SlideShare una empresa de Scribd logo

Accelerating adoption of Open Infrastructure with Log Management and Mining

John Stanford
John Stanford

The document discusses log management and mining in the context of accelerating adoption of open infrastructure. It provides an overview of the evolution of logging and its use in multiple domains. It then discusses challenges around standards, complexity in cloud environments, and the anatomy of OpenStack messages. The document proposes solutions around shipping logs via rsyslog, receiving them via Logstash, and parsing and interpreting them using patterns. It also discusses querying the logs stored in Elasticsearch for analysis and metric reporting.

Datos y análisisTecnologíaEducación
1 de 33
Descargar para leer sin conexión
Accelerating adoption of Open Infrastructure May 2014 Log Management and Mining
Copyright 2014 Solinea, Inc. Logging has a Long History… photo credit: <a href="http://www.flickr.com/photos/foresthistory/3662397221/">The Forest History Society</a> via <a href="http://photopin.com">photopin</a> <a href="http://creativecommons.org/licenses/by-nc/2.0/">cc</a>
Copyright 2014 Solinea, Inc. In Multiple Domains
Copyright 2014 Solinea, Inc. Like Many Things, It Has Evolved… photo credit: <a href="http://www.flickr.com/photos/rahimageworks/ 9196119199/">Richard Hurd</a> via <a href="http://photopin.com">photopin</a> <a href="http://creativecommons.org/licenses/by/2.0/">cc</a> photo credit: <a href="http://www.flickr.com/photos/rahimageworks/ 9179873919/">Richard Hurd</a> via <a href="http://photopin.com">photopin</a> <a href="http://creativecommons.org/licenses/by/2.0/">cc</a>
Copyright 2014 Solinea, Inc. Here Too…
Copyright 2014 Solinea, Inc. Complexity Reigns in Cloud
Copyright 2014 Solinea, Inc. BEEF Nova Cinder Etc. rsyslog logstash elasticsearch tcp:5514 tcp:9200 verbose = True use_syslog = True syslog_log_facility=LOG_LOCAL{n} local{n}.* @@logstash:5514
Copyright 2014 Solinea, Inc. Standards are Elusive §  We have a couple standards that might apply: –  RFC5424 (The Syslog Protocol) –  NCSA/Apache CLF (Web servers) §  Project adoption varies, but right trajectory §  Some duplication of fields with rsyslog –  When shipping remotely §  Don’t get me started on timestamps!
Copyright 2014 Solinea, Inc. Anatomy of an OpenStack Message §  Most projects use a similar format –  Date: 2014-05-02 14:10:57.278 –  PID: 3609 –  Level: INFO –  Prog: oslo.messaging._drivers.impl_qpid –  ID: [-] –  Msg: Connected to AMQP …
Copyright 2014 Solinea, Inc. use_syslog = True §  Existing syslog format is DEPRECATED during I, and then will be changed in J to honor RFC5424 –  <132> –  May 15 12:28:57 –  compute-01 –  2014-05-15 12:28:57.767 –  20739 WARNING nova.openstack.common.loopingcall –  [-] –  task run outlasted interval by 110.003069 sec Note1: standard ryslog config on CentOS 6.5 with remote shipping to central server
Copyright 2014 Solinea, Inc. use_syslog_rfc_format = True §  Adds APP-NAME before message §  Nice idea, but… §  Appears incompatible with use_syslog = True –  Nova-compute fails to launch when both set §  With use_syslog = False –  Messages in /var/log/nova/compute.log look the same §  Could be environmental, needs more exploration
Copyright 2014 Solinea, Inc. Shipping via rsyslog §  rsyslog.conf global settings change: –  $ActionFileDefaultTemplate RSYSLOG_FileFormat –  $ActionForwardDefaultTemplate RSYSLOG_ForwardFormat §  Effect: –  <134> –  2014-05-15T13:37:11.138121+00:00 –  controller-01 –  2014-05-15 13:37:11.137 3412 INFO nova.openstack.common.service [-] Caught SIGTERM, stopping children
Copyright 2014 Solinea, Inc. Shipping via rsyslog (conf.d) §  rsyslog.d/10-goldstone.conf file: $WorkDirectory /var/lib/rsyslog # where to place spool files $ActionQueueFileName fwdGoldstone # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down local0.* @@10.10.11.122:5514 # nova local1.* @@10.10.11.122:5514 # glance local2.* @@10.10.11.122:5514 # neutron local3.* @@10.10.11.122:5514 # ceilometer local4.* @@10.10.11.122:5514 # swift local5.* @@10.10.11.122:5514 # cinder local6.* @@10.10.11.122:5514 # keystone
Copyright 2014 Solinea, Inc. Receiving via Logstash (Input) input { tcp { port => 5514 # matches port that rsyslog ships to type => syslog # insert a type field to identify this as an incoming message from syslog } }
Copyright 2014 Solinea, Inc. Receiving via Logstash (Output) output { elasticsearch { host => localhost port => 9200 protocol => http } }
Copyright 2014 Solinea, Inc. Receiving via Logstash (Patterns) OPENSTACK_PROG (?:[ a-zA-Z0-9_-]+.)+[ A-Za-z0-9_-$]+ OPENSTACK_PROG_SINGLE [A-Za-z0-9_-$]+ OPENSTACK_SOURCE %{OPENSTACK_PROG}|%{OPENSTACK_PROG_SINGLE} OPENSTACK_REQ_LIST ([(?:(req-%{UUID}|%{UUID}|%{BASE16NUM}|None|-|%{SPACE}))+])? OPENSTACK_PID ( %{POSINT:pid:int})? OPENSTACK_LOGLEVEL ([D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E| e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|[A|a]udit|AUDIT) OPENSTACK_NORMAL %{TIMESTAMP_ISO8601:timestamp}%{OPENSTACK_PID} % {OPENSTACK_LOGLEVEL:loglevel} %{OPENSTACK_SOURCE:program} {OPENSTACK_REQ_LIST:request_id_list} %{GREEDYDATA:msg} RAW_TRACE (?:^[^0-9].*$|^$) OPENSTACK_TRACE %{TIMESTAMP_ISO8601:timestamp} %{POSINT:pid:int} ([T|t]race|TRACE) % {OPENSTACK_SOURCE:program} %{GREEDYDATA:msg}|%{RAW_TRACE:msg} OPENSTACK_MESSAGE %{OPENSTACK_NORMAL}|%{OPENSTACK_TRACE} OPENSTACK_SYSLOGLINE %{SYSLOG5424PRINUM}%{CISCOTIMESTAMP:syslog_ts} % {HOSTNAME:syslog5424_host} %{OPENSTACK_MESSAGE:os_message}
Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) filter { if ([type] == "syslog”) { grok { patterns_dir => "/opt/logstash/patterns" match => { "message" => "%{OPENSTACK_SYSLOGLINE}" } add_field => { "received_at" => "%{@timestamp}" } add_field => { "_message" => "%{syslog5424_host} %{message}" } } if ("_grokparsefailure" not in [tags]) { … see following slides … } } }
Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) syslog_pri { severity_labels => ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG"] syslog_pri_field_name => "syslog5424_pri" } date { match => [ "timestamp", "yyyy-MM-dd HH:mm:ss.SSS" ] remove_field => "timestamp" timezone => "Etc/UTC" } … NOTE1: syslog_pri parses up that ugly number at the front of the incoming message (i.e. <132>) NOTE2: This date processing is based on the timestamp in the OpenStack generated message, not the rsyslog message. With enhanced rsyslog template, or better OpenStack message format, we can avoid inferring timezone.
Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) translate { field => "syslog_facility" dictionary => [ "local0", "nova", "local1", "glance", "local2", "neutron", "local3", "ceilometer", "local4", "swift", "local5", "cinder", "local6", "keystone" ] fallback => "unknown" destination => "component" } … NOTE1: syslog_facility generated by syslog_pri earlier. Adds a new component field so we can figure out who generated these messages.
Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) mutate { rename => [ "msg", "message" ] rename => [ "syslog5424_host", "host" ] remove_field => "syslog_ts" remove_field => "syslog5424_pri" remove_field => "os_message" add_tag => ["processed", "openstack_syslog", "filter_34"] } Note1: We made it to the end of the filter successfully, so let’s clean up a little and add some tags to indicate how we navigated the filter space.
Copyright 2014 Solinea, Inc. Result in ES: photo credit: <a href="http://www.flickr.com/photos/ robbie73/4346732208/">Robbert van der Steeg</a> via <a href="http:// photopin.com">photopin</a> <a href="http://creativecommons.org/ licenses/by-sa/2.0/">cc</a>
Copyright 2014 Solinea, Inc. Interpreting Specific Messages (Patterns) NOVA_API_CALL %{IP:ip} "(?:GET|PUT|POST|DELETE) %{URIPATH:uri} %{NOTSPACE:protocol}" status: % {NUMBER:response_status:int} len: %{NUMBER:response_length:int} time: %{NUMBER:response_time:float}
Copyright 2014 Solinea, Inc. Interpreting Specific Messages if ("_grokparsefailure" not in [tags]) { # clean up extra fields and tag us mutate { replace => [ "type", "openstack_api_stats" ] remove_field => "pid" remove_field => "hostname" remove_field => "message" remove_field => "_message" remove_field => "loglevel" remove_field => "syslog_severity_code" remove_field => "syslog_facility_code" remove_field => "syslog_facility" remove_field => "syslog_severity" add_tag => ["metric", "filter_37"] } } Note1: Processed after successful openstack message filtering. We know the lineage, so we don’t need to keep a bunch of redundant information.
Copyright 2014 Solinea, Inc. Result in ES: photo credit: <a href="http://www.flickr.com/photos/ calamity_photography/4778766879/">Www.CourtneyCarmody.com/</a> via <a href="http://photopin.com">photopin</a> <a href="http:// creativecommons.org/licenses/by/2.0/">cc</a>
Copyright 2014 Solinea, Inc. Querying ES for Logs { "query": { "bool": { "must": [ {"range": {"@timestamp": {"gte": "2014-05-08T16:31:07+00:00", "lte": "2014-05-15T16:31:07+00:00"}}}, {"terms": {"type": ["openstack_log"]}} ] } }, "aggs": { "events_by_time": { "date_histogram": {"field": "@timestamp", "interval": "5448.648648648648s", "min_doc_count": 0}, "aggs": { "events_by_loglevel": {"terms": {"field": "loglevel"}} } } } }
Copyright 2014 Solinea, Inc. Querying Nova API Stats { "query": { "filtered": { "filter": {"match_all": {}}, "query": {"bool": "must": [ {"range": {"@timestamp": {"gte": "2014-04-15T16:45:53+00:00", "lte": "2014-05-15T16:45:53+00:00"}}}, {"term": {"component": "nova"}}]} }}}, "aggs": { "events_by_date": { "date_histogram": {"field": "@timestamp", "interval": "32400s", "min_doc_count": 0}, "aggs": {"range": {"range": { "ranges": [{"to": 299, "from": 200}, {"to": 399, "from": 300}, {"to": 499, "from": 400}, {"to": 599, "from": 500}], "field": "response_status", "keyed": true}}, "stats": {"extended_stats": {"field": "response_time"}} }}}}
Copyright 2014 Solinea, Inc. Manage and Monitor OpenStack http://gssr.jpl.nasa.gov/index.html The Goldstone Deep Space Communications Complex (GDSCC), commonly called the Goldstone Observatory, is located in the U.S. state of California's Mojave Desert. Operated for the Jet Propulsion Laboratory, its main purpose is to track and communicate with space missions. It is named after Goldstone, California, a nearby gold-mining ghost town. (Because everyone asks…)
Copyright 2014 Solinea, Inc. Log Viewing, Filtering, and Searching
Copyright 2014 Solinea, Inc. Key Metric Reporting
John Stanford, VP Development; john@solinea.com Thank You
Copyright 2014 Solinea, Inc. Solinea at a Glance CUSTOMERSOVERVIEW Industry Focus Open Infrastructure, OpenStack Headquarters San Francisco, CA Founded January 2013 Geographies Asia, USA PAST DEPLOYMENTSTEAM Major US Telco US Infrastructure Service Provider North Asian Telco Global Electronics Manufacturer Global Gaming Company Top 5 Global Automotive Firm Tier 1 Network Provider Risk Management Analytics Easter Europe CSP OpenStack Distro Provider Security Analytics Firm Leading SDN Provider
Copyright 2014 Solinea, Inc. Solinea Services ! ! ! " Conceive Architect Integrate Adopt Conceive the cloud strategy for existing and new cloud services to drive customer adoption Architect the cloud platforms based on market demand and internal capabilities Implement the cloud offerings and integrate them into the existing infrastructure & processes Operate the cloud, transfer knowledge, train the team and enable rapid adoption

Recomendados

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupLogstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupStartit
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Airat Khisamov
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaAlejandro E Brito Monedero
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 

Recomendados

Elk with Openstack
Elk with OpenstackElk with Openstack
Elk with OpenstackArun prasath
 
Elk stack
Elk stackElk stack
Elk stackJilles van Gurp
 
Logstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupLogstash + Elasticsearch + Kibana Presentation on Startit Tech Meetup
Logstash + Elasticsearch + Kibana Presentation on Startit Tech MeetupStartit
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...
Customer Intelligence: Using the ELK Stack to Analyze ForgeRock OpenAM Audit ...ForgeRock
 
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.
Central LogFile Storage. ELK stack Elasticsearch, Logstash and Kibana.Airat Khisamov
 
Using Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaUsing Logstash, elasticsearch & kibana
Using Logstash, elasticsearch & kibanaAlejandro E Brito Monedero
 
Logstash-Elasticsearch-Kibana
Logstash-Elasticsearch-KibanaLogstash-Elasticsearch-Kibana
Logstash-Elasticsearch-Kibanadknx01
 
Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELKHarshakumar Ummerpillai
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK hypto
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationSurasak Sanguanpong
 
Elk scilifelab
Elk scilifelabElk scilifelab
Elk scilifelabGuillermo Carrasco Hernández
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
LogStash in action
LogStash in actionLogStash in action
LogStash in actionManuj Aggarwal
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Logstash
LogstashLogstash
LogstashRajgourav Jain
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnasAlexander Szalonnas
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Elk stack @inbot
Elk stack @inbotElk stack @inbot
Elk stack @inbotJilles van Gurp
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Docker Logging Webinar
Docker Logging WebinarDocker Logging Webinar
Docker Logging WebinarSematext Group, Inc.
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.comRenzo Tomà
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring WebinarSematext Group, Inc.
 
Elk
Elk Elk
Elk Caleb Wang
 
Using Cerberus and PySpark to validate semi-structured datasets
Using Cerberus and PySpark to validate semi-structured datasetsUsing Cerberus and PySpark to validate semi-structured datasets
Using Cerberus and PySpark to validate semi-structured datasetsBartosz Konieczny
 
Streaming using Kafka Flink & Elasticsearch
Streaming using Kafka Flink & ElasticsearchStreaming using Kafka Flink & Elasticsearch
Streaming using Kafka Flink & ElasticsearchKeira Zhou
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practicesRadek Simko
 
OpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonOpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonPyCon Italia
 

Más contenido relacionado

La actualidad más candente

Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK hypto
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationSurasak Sanguanpong
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life琛琳 饶
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.comRenzo Tomà
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 
Using Cerberus and PySpark to validate semi-structured datasets
Using Cerberus and PySpark to validate semi-structured datasetsUsing Cerberus and PySpark to validate semi-structured datasets
Using Cerberus and PySpark to validate semi-structured datasetsBartosz Konieczny
 
Streaming using Kafka Flink & Elasticsearch
Streaming using Kafka Flink & ElasticsearchStreaming using Kafka Flink & Elasticsearch
Streaming using Kafka Flink & ElasticsearchKeira Zhou
 

La actualidad más candente (20)

Introduction to ELK
Introduction to ELKIntroduction to ELK
Introduction to ELK
 
Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK Machine Learning in a Twitter ETL using ELK
Machine Learning in a Twitter ETL using ELK
 
Experiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and VisualizationExperiences in ELK with D3.js for Large Log Analysis and Visualization
Experiences in ELK with D3.js for Large Log Analysis and Visualization
 
Elk scilifelab
Elk scilifelabElk scilifelab
Elk scilifelab
 
How ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps lifeHow ElasticSearch lives in my DevOps life
How ElasticSearch lives in my DevOps life
 
LogStash in action
LogStash in actionLogStash in action
LogStash in action
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & Kibana
 
Logstash
LogstashLogstash
Logstash
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
elk_stack_alexander_szalonnas
elk_stack_alexander_szalonnaselk_stack_alexander_szalonnas
elk_stack_alexander_szalonnas
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log Management
 
Elk stack @inbot
Elk stack @inbotElk stack @inbot
Elk stack @inbot
 
Logstash
LogstashLogstash
Logstash
 
Docker Logging Webinar
Docker Logging WebinarDocker Logging Webinar
Docker Logging Webinar
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.com
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
 
Elk
Elk Elk
Elk
 
Using Cerberus and PySpark to validate semi-structured datasets
Using Cerberus and PySpark to validate semi-structured datasetsUsing Cerberus and PySpark to validate semi-structured datasets
Using Cerberus and PySpark to validate semi-structured datasets
 
Streaming using Kafka Flink & Elasticsearch
Streaming using Kafka Flink & ElasticsearchStreaming using Kafka Flink & Elasticsearch
Streaming using Kafka Flink & Elasticsearch
 

Similar a Accelerating adoption of Open Infrastructure with Log Management and Mining

Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practicesRadek Simko
 
OpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonOpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonPyCon Italia
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesLindsay Holmwood
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersFestGroup
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
 
Pontos para criar_instancia_data guard_11g
Pontos para criar_instancia_data guard_11gPontos para criar_instancia_data guard_11g
Pontos para criar_instancia_data guard_11gLeandro Santos
 
ELK: a log management framework
ELK: a log management frameworkELK: a log management framework
ELK: a log management frameworkGiovanni Bechis
 
Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)Wooga
 
Ten useful JavaScript tips & best practices
Ten useful JavaScript tips & best practicesTen useful JavaScript tips & best practices
Ten useful JavaScript tips & best practicesAnkit Rastogi
 
SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...
SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...
SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...Stuart Moore
 
Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann
Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann
Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann Danny Abukalam
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...APNIC
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé
 
Rapid prototyping search applications with solr
Rapid prototyping search applications with solrRapid prototyping search applications with solr
Rapid prototyping search applications with solrLucidworks (Archived)
 
Plugins on OnDemand with Remote Apps - Atlassian Summit 2012
Plugins on OnDemand with Remote Apps - Atlassian Summit 2012 Plugins on OnDemand with Remote Apps - Atlassian Summit 2012
Plugins on OnDemand with Remote Apps - Atlassian Summit 2012 Atlassian
 
Distributed Applications with Perl & Gearman
Distributed Applications with Perl & GearmanDistributed Applications with Perl & Gearman
Distributed Applications with Perl & GearmanIssac Goldstand
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)Nitroxis Sprl
 
Divolte Collector - meetup presentation
Divolte Collector - meetup presentationDivolte Collector - meetup presentation
Divolte Collector - meetup presentationfvanvollenhoven
 

Similar a Accelerating adoption of Open Infrastructure with Log Management and Mining (20)

Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practices
 
OpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonOpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con Python
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
 
Log mining
Log miningLog mining
Log mining
 
JavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developersJavaFest. Nanne Baars. Web application security for developers
JavaFest. Nanne Baars. Web application security for developers
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
 
Pontos para criar_instancia_data guard_11g
Pontos para criar_instancia_data guard_11gPontos para criar_instancia_data guard_11g
Pontos para criar_instancia_data guard_11g
 
ELK: a log management framework
ELK: a log management frameworkELK: a log management framework
ELK: a log management framework
 
Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)Monitoring with Syslog and EventMachine (RailswayConf 2012)
Monitoring with Syslog and EventMachine (RailswayConf 2012)
 
Ten useful JavaScript tips & best practices
Ten useful JavaScript tips & best practicesTen useful JavaScript tips & best practices
Ten useful JavaScript tips & best practices
 
SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...
SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...
SQL Server Extended Events presentation from SQL Midlands User Group 14th Mar...
 
Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann
Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann
Matt Jarvis - Unravelling Logs: Log Processing with Logstash and Riemann
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
 
Rapid prototyping search applications with solr
Rapid prototyping search applications with solrRapid prototyping search applications with solr
Rapid prototyping search applications with solr
 
Monkey man
Monkey manMonkey man
Monkey man
 
Plugins on OnDemand with Remote Apps - Atlassian Summit 2012
Plugins on OnDemand with Remote Apps - Atlassian Summit 2012 Plugins on OnDemand with Remote Apps - Atlassian Summit 2012
Plugins on OnDemand with Remote Apps - Atlassian Summit 2012
 
Distributed Applications with Perl & Gearman
Distributed Applications with Perl & GearmanDistributed Applications with Perl & Gearman
Distributed Applications with Perl & Gearman
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)
 
Divolte Collector - meetup presentation
Divolte Collector - meetup presentationDivolte Collector - meetup presentation
Divolte Collector - meetup presentation
 

Último

Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxJohnnyPlasten
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiSuhani Kapoor
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 

Último (20)

Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 

Accelerating adoption of Open Infrastructure with Log Management and Mining

  • 1. Accelerating adoption of Open Infrastructure May 2014 Log Management and Mining
  • 2. Copyright 2014 Solinea, Inc. Logging has a Long History… photo credit: <a href="http://www.flickr.com/photos/foresthistory/3662397221/">The Forest History Society</a> via <a href="http://photopin.com">photopin</a> <a href="http://creativecommons.org/licenses/by-nc/2.0/">cc</a>
  • 3. Copyright 2014 Solinea, Inc. In Multiple Domains
  • 4. Copyright 2014 Solinea, Inc. Like Many Things, It Has Evolved… photo credit: <a href="http://www.flickr.com/photos/rahimageworks/ 9196119199/">Richard Hurd</a> via <a href="http://photopin.com">photopin</a> <a href="http://creativecommons.org/licenses/by/2.0/">cc</a> photo credit: <a href="http://www.flickr.com/photos/rahimageworks/ 9179873919/">Richard Hurd</a> via <a href="http://photopin.com">photopin</a> <a href="http://creativecommons.org/licenses/by/2.0/">cc</a>
  • 5. Copyright 2014 Solinea, Inc. Here Too…
  • 6. Copyright 2014 Solinea, Inc. Complexity Reigns in Cloud
  • 7. Copyright 2014 Solinea, Inc. BEEF Nova Cinder Etc. rsyslog logstash elasticsearch tcp:5514 tcp:9200 verbose = True use_syslog = True syslog_log_facility=LOG_LOCAL{n} local{n}.* @@logstash:5514
  • 8. Copyright 2014 Solinea, Inc. Standards are Elusive §  We have a couple standards that might apply: –  RFC5424 (The Syslog Protocol) –  NCSA/Apache CLF (Web servers) §  Project adoption varies, but right trajectory §  Some duplication of fields with rsyslog –  When shipping remotely §  Don’t get me started on timestamps!
  • 9. Copyright 2014 Solinea, Inc. Anatomy of an OpenStack Message §  Most projects use a similar format –  Date: 2014-05-02 14:10:57.278 –  PID: 3609 –  Level: INFO –  Prog: oslo.messaging._drivers.impl_qpid –  ID: [-] –  Msg: Connected to AMQP …
  • 10. Copyright 2014 Solinea, Inc. use_syslog = True §  Existing syslog format is DEPRECATED during I, and then will be changed in J to honor RFC5424 –  <132> –  May 15 12:28:57 –  compute-01 –  2014-05-15 12:28:57.767 –  20739 WARNING nova.openstack.common.loopingcall –  [-] –  task run outlasted interval by 110.003069 sec Note1: standard ryslog config on CentOS 6.5 with remote shipping to central server
  • 11. Copyright 2014 Solinea, Inc. use_syslog_rfc_format = True §  Adds APP-NAME before message §  Nice idea, but… §  Appears incompatible with use_syslog = True –  Nova-compute fails to launch when both set §  With use_syslog = False –  Messages in /var/log/nova/compute.log look the same §  Could be environmental, needs more exploration
  • 12. Copyright 2014 Solinea, Inc. Shipping via rsyslog §  rsyslog.conf global settings change: –  $ActionFileDefaultTemplate RSYSLOG_FileFormat –  $ActionForwardDefaultTemplate RSYSLOG_ForwardFormat §  Effect: –  <134> –  2014-05-15T13:37:11.138121+00:00 –  controller-01 –  2014-05-15 13:37:11.137 3412 INFO nova.openstack.common.service [-] Caught SIGTERM, stopping children
  • 13. Copyright 2014 Solinea, Inc. Shipping via rsyslog (conf.d) §  rsyslog.d/10-goldstone.conf file: $WorkDirectory /var/lib/rsyslog # where to place spool files $ActionQueueFileName fwdGoldstone # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down local0.* @@10.10.11.122:5514 # nova local1.* @@10.10.11.122:5514 # glance local2.* @@10.10.11.122:5514 # neutron local3.* @@10.10.11.122:5514 # ceilometer local4.* @@10.10.11.122:5514 # swift local5.* @@10.10.11.122:5514 # cinder local6.* @@10.10.11.122:5514 # keystone
  • 14. Copyright 2014 Solinea, Inc. Receiving via Logstash (Input) input { tcp { port => 5514 # matches port that rsyslog ships to type => syslog # insert a type field to identify this as an incoming message from syslog } }
  • 15. Copyright 2014 Solinea, Inc. Receiving via Logstash (Output) output { elasticsearch { host => localhost port => 9200 protocol => http } }
  • 16. Copyright 2014 Solinea, Inc. Receiving via Logstash (Patterns) OPENSTACK_PROG (?:[ a-zA-Z0-9_-]+.)+[ A-Za-z0-9_-$]+ OPENSTACK_PROG_SINGLE [A-Za-z0-9_-$]+ OPENSTACK_SOURCE %{OPENSTACK_PROG}|%{OPENSTACK_PROG_SINGLE} OPENSTACK_REQ_LIST ([(?:(req-%{UUID}|%{UUID}|%{BASE16NUM}|None|-|%{SPACE}))+])? OPENSTACK_PID ( %{POSINT:pid:int})? OPENSTACK_LOGLEVEL ([D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E| e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|[A|a]udit|AUDIT) OPENSTACK_NORMAL %{TIMESTAMP_ISO8601:timestamp}%{OPENSTACK_PID} % {OPENSTACK_LOGLEVEL:loglevel} %{OPENSTACK_SOURCE:program} {OPENSTACK_REQ_LIST:request_id_list} %{GREEDYDATA:msg} RAW_TRACE (?:^[^0-9].*$|^$) OPENSTACK_TRACE %{TIMESTAMP_ISO8601:timestamp} %{POSINT:pid:int} ([T|t]race|TRACE) % {OPENSTACK_SOURCE:program} %{GREEDYDATA:msg}|%{RAW_TRACE:msg} OPENSTACK_MESSAGE %{OPENSTACK_NORMAL}|%{OPENSTACK_TRACE} OPENSTACK_SYSLOGLINE %{SYSLOG5424PRINUM}%{CISCOTIMESTAMP:syslog_ts} % {HOSTNAME:syslog5424_host} %{OPENSTACK_MESSAGE:os_message}
  • 17. Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) filter { if ([type] == "syslog”) { grok { patterns_dir => "/opt/logstash/patterns" match => { "message" => "%{OPENSTACK_SYSLOGLINE}" } add_field => { "received_at" => "%{@timestamp}" } add_field => { "_message" => "%{syslog5424_host} %{message}" } } if ("_grokparsefailure" not in [tags]) { … see following slides … } } }
  • 18. Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) syslog_pri { severity_labels => ["EMERGENCY", "ALERT", "CRITICAL", "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG"] syslog_pri_field_name => "syslog5424_pri" } date { match => [ "timestamp", "yyyy-MM-dd HH:mm:ss.SSS" ] remove_field => "timestamp" timezone => "Etc/UTC" } … NOTE1: syslog_pri parses up that ugly number at the front of the incoming message (i.e. <132>) NOTE2: This date processing is based on the timestamp in the OpenStack generated message, not the rsyslog message. With enhanced rsyslog template, or better OpenStack message format, we can avoid inferring timezone.
  • 19. Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) translate { field => "syslog_facility" dictionary => [ "local0", "nova", "local1", "glance", "local2", "neutron", "local3", "ceilometer", "local4", "swift", "local5", "cinder", "local6", "keystone" ] fallback => "unknown" destination => "component" } … NOTE1: syslog_facility generated by syslog_pri earlier. Adds a new component field so we can figure out who generated these messages.
  • 20. Copyright 2014 Solinea, Inc. Receiving via Logstash (Filter Fun) mutate { rename => [ "msg", "message" ] rename => [ "syslog5424_host", "host" ] remove_field => "syslog_ts" remove_field => "syslog5424_pri" remove_field => "os_message" add_tag => ["processed", "openstack_syslog", "filter_34"] } Note1: We made it to the end of the filter successfully, so let’s clean up a little and add some tags to indicate how we navigated the filter space.
  • 21. Copyright 2014 Solinea, Inc. Result in ES: photo credit: <a href="http://www.flickr.com/photos/ robbie73/4346732208/">Robbert van der Steeg</a> via <a href="http:// photopin.com">photopin</a> <a href="http://creativecommons.org/ licenses/by-sa/2.0/">cc</a>
  • 22. Copyright 2014 Solinea, Inc. Interpreting Specific Messages (Patterns) NOVA_API_CALL %{IP:ip} "(?:GET|PUT|POST|DELETE) %{URIPATH:uri} %{NOTSPACE:protocol}" status: % {NUMBER:response_status:int} len: %{NUMBER:response_length:int} time: %{NUMBER:response_time:float}
  • 23. Copyright 2014 Solinea, Inc. Interpreting Specific Messages if ("_grokparsefailure" not in [tags]) { # clean up extra fields and tag us mutate { replace => [ "type", "openstack_api_stats" ] remove_field => "pid" remove_field => "hostname" remove_field => "message" remove_field => "_message" remove_field => "loglevel" remove_field => "syslog_severity_code" remove_field => "syslog_facility_code" remove_field => "syslog_facility" remove_field => "syslog_severity" add_tag => ["metric", "filter_37"] } } Note1: Processed after successful openstack message filtering. We know the lineage, so we don’t need to keep a bunch of redundant information.
  • 24. Copyright 2014 Solinea, Inc. Result in ES: photo credit: <a href="http://www.flickr.com/photos/ calamity_photography/4778766879/">Www.CourtneyCarmody.com/</a> via <a href="http://photopin.com">photopin</a> <a href="http:// creativecommons.org/licenses/by/2.0/">cc</a>
  • 25. Copyright 2014 Solinea, Inc. Querying ES for Logs { "query": { "bool": { "must": [ {"range": {"@timestamp": {"gte": "2014-05-08T16:31:07+00:00", "lte": "2014-05-15T16:31:07+00:00"}}}, {"terms": {"type": ["openstack_log"]}} ] } }, "aggs": { "events_by_time": { "date_histogram": {"field": "@timestamp", "interval": "5448.648648648648s", "min_doc_count": 0}, "aggs": { "events_by_loglevel": {"terms": {"field": "loglevel"}} } } } }
  • 26. Copyright 2014 Solinea, Inc. Querying Nova API Stats { "query": { "filtered": { "filter": {"match_all": {}}, "query": {"bool": "must": [ {"range": {"@timestamp": {"gte": "2014-04-15T16:45:53+00:00", "lte": "2014-05-15T16:45:53+00:00"}}}, {"term": {"component": "nova"}}]} }}}, "aggs": { "events_by_date": { "date_histogram": {"field": "@timestamp", "interval": "32400s", "min_doc_count": 0}, "aggs": {"range": {"range": { "ranges": [{"to": 299, "from": 200}, {"to": 399, "from": 300}, {"to": 499, "from": 400}, {"to": 599, "from": 500}], "field": "response_status", "keyed": true}}, "stats": {"extended_stats": {"field": "response_time"}} }}}}
  • 27. Copyright 2014 Solinea, Inc. Manage and Monitor OpenStack http://gssr.jpl.nasa.gov/index.html The Goldstone Deep Space Communications Complex (GDSCC), commonly called the Goldstone Observatory, is located in the U.S. state of California's Mojave Desert. Operated for the Jet Propulsion Laboratory, its main purpose is to track and communicate with space missions. It is named after Goldstone, California, a nearby gold-mining ghost town. (Because everyone asks…)
  • 28. Copyright 2014 Solinea, Inc. Log Viewing, Filtering, and Searching
  • 29. Copyright 2014 Solinea, Inc. Key Metric Reporting
  • 30. John Stanford, VP Development; john@solinea.com Thank You
  • 31.
  • 32. Copyright 2014 Solinea, Inc. Solinea at a Glance CUSTOMERSOVERVIEW Industry Focus Open Infrastructure, OpenStack Headquarters San Francisco, CA Founded January 2013 Geographies Asia, USA PAST DEPLOYMENTSTEAM Major US Telco US Infrastructure Service Provider North Asian Telco Global Electronics Manufacturer Global Gaming Company Top 5 Global Automotive Firm Tier 1 Network Provider Risk Management Analytics Easter Europe CSP OpenStack Distro Provider Security Analytics Firm Leading SDN Provider
  • 33. Copyright 2014 Solinea, Inc. Solinea Services ! ! ! " Conceive Architect Integrate Adopt Conceive the cloud strategy for existing and new cloud services to drive customer adoption Architect the cloud platforms based on market demand and internal capabilities Implement the cloud offerings and integrate them into the existing infrastructure & processes Operate the cloud, transfer knowledge, train the team and enable rapid adoption