SlideShare a Scribd company logo

OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers

NETWAYS
NETWAYS

Until recently, sending logs to Graylog without using Syslog or any third party program was a bit cumbersome. This has changed since version 1.1. Graylog now has its own log collector which is tightly integrated with the Graylog server and web interface to simplify the management of log shippers. The Graylog collector runs on several operating systems including Linux, Windows, Mac OS and AIX. It makes it easy to send data like Apache access logs or Windows event logs to Graylog without the need of any third party tools. In this talk I will introduce the Graylog collector and show how to install and configure it on Linux and Windows. I will also show how to extract structured data from those logs and an example integration with the Icinga monitoring system to alert on critical events.

Technology
1 of 44
Download to read offline
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Monitoring Linux and Windows Logs with Graylog Collector Bernd Ahlers Graylog, Inc.
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Logging & Introduction to Graylog Collector Bernd Ahlers Graylog, Inc.
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog ● Open source log management platform ● Collect, index and analyze structured and unstructured log data ● Alerts based on log data ● Extensible via custom plugins
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com More about Graylog ● www.graylog.org ● marketplace.graylog.org ● docs.graylog.org ● github.com/Graylog2
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why are we writing logs? ● Getting insight & collecting business metrics ● Debugging problems ● Building an audit trail ● Monitoring
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How do we access our logs? ● Applications write to local files ● SSH into machines ● tail, grep, awk ● If lucky: central log management
Bernd Ahlers – Graylog, Inc. bernd@graylog.com What do they look like? ● Syslog RFC 3164 (BSD) ● Syslog RFC 5424
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 3164 (BSD) Nov 10 15:55:01 tumbler CRON[2684]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Apache 127.0.0.1 - bernd [28/Dec/2014:06:43:15 +0100] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 910 "-" "Mozilla/5.0 (Linux) mirall/1.7.1"
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Postfix Aug 5 17:05:26 hostname postfix/qmgr[308]: A44F828C71: from=<bamm@example.com>, size=153136, nrcpt=1 (queue active)
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Squid sq18.wikimedia.org 1715898 2010-12- 01T21:57:22.331 0 1.2.3.4 TCP_MEM_HIT/200 13208 GET http://en.wikipedia.org/wiki/Main_Page NONE/- text/html - - Mozilla/4.0%20(compatible;%20MSIE %206.0;%20Windows%20NT%205.1;%20.NET%20CLR %201.1.4322) en-US -
Bernd Ahlers – Graylog, Inc. bernd@graylog.com log4j 0 [main] INFO MyApp - Entering application. 36 [main] DEBUG com.foo.Bar - Did it again! 51 [main] INFO MyApp - Exiting application.
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Ruby Logger I, [2015-11-18T00:16:27.723972 #3609] INFO -- : Hello world!
Bernd Ahlers – Graylog, Inc. bernd@graylog.com #1 Problem: Timestamps ● Everyone likes to invent one ● Missing most of the time: timezone, year
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to get value out of unstructured logs? ● Regex ● More regex ● Even more regex
Bernd Ahlers – Graylog, Inc. bernd@graylog.com ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(: [0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}) {1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1- 9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((: [0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0- 4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f] {1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1- 9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f] {1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0- 5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)) {3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A- Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f] {1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:)))(%.+)?
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Grok IPV6 ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9... USERNAME [a-zA-Z0-9._-]+ USER %{USERNAME} HOSTNAME b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A-Za-z][0-9A- Za-z-]{0,62}))*(.?|b) EMAILLOCALPART [a-zA-Z][a-zA-Z0-9_.+-=:]+ EMAILADDRESS %{EMAILLOCALPART}@%{HOSTNAME} ... COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Graylog: Extractors ● Regular expressions based ● Extracts data into message fields
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to fix this? ● Central log collection (Graylog, ELK, others) ● Use structured log formats – Structured Syslog RFC 5424 – CEF Format – GELF – JSON
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
Bernd Ahlers – Graylog, Inc. bernd@graylog.com CEF by ArcSight/HP Sep 19 08:26:10 host CEF:0|HP|siem| 1.0|100|service successfully stopped|10| src=10.0.0.1 dst=2.1.2.2 spt=1232
Bernd Ahlers – Graylog, Inc. bernd@graylog.com GELF { "version": "1.1", "timestamp": 1385053862.3072, "host": "example.org", "short_message": "A short message", "full_message": "Backtrace herennmore stuff", "level": 1, "_user_id": 9001, "_some_info": "foo", "_some_env_var": "bar"}
Bernd Ahlers – Graylog, Inc. bernd@graylog.com JSON { "source": "example.org", "message": "A log message", "timestamp": "2015-11-15T10:43:21Z", "user_id": 9001, "http_method": "GET"}
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How we try to improve the ecosystem ● Icinga2 GELF output for events ● Docker GELF logging driver (since Docker 1.8) ● apache-mod_log_gelf (beta) ● log4j2-gelf ● gelfclient Java library ● svloggelfd (log forwarding for runit)
Bernd Ahlers – Graylog, Inc. bernd@graylog.com We at Graylog <3 structured data and you should too!
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog Collector ● Reads local log files and ships them to Graylog ● Windows EventLog support (limited for now) ● Transport encryption via TLS ● Runs on Linux, Windows, Mac OS X and AIX
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why another Collector? ● There are lots of others: nxlog, fluentd, heka, filebeat, rsyslog, syslog-ng ● We want integration and centralized management of collectors in Graylog
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Installation ● OS packages for Linux distributions ● Manual installation on Windows via ZIP file (MSI upcoming) Runs as Windows service
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Configuration server-url = "http://your-graylog-server:12900" inputs { windows-application-log { type = "windows-eventlog" source-name = "Application" } } outputs { gelf-tcp { type = "gelf" host = "your-graylog-server" port = 12201 } }
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector: Current State ● Windows EventLog support needs update to support new Windows APIs ● File reading needs improvement ● Centralized management needs to be implemented ● :-(
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Tomorrow: Hackathon
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Thank you! Thank you for your time!
Bernd Ahlers – Graylog, Inc. bernd@graylog.com QA Ask me anything! Bernd Ahlers / Graylog, Inc. bernd@graylog.com @berndahlers www.graylog.org github.com/Graylog2

Recommended

NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要Taro Hagiya
 
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperOSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperNETWAYS
 
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterOSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterNETWAYS
 
OSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinOSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinNETWAYS
 
OSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonOSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonNETWAYS
 
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...NETWAYS
 
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationOSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationNETWAYS
 
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderOSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderNETWAYS
 

Recommended

NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要Taro Hagiya
 
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperOSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperNETWAYS
 
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterOSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterNETWAYS
 
OSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinOSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinNETWAYS
 
OSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonOSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonNETWAYS
 
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...NETWAYS
 
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationOSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationNETWAYS
 
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderOSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderNETWAYS
 
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzOSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzNETWAYS
 
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardOSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardNETWAYS
 
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaOSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaNETWAYS
 
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensOSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensNETWAYS
 
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...NETWAYS
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatNETWAYS
 
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogOSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogNETWAYS
 
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmOSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmNETWAYS
 
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...NETWAYS
 
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynotePuppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynoteNETWAYS
 
Working in and with Open Source Communities
Working in and with Open Source CommunitiesWorking in and with Open Source Communities
Working in and with Open Source CommunitiesNETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...NETWAYS
 
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...NETWAYS
 
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...NETWAYS
 
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...NETWAYS
 
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) NETWAYS
 
OSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemOSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemNETWAYS
 
Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngPeter Czanik
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 

More Related Content

Viewers also liked

OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzOSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzNETWAYS
 
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardOSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardNETWAYS
 
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaOSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaNETWAYS
 
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensOSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensNETWAYS
 
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...NETWAYS
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatNETWAYS
 
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogOSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogNETWAYS
 
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmOSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmNETWAYS
 
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...NETWAYS
 
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynotePuppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynoteNETWAYS
 
Working in and with Open Source Communities
Working in and with Open Source CommunitiesWorking in and with Open Source Communities
Working in and with Open Source CommunitiesNETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...NETWAYS
 
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...NETWAYS
 
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...NETWAYS
 
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...NETWAYS
 
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) NETWAYS
 
OSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemOSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemNETWAYS
 

Viewers also liked (20)

OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzOSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
 
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardOSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
 
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaOSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
 
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensOSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
 
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas Bhagat
 
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogOSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
 
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmOSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
 
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
 
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynotePuppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
 
Working in and with Open Source Communities
Working in and with Open Source CommunitiesWorking in and with Open Source Communities
Working in and with Open Source Communities
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
 
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
 
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
 
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
 
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
 
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
 
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
 
OSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemOSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage System
 

Similar to OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers

Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngPeter Czanik
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
syslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionsyslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionBalaBit
 
Mesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим ШовкоплясMesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим ШовкоплясSigma Software
 
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?NETWAYS
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGAll Things Open
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngPeter Czanik
 
CDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPSCDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPSSaúl Ibarra Corretgé
 
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...BalaBit
 
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...Guy Eschemann
 
Getting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitGetting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitSulamita Garcia
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...NETWAYS
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Fuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP SeasidesFuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP SeasidesOWASPSeasides
 
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORINGEko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORINGPablo Garbossa
 

Similar to OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers (20)

Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ng
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Graylog
GraylogGraylog
Graylog
 
syslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionsyslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extraction
 
Mesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим ШовкоплясMesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим Шовкопляс
 
GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018
 
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NG
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
 
CDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPSCDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPS
 
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
 
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
 
Getting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitGetting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer Kit
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdf
 
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
 
OpenSIPS Workshop
OpenSIPS WorkshopOpenSIPS Workshop
OpenSIPS Workshop
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Fuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP SeasidesFuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP Seasides
 
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORINGEko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers

  • 1. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Monitoring Linux and Windows Logs with Graylog Collector Bernd Ahlers Graylog, Inc.
  • 2. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Logging & Introduction to Graylog Collector Bernd Ahlers Graylog, Inc.
  • 3. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog ● Open source log management platform ● Collect, index and analyze structured and unstructured log data ● Alerts based on log data ● Extensible via custom plugins
  • 4. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 5. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 6. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 7. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 8. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 9. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 10. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 11. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 12. Bernd Ahlers – Graylog, Inc. bernd@graylog.com More about Graylog ● www.graylog.org ● marketplace.graylog.org ● docs.graylog.org ● github.com/Graylog2
  • 13. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why are we writing logs? ● Getting insight & collecting business metrics ● Debugging problems ● Building an audit trail ● Monitoring
  • 14. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How do we access our logs? ● Applications write to local files ● SSH into machines ● tail, grep, awk ● If lucky: central log management
  • 15. Bernd Ahlers – Graylog, Inc. bernd@graylog.com What do they look like? ● Syslog RFC 3164 (BSD) ● Syslog RFC 5424
  • 16. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 3164 (BSD) Nov 10 15:55:01 tumbler CRON[2684]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
  • 17. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
  • 18. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Apache 127.0.0.1 - bernd [28/Dec/2014:06:43:15 +0100] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 910 "-" "Mozilla/5.0 (Linux) mirall/1.7.1"
  • 19. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Postfix Aug 5 17:05:26 hostname postfix/qmgr[308]: A44F828C71: from=<bamm@example.com>, size=153136, nrcpt=1 (queue active)
  • 20. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Squid sq18.wikimedia.org 1715898 2010-12- 01T21:57:22.331 0 1.2.3.4 TCP_MEM_HIT/200 13208 GET http://en.wikipedia.org/wiki/Main_Page NONE/- text/html - - Mozilla/4.0%20(compatible;%20MSIE %206.0;%20Windows%20NT%205.1;%20.NET%20CLR %201.1.4322) en-US -
  • 21. Bernd Ahlers – Graylog, Inc. bernd@graylog.com log4j 0 [main] INFO MyApp - Entering application. 36 [main] DEBUG com.foo.Bar - Did it again! 51 [main] INFO MyApp - Exiting application.
  • 22. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Ruby Logger I, [2015-11-18T00:16:27.723972 #3609] INFO -- : Hello world!
  • 23. Bernd Ahlers – Graylog, Inc. bernd@graylog.com #1 Problem: Timestamps ● Everyone likes to invent one ● Missing most of the time: timezone, year
  • 24. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to get value out of unstructured logs? ● Regex ● More regex ● Even more regex
  • 25. Bernd Ahlers – Graylog, Inc. bernd@graylog.com ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(: [0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}) {1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1- 9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((: [0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0- 4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f] {1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1- 9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f] {1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0- 5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)) {3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A- Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f] {1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:)))(%.+)?
  • 26. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Grok IPV6 ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9... USERNAME [a-zA-Z0-9._-]+ USER %{USERNAME} HOSTNAME b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A-Za-z][0-9A- Za-z-]{0,62}))*(.?|b) EMAILLOCALPART [a-zA-Z][a-zA-Z0-9_.+-=:]+ EMAILADDRESS %{EMAILLOCALPART}@%{HOSTNAME} ... COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
  • 27. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Graylog: Extractors ● Regular expressions based ● Extracts data into message fields
  • 28. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 29. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to fix this? ● Central log collection (Graylog, ELK, others) ● Use structured log formats – Structured Syslog RFC 5424 – CEF Format – GELF – JSON
  • 30. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
  • 31. Bernd Ahlers – Graylog, Inc. bernd@graylog.com CEF by ArcSight/HP Sep 19 08:26:10 host CEF:0|HP|siem| 1.0|100|service successfully stopped|10| src=10.0.0.1 dst=2.1.2.2 spt=1232
  • 32. Bernd Ahlers – Graylog, Inc. bernd@graylog.com GELF { "version": "1.1", "timestamp": 1385053862.3072, "host": "example.org", "short_message": "A short message", "full_message": "Backtrace herennmore stuff", "level": 1, "_user_id": 9001, "_some_info": "foo", "_some_env_var": "bar"}
  • 33. Bernd Ahlers – Graylog, Inc. bernd@graylog.com JSON { "source": "example.org", "message": "A log message", "timestamp": "2015-11-15T10:43:21Z", "user_id": 9001, "http_method": "GET"}
  • 34. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How we try to improve the ecosystem ● Icinga2 GELF output for events ● Docker GELF logging driver (since Docker 1.8) ● apache-mod_log_gelf (beta) ● log4j2-gelf ● gelfclient Java library ● svloggelfd (log forwarding for runit)
  • 35. Bernd Ahlers – Graylog, Inc. bernd@graylog.com We at Graylog <3 structured data and you should too!
  • 36. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog Collector ● Reads local log files and ships them to Graylog ● Windows EventLog support (limited for now) ● Transport encryption via TLS ● Runs on Linux, Windows, Mac OS X and AIX
  • 37. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why another Collector? ● There are lots of others: nxlog, fluentd, heka, filebeat, rsyslog, syslog-ng ● We want integration and centralized management of collectors in Graylog
  • 38. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 39. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Installation ● OS packages for Linux distributions ● Manual installation on Windows via ZIP file (MSI upcoming) Runs as Windows service
  • 40. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Configuration server-url = "http://your-graylog-server:12900" inputs { windows-application-log { type = "windows-eventlog" source-name = "Application" } } outputs { gelf-tcp { type = "gelf" host = "your-graylog-server" port = 12201 } }
  • 41. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector: Current State ● Windows EventLog support needs update to support new Windows APIs ● File reading needs improvement ● Centralized management needs to be implemented ● :-(
  • 42. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Tomorrow: Hackathon
  • 43. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Thank you! Thank you for your time!
  • 44. Bernd Ahlers – Graylog, Inc. bernd@graylog.com QA Ask me anything! Bernd Ahlers / Graylog, Inc. bernd@graylog.com @berndahlers www.graylog.org github.com/Graylog2