SlideShare una empresa de Scribd logo

The rsyslog v8 engine (developer's view)

Descargar como ODP, PDF
Rainer Gerhards
Rainer Gerhards

Which enhancements does the rsyslog v8 engine contain? This short presentation focuses on those changes in the output engine that greatly helps to improve performance. We describe what exactly was changed, how this looks in real code and what developers need to know before upgrading a plugin to v8.

Tecnología
1 de 13
The rsyslog v8 engine A developer's view Rainer Gerhards
What is New? • Output part totally revamped • Simplified script execution ▫ Even faster execution speed ▫ Less complex code • Even higher scalability • Global variable support • Required changes to output module interface Rainer Gerhards * http://blog.gerhards.net
The v7 rule engine Queue worker rsyslog core Queue worker queue Single-thread compartment Action instance Queue worker Filter processing  Message formatting  Actual output action, like sending msg  Kept simple & single threaded  Works well with fast actions  Has problems with slow ones, e.g. via HTTP (like Elasticsearch)  Rainer Gerhards * http://blog.gerhards.net
V7 Action data structures • Global data, once per module ▫ Solely for setting default parameters • pData: per action-instance ▫ Automatically created “by framework” ▫ Holds all data necessary for doing action  Config parameters  Connection handles  Other state Rainer Gerhards * http://blog.gerhards.net
Real-World Sample: ommysql typedef struct _instanceData { MYSQL *f_hmysql; char f_dbsrv[MAXHOSTNAMELEN+1]; unsigned int f_dbsrvPort; char f_dbname[_DB_MAXDBLEN+1]; char f_dbuid[_DB_MAXUNAMELEN+1]; char f_dbpwd[_DB_MAXPWDLEN+1]; unsigned uLastMySQLErrno; uchar *f_configfile; uchar *f_configsection; uchar *tplName; } instanceData; Green: per-connection parameters Rest is config part. Rainer Gerhards * http://blog.gerhards.net
The v8 rule engine Queue worker queue Queue worker Action wrkr inst. Queue worker rsyslog core Action wrkr inst. Action wrkr inst. Now multiple instances per action!  Queue worker pool automatically scales outbound connection count by spawning more worker instances  Works well with ElastiSearch etc.  Inherantly serial outputs (e.g. local files!) must serialize themselves  Rainer Gerhards * http://blog.gerhards.net
V8 Action data structures • Global data, once per module ▫ Solely for setting default parameters • pData: per action-instance ▫ Automatically created “by framework” ▫ Primarily config parameters ▫ Maybe some global state like overall counters, mutexes, ... • pWrkrData: per action-worker-instance ▫ Connection handles ▫ Other “live” state Rainer Gerhards * http://blog.gerhards.net
Real-World Sample: ommysql typedef struct _instanceData { char dbsrv[MAXHOSTNAMELEN+1]; unsigned int dbsrvPort; char dbname[_DB_MAXDBLEN+1]; char dbuid[_DB_MAXUNAMELEN+1]; char dbpwd[_DB_MAXPWDLEN+1]; uchar *configfile; uchar *configsection; uchar *tplName; } instanceData; typedef struct wrkrInstanceData { instanceData pData; /* points back to action instance */ MYSQL *hmysql; unsigned uLastMySQLErrno; } wrkrInstanceData_t; Config and per-connection parameters now split, multiple instances of per-connection data. Rainer Gerhards * http://blog.gerhards.net
V8 data structure sample • One action module • With 2 actions • One being executed on two, one on three threads Action instance 2 Rainer Gerhards * http://blog.gerhards.net wrkr 1 wrkr 2 wrkr 1 wrkr 2 wrkr 3 External Connections module global data Action instance 1
What if the destination cannot handle multiple workers? • A typical example is file output • Framework will still call into multiple workers • Worker must use pData mutex to protect itself – this is not done automatically! • Basically like in v7, but plugin needs to take care Action instance 1 Action instance 2 wrkr 1 wrkr 2 “real” code Action-instance mutexes wrkr 1 wrkr 2 “real” code wrkr 3 Rainer Gerhards * http://blog.gerhards.net
Real-World Sample: omfile BEGINcommitTransaction instanceData *__restrict__ const pData = pWrkrData->pData; unsigned i; CODESTARTcommitTransaction pthread_mutex_lock(&pData->mutWrite); for(i = 0 ; i < nParams ; ++i) writeFile(pData, pParams, i); if(pData->bFlushOnTXEnd && pData->pStrm != NULL) { /* if we have an async writer, it controls the flush via * a timeout. */ if(!pData->bUseAsyncWriter) CHKiRet(strm.Flush(pData->pStrm)); } finalize_it: pthread_mutex_unlock(&pData->mutWrite); ENDcommitTransaction Rainer Gerhards * http://blog.gerhards.net
Anything else? • A couple of more things have changed,e.g. ▫ New callbacks for wrkr Instance handling ▫ New transaction processing callback ▫ New data structures for message data • Changes are hidden mostly in macro layer • But still there is work to do ▫ Usually quite easy ▫ Presentation on how to do this will follow, in the meantime use http://blog.gerhards.net/2013/11/samples-for-v8-module-conversion.html Rainer Gerhards * http://blog.gerhards.net
Even more? • Yup... • We now support external plugins, which need not be written in C! • Use any language you like, e.g. Python, Perl or Java... • More info at http://www.slideshare.net/rainergerhards1/writing-rsyslog-p • Note: action worker instances facilitate writing great performance external plugins Rainer Gerhards * http://blog.gerhards.net

Recomendados

Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalizationRainer Gerhards
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkRainer Gerhards
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog PluginsRainer Gerhards
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileRainer Gerhards
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaPrajal Kulkarni
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 

Recomendados

Rsyslog log normalization
Rsyslog log normalizationRsyslog log normalization
Rsyslog log normalizationRainer Gerhards
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkRainer Gerhards
 
Writing External Rsyslog Plugins
Writing External Rsyslog PluginsWriting External Rsyslog Plugins
Writing External Rsyslog PluginsRainer Gerhards
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
 
Using Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileUsing Wildcards with rsyslog's File Monitor imfile
Using Wildcards with rsyslog's File Monitor imfileRainer Gerhards
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchVic Hargrave
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaPrajal Kulkarni
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 
Volker Fröhlich - How to Debug Common Agent Issues
Volker Fröhlich - How to Debug Common Agent IssuesVolker Fröhlich - How to Debug Common Agent Issues
Volker Fröhlich - How to Debug Common Agent IssuesZabbix
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Zabbix
 
Logmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKLogmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKIcinga
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibanainovex GmbH
 
Node.js
Node.jsNode.js
Node.jshotrannam
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Steve Howe
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programminghotrannam
 
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Zabbix
 
Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014Barney Hanlon
 
Dokku - your own heroku
Dokku - your own herokuDokku - your own heroku
Dokku - your own herokuAleksandr Simonov
 
Dokku your own heroku 21
Dokku your own heroku 21Dokku your own heroku 21
Dokku your own heroku 21Amoniac OÜ
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingShakacon
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Ontico
 
Massively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPMassively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPDemin Yin
 
Ratpack JVM_MX Meetup February 2016
Ratpack JVM_MX Meetup February 2016Ratpack JVM_MX Meetup February 2016
Ratpack JVM_MX Meetup February 2016Domingo Suarez Torres
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...vsoshnikov
 
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecturevsoshnikov
 
Linuxday.at - Lightning Talk
Linuxday.at - Lightning TalkLinuxday.at - Lightning Talk
Linuxday.at - Lightning TalkJan Gehring
 
Varnish - PLNOG 4
Varnish - PLNOG 4Varnish - PLNOG 4
Varnish - PLNOG 4Leszek Urbanski
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performanceEngine Yard
 

Más contenido relacionado

La actualidad más candente

Volker Fröhlich - How to Debug Common Agent Issues
Volker Fröhlich - How to Debug Common Agent IssuesVolker Fröhlich - How to Debug Common Agent Issues
Volker Fröhlich - How to Debug Common Agent IssuesZabbix
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Zabbix
 
Logmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKLogmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKIcinga
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibanainovex GmbH
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Steve Howe
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programminghotrannam
 
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Zabbix
 
Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014Barney Hanlon
 
Dokku your own heroku 21
Dokku your own heroku 21Dokku your own heroku 21
Dokku your own heroku 21Amoniac OÜ
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingShakacon
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsSematext Group, Inc.
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Ontico
 
Massively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPMassively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPDemin Yin
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...vsoshnikov
 
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecturevsoshnikov
 
Linuxday.at - Lightning Talk
Linuxday.at - Lightning TalkLinuxday.at - Lightning Talk
Linuxday.at - Lightning TalkJan Gehring
 

La actualidad más candente (20)

Volker Fröhlich - How to Debug Common Agent Issues
Volker Fröhlich - How to Debug Common Agent IssuesVolker Fröhlich - How to Debug Common Agent Issues
Volker Fröhlich - How to Debug Common Agent Issues
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
 
Logmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKLogmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELK
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibana
 
Node.js
Node.jsNode.js
Node.js
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016
 
HTML5 Programming
HTML5 ProgrammingHTML5 Programming
HTML5 Programming
 
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016
 
Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014Next Generation DevOps in Drupal: DrupalCamp London 2014
Next Generation DevOps in Drupal: DrupalCamp London 2014
 
Dokku - your own heroku
Dokku - your own herokuDokku - your own heroku
Dokku - your own heroku
 
Dokku your own heroku 21
Dokku your own heroku 21Dokku your own heroku 21
Dokku your own heroku 21
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
 
Tuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for LogsTuning Elasticsearch Indexing Pipeline for Logs
Tuning Elasticsearch Indexing Pipeline for Logs
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
 
Massively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHPMassively Scaled High Performance Web Services with PHP
Massively Scaled High Performance Web Services with PHP
 
Ratpack JVM_MX Meetup February 2016
Ratpack JVM_MX Meetup February 2016Ratpack JVM_MX Meetup February 2016
Ratpack JVM_MX Meetup February 2016
 
Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...Master-Master Replication and Scaling of an Application Between Each of the I...
Master-Master Replication and Scaling of an Application Between Each of the I...
 
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
How to Shrink from 5 Tiers to 2 in a Multitier Microservices Architecture
 
Linuxday.at - Lightning Talk
Linuxday.at - Lightning TalkLinuxday.at - Lightning Talk
Linuxday.at - Lightning Talk
 

Similar a The rsyslog v8 engine (developer's view)

6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performanceEngine Yard
 
introduction to node.js
introduction to node.jsintroduction to node.js
introduction to node.jsorkaplan
 
Practice and challenges from building IaaS
Practice and challenges from building IaaSPractice and challenges from building IaaS
Practice and challenges from building IaaSShawn Zhu
 
Stateful streaming data pipelines
Stateful streaming data pipelinesStateful streaming data pipelines
Stateful streaming data pipelinesTimothy Farkas
 
Practical Operation Automation with StackStorm
Practical Operation Automation with StackStormPractical Operation Automation with StackStorm
Practical Operation Automation with StackStormShu Sugimoto
 
End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...
End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...
End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...DataWorks Summit/Hadoop Summit
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheKevin Jones
 
Data has a better idea the in-memory data grid
Data has a better idea the in-memory data gridData has a better idea the in-memory data grid
Data has a better idea the in-memory data gridBogdan Dina
 
Elasticsearch on Kubernetes
Elasticsearch on KubernetesElasticsearch on Kubernetes
Elasticsearch on KubernetesJoerg Henning
 
NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1Ruslan Meshenberg
 
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»DataArt
 
Dok Talks #124 - Intro to Druid on Kubernetes
Dok Talks #124 - Intro to Druid on KubernetesDok Talks #124 - Intro to Druid on Kubernetes
Dok Talks #124 - Intro to Druid on KubernetesDoKC
 
Operator Lifecycle Management
Operator Lifecycle ManagementOperator Lifecycle Management
Operator Lifecycle ManagementDoKC
 
Operator Lifecycle Management
Operator Lifecycle ManagementOperator Lifecycle Management
Operator Lifecycle ManagementDoKC
 
Ceph Day Beijing - Ceph all-flash array design based on NUMA architecture
Ceph Day Beijing - Ceph all-flash array design based on NUMA architectureCeph Day Beijing - Ceph all-flash array design based on NUMA architecture
Ceph Day Beijing - Ceph all-flash array design based on NUMA architectureCeph Community
 
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA ArchitectureCeph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA ArchitectureDanielle Womboldt
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructureharendra_pathak
 

Similar a The rsyslog v8 engine (developer's view) (20)

Varnish - PLNOG 4
Varnish - PLNOG 4Varnish - PLNOG 4
Varnish - PLNOG 4
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performance
 
introduction to node.js
introduction to node.jsintroduction to node.js
introduction to node.js
 
Practice and challenges from building IaaS
Practice and challenges from building IaaSPractice and challenges from building IaaS
Practice and challenges from building IaaS
 
Stateful streaming data pipelines
Stateful streaming data pipelinesStateful streaming data pipelines
Stateful streaming data pipelines
 
Practical Operation Automation with StackStorm
Practical Operation Automation with StackStormPractical Operation Automation with StackStorm
Practical Operation Automation with StackStorm
 
End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...
End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...
End to End Processing of 3.7 Million Telemetry Events per Second using Lambda...
 
Using NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content CacheUsing NGINX as an Effective and Highly Available Content Cache
Using NGINX as an Effective and Highly Available Content Cache
 
Data has a better idea the in-memory data grid
Data has a better idea the in-memory data gridData has a better idea the in-memory data grid
Data has a better idea the in-memory data grid
 
Elasticsearch on Kubernetes
Elasticsearch on KubernetesElasticsearch on Kubernetes
Elasticsearch on Kubernetes
 
NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1
 
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
Станислав Сидоренко «DeviceHive Java Server – миграция на Spring Boot»
 
GR740 User day
GR740 User dayGR740 User day
GR740 User day
 
Mmap failure analysis
Mmap failure analysisMmap failure analysis
Mmap failure analysis
 
Dok Talks #124 - Intro to Druid on Kubernetes
Dok Talks #124 - Intro to Druid on KubernetesDok Talks #124 - Intro to Druid on Kubernetes
Dok Talks #124 - Intro to Druid on Kubernetes
 
Operator Lifecycle Management
Operator Lifecycle ManagementOperator Lifecycle Management
Operator Lifecycle Management
 
Operator Lifecycle Management
Operator Lifecycle ManagementOperator Lifecycle Management
Operator Lifecycle Management
 
Ceph Day Beijing - Ceph all-flash array design based on NUMA architecture
Ceph Day Beijing - Ceph all-flash array design based on NUMA architectureCeph Day Beijing - Ceph all-flash array design based on NUMA architecture
Ceph Day Beijing - Ceph all-flash array design based on NUMA architecture
 
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA ArchitectureCeph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
Ceph Day Beijing - Ceph All-Flash Array Design Based on NUMA Architecture
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructure
 

Más de Rainer Gerhards

Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Rainer Gerhards
 
Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rainer Gerhards
 
Wetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleRainer Gerhards
 
Rsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRainer Gerhards
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rainer Gerhards
 
CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"Rainer Gerhards
 
Status of syslog as of 2005
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005Rainer Gerhards
 
LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)Rainer Gerhards
 

Más de Rainer Gerhards (10)

Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?Sicherheit im Internet - Wie kann man sich schützen?
Sicherheit im Internet - Wie kann man sich schützen?
 
rsyslog meets docker
rsyslog meets dockerrsyslog meets docker
rsyslog meets docker
 
Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)Rsyslog version naming (v8.6.0+)
Rsyslog version naming (v8.6.0+)
 
Wetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die GrundschuleWetterbeobachtung - Ein Vortrag für die Grundschule
Wetterbeobachtung - Ein Vortrag für die Grundschule
 
Rsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal PresentationRsyslog vs Systemd Journal Presentation
Rsyslog vs Systemd Journal Presentation
 
Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)Rsyslog vs Systemd Journal (Paper)
Rsyslog vs Systemd Journal (Paper)
 
CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"CEE Log Integrity and the "Counterpane Paper"
CEE Log Integrity and the "Counterpane Paper"
 
State of syslog (2005)
State of syslog (2005)State of syslog (2005)
State of syslog (2005)
 
Status of syslog as of 2005
Status of syslog as of 2005Status of syslog as of 2005
Status of syslog as of 2005
 
LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)LogFile Auswertung (log analysis)
LogFile Auswertung (log analysis)
 

Último

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

The rsyslog v8 engine (developer's view)

  • 1. The rsyslog v8 engine A developer's view Rainer Gerhards
  • 2. What is New? • Output part totally revamped • Simplified script execution ▫ Even faster execution speed ▫ Less complex code • Even higher scalability • Global variable support • Required changes to output module interface Rainer Gerhards * http://blog.gerhards.net
  • 3. The v7 rule engine Queue worker rsyslog core Queue worker queue Single-thread compartment Action instance Queue worker Filter processing  Message formatting  Actual output action, like sending msg  Kept simple & single threaded  Works well with fast actions  Has problems with slow ones, e.g. via HTTP (like Elasticsearch)  Rainer Gerhards * http://blog.gerhards.net
  • 4. V7 Action data structures • Global data, once per module ▫ Solely for setting default parameters • pData: per action-instance ▫ Automatically created “by framework” ▫ Holds all data necessary for doing action  Config parameters  Connection handles  Other state Rainer Gerhards * http://blog.gerhards.net
  • 5. Real-World Sample: ommysql typedef struct _instanceData { MYSQL *f_hmysql; char f_dbsrv[MAXHOSTNAMELEN+1]; unsigned int f_dbsrvPort; char f_dbname[_DB_MAXDBLEN+1]; char f_dbuid[_DB_MAXUNAMELEN+1]; char f_dbpwd[_DB_MAXPWDLEN+1]; unsigned uLastMySQLErrno; uchar *f_configfile; uchar *f_configsection; uchar *tplName; } instanceData; Green: per-connection parameters Rest is config part. Rainer Gerhards * http://blog.gerhards.net
  • 6. The v8 rule engine Queue worker queue Queue worker Action wrkr inst. Queue worker rsyslog core Action wrkr inst. Action wrkr inst. Now multiple instances per action!  Queue worker pool automatically scales outbound connection count by spawning more worker instances  Works well with ElastiSearch etc.  Inherantly serial outputs (e.g. local files!) must serialize themselves  Rainer Gerhards * http://blog.gerhards.net
  • 7. V8 Action data structures • Global data, once per module ▫ Solely for setting default parameters • pData: per action-instance ▫ Automatically created “by framework” ▫ Primarily config parameters ▫ Maybe some global state like overall counters, mutexes, ... • pWrkrData: per action-worker-instance ▫ Connection handles ▫ Other “live” state Rainer Gerhards * http://blog.gerhards.net
  • 8. Real-World Sample: ommysql typedef struct _instanceData { char dbsrv[MAXHOSTNAMELEN+1]; unsigned int dbsrvPort; char dbname[_DB_MAXDBLEN+1]; char dbuid[_DB_MAXUNAMELEN+1]; char dbpwd[_DB_MAXPWDLEN+1]; uchar *configfile; uchar *configsection; uchar *tplName; } instanceData; typedef struct wrkrInstanceData { instanceData pData; /* points back to action instance */ MYSQL *hmysql; unsigned uLastMySQLErrno; } wrkrInstanceData_t; Config and per-connection parameters now split, multiple instances of per-connection data. Rainer Gerhards * http://blog.gerhards.net
  • 9. V8 data structure sample • One action module • With 2 actions • One being executed on two, one on three threads Action instance 2 Rainer Gerhards * http://blog.gerhards.net wrkr 1 wrkr 2 wrkr 1 wrkr 2 wrkr 3 External Connections module global data Action instance 1
  • 10. What if the destination cannot handle multiple workers? • A typical example is file output • Framework will still call into multiple workers • Worker must use pData mutex to protect itself – this is not done automatically! • Basically like in v7, but plugin needs to take care Action instance 1 Action instance 2 wrkr 1 wrkr 2 “real” code Action-instance mutexes wrkr 1 wrkr 2 “real” code wrkr 3 Rainer Gerhards * http://blog.gerhards.net
  • 11. Real-World Sample: omfile BEGINcommitTransaction instanceData *__restrict__ const pData = pWrkrData->pData; unsigned i; CODESTARTcommitTransaction pthread_mutex_lock(&pData->mutWrite); for(i = 0 ; i < nParams ; ++i) writeFile(pData, pParams, i); if(pData->bFlushOnTXEnd && pData->pStrm != NULL) { /* if we have an async writer, it controls the flush via * a timeout. */ if(!pData->bUseAsyncWriter) CHKiRet(strm.Flush(pData->pStrm)); } finalize_it: pthread_mutex_unlock(&pData->mutWrite); ENDcommitTransaction Rainer Gerhards * http://blog.gerhards.net
  • 12. Anything else? • A couple of more things have changed,e.g. ▫ New callbacks for wrkr Instance handling ▫ New transaction processing callback ▫ New data structures for message data • Changes are hidden mostly in macro layer • But still there is work to do ▫ Usually quite easy ▫ Presentation on how to do this will follow, in the meantime use http://blog.gerhards.net/2013/11/samples-for-v8-module-conversion.html Rainer Gerhards * http://blog.gerhards.net
  • 13. Even more? • Yup... • We now support external plugins, which need not be written in C! • Use any language you like, e.g. Python, Perl or Java... • More info at http://www.slideshare.net/rainergerhards1/writing-rsyslog-p • Note: action worker instances facilitate writing great performance external plugins Rainer Gerhards * http://blog.gerhards.net