoDB Internal Graylog components mechanisms
  • 21. 3.3. Architecture/Mechanism/Model of Graylog None HA - Small production HA - Bigger Production
  • 22. Code show you HOW ! Log show you WHY !
  • 23. 3.4. Graylog for OpenStack : 3 steps to know WHY? Just 3 steps to exploiting log in OpenStack
  • 24. 3.4. Graylog for OpenStack : 3 steps to know WHY? What should i do when instance spawning fail A. Try to spawn again B. Blame for customer D. Bug again! I’m quit ! C. Take a search in Graylog Incident Response Problem appear ! What should we do?
  • 25. 3.4. Graylog for OpenStack : 3 steps to know WHY? Step 1 : Collect logs Take log from : ● nova log ● neutron log ● cinder log ● glance log Step 2 : Analyze Make a search in Graylog : Syntax : instance id + ERROR Step 3 : Now you know WHY Just solve the problem & Go to sleep !
  • 26. 3.4. Graylog for OpenStack : 3 steps to know WHY? Tracking a event My instances was rebooted last night ??? When?
  • 27. 3.4. Graylog for OpenStack : 3 steps to know WHY? Measuring metric
  • 29. Bonus : Graylog vs ELK Graylog is coming the closest to the Splunk architecture ! VS