SlideShare a Scribd company logo

OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2

NETWAYS
NETWAYS

Graylog2 is a free and open source log analysis tool that allows you to perform searches, analyse the data, build dashboards and set alarms using the streams system. Typical use cases range from debugging platform problems & monitoring exception counts to displaying average pizza delivery time per state on a dashboard. In this talk I will go through the architecture of Graylog2, what you can do with it and how to get your data into it.

SoftwareTechnology
1 of 13
Download to read offline
Graylog2 Lennart Koopmann, OSDC 2014 @_lennart / www.graylog2.org
About me • 25 years old • Living in Hamburg, Germany • @_lennart on Twitter • Co-Founder of TORCH - The Graylog2 company.
Graylog2 history • Started as open source project by Lennart Koopmann in 2010 and was developed entirely in free time. • TORCH founded as company behind it in late 2012 after seeing massive growth and worldwide distribution in large scale setups. • Now team of 6 working full-time on it, three more people joining this summer. (and still hiring) • www.graylog2.org
Graylog2 history • Big rewrite of Graylog2 started in 2012 and finished with releasing a final v0.20.0 in February 2014 that addresses what we learnt from our first customers and all users. • Web Interface now (like the server) written in Java and easy to install. Prior versions used Ruby On Rails and were hard to install. • New web Interface focussing on powerful analytics. • Unified REST API communication for easy extending and integrating with other products, tools and scripts.
Free and open source analysis of any machine data written in your datacenter. ! Running on the JVM in your own environment. Not limited by licenses.
Basic architecture message sources graylog2-server graylog2-server ElasticSearch Cluster MongoDB graylog2-web-interface Your own reporting scripts Your own subscribers RESTREST Inputs
Architecture considerations • Use graylog2-radio for HA and high level buffering • Put load balancers in front and scale out horizontally
Architecture considerations • graylog2-server / graylog2-radio: Focus on CPU • ElasticSearch: Focus on RAM and IO • MongoDB: Replication set for failover, not much load • graylog2-web-interface: Not much load at all
Architecture considerations • http://support.torch.sh/help/kb/general/graylog2-architecture-high-level-overview
No message left behind 2014-04-04 14:05:43,147 INFO : org.graylog2.Core - SIGNAL received. Shutting down. 2014-04-04 14:05:43,150 INFO : org.graylog2.system.shutdown.GracefulShutdown - Graceful shutdown initiated. 2014-04-04 14:05:43,150 INFO : org.graylog2.system.shutdown.GracefulShutdown - Node status: [Halting [LB:DEAD]]. Waiting <5sec> for possible load balancers to recognize state change. ! … ! 2014-04-04 14:05:49,156 INFO : org.graylog2.system.shutdown.GracefulShutdown - Attempting to close input <org.graylog2.inputs.raw.udp.RawUDPInput.531f89283004f7b66a87e163> [Raw/Plaintext UDP]. 2014-04-04 14:05:49,157 INFO : org.graylog2.system.shutdown.GracefulShutdown - Input [org.graylog2.inputs.raw.udp.RawUDPInput.531f89283004f7b66a87e163] closed. Took [1ms] … ! 2014-04-04 14:05:49,158 INFO : org.graylog2.caches.Caches - Waiting until all caches are empty. 2014-04-04 14:05:49,158 INFO : org.graylog2.caches.Caches - All caches are empty. Continuing. 2014-04-04 14:05:49,159 INFO : org.graylog2.buffers.Buffers - Waiting until all buffers are empty. 2014-04-04 14:05:49,159 INFO : org.graylog2.buffers.Buffers - All buffers are empty. Continuing. ! … ! 2014-04-04 14:05:49,176 INFO : org.graylog2.system.shutdown.GracefulShutdown - Goodbye.
No message left behind
GELF http://graylog2.org/gelf • The “Graylog2 Extended Log Format”. Structured and compressed, based on JSON. • Optional UDP chunking allows sending a lot of data without having to care about connection management in your application (timeouts, …) if you don’t need transport security. • Already over 30 libraries from the community and integrated into the first products.
Streams • Performant realtime routing of messages based on rules. Matching applied when the message is received and processed. • Create streams like “SSH logins” or “Exceptions in application X” for quick access in the web interface (like saved searches) or alerts. • Be alerted based on message count thresholds or results of statistical computation of given relative time windows. “Send me an alert when the standard deviation of the response time in application X was higher than 100 in the last 10 minutes.” • Forward to other systems based on matched streams. “Forward all business intelligence related logs to another system. (to save license costs)”

Recommended

OpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpen Networking Summit
 
Build a minial DBMS from scratch by Rust
Build a minial DBMS from scratch by RustBuild a minial DBMS from scratch by Rust
Build a minial DBMS from scratch by Rust安齊 劉
 
How to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linuxHow to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linuxKirill Shipulin
 
Разведка в сетях IPv6
Разведка в сетях IPv6Разведка в сетях IPv6
Разведка в сетях IPv6Positive Hack Days
 
Wdt Test
Wdt TestWdt Test
Wdt TestLouis liu
 
Feeding the Elephant: Approaching 1PB/Day
Feeding the Elephant: Approaching 1PB/DayFeeding the Elephant: Approaching 1PB/Day
Feeding the Elephant: Approaching 1PB/DayDataWorks Summit
 
Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)lennartkoopmann
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
 

Recommended

OpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpen Networking Summit
 
Build a minial DBMS from scratch by Rust
Build a minial DBMS from scratch by RustBuild a minial DBMS from scratch by Rust
Build a minial DBMS from scratch by Rust安齊 劉
 
How to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linuxHow to bypass an IDS with netcat and linux
How to bypass an IDS with netcat and linuxKirill Shipulin
 
Разведка в сетях IPv6
Разведка в сетях IPv6Разведка в сетях IPv6
Разведка в сетях IPv6Positive Hack Days
 
Wdt Test
Wdt TestWdt Test
Wdt TestLouis liu
 
Feeding the Elephant: Approaching 1PB/Day
Feeding the Elephant: Approaching 1PB/DayFeeding the Elephant: Approaching 1PB/Day
Feeding the Elephant: Approaching 1PB/DayDataWorks Summit
 
Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)lennartkoopmann
 
RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.RSYSLOG v8 improvements and how to write plugins in any language.
RSYSLOG v8 improvements and how to write plugins in any language.Rainer Gerhards
 
penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.luigi capuzzello
 
Logs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackLogs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackJosef Karásek
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNA Green
 
How we lose etu hadoop competition
How we lose etu hadoop competitionHow we lose etu hadoop competition
How we lose etu hadoop competitionEvans Ye
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
RHCE administration ii book by Moamen Hany
RHCE administration ii book by Moamen HanyRHCE administration ii book by Moamen Hany
RHCE administration ii book by Moamen HanyMoamen Hany ELNASHAR
 
Building hadoop based big data environment
Building hadoop based big data environmentBuilding hadoop based big data environment
Building hadoop based big data environmentEvans Ye
 
Creating Open Data with Open Source (beta2)
Creating Open Data with Open Source (beta2)Creating Open Data with Open Source (beta2)
Creating Open Data with Open Source (beta2)Sammy Fung
 
SDN Onboarding: Open vSwitch CLIs, OpenDaylight
SDN Onboarding: Open vSwitch CLIs, OpenDaylightSDN Onboarding: Open vSwitch CLIs, OpenDaylight
SDN Onboarding: Open vSwitch CLIs, OpenDaylightTelematika Open Session
 
How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic Sumo Logic
 
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...PROIDEA
 
Hunting Botnets with Zmap
Hunting Botnets with ZmapHunting Botnets with Zmap
Hunting Botnets with ZmapHeadlessZeke
 
Inithub.org presentation
Inithub.org presentationInithub.org presentation
Inithub.org presentationAaron Welch
 
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...SGS
 
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...NETWAYS
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Chris Tankersley
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous DeploymentRon Heft
 
From Zero to Data Flow in Hours with Apache NiFi
From Zero to Data Flow in Hours with Apache NiFiFrom Zero to Data Flow in Hours with Apache NiFi
From Zero to Data Flow in Hours with Apache NiFiDataWorks Summit/Hadoop Summit
 
How do we develop open source software to help open data ? (MOSC 2013)
How do we develop open source software to help open data ? (MOSC 2013)How do we develop open source software to help open data ? (MOSC 2013)
How do we develop open source software to help open data ? (MOSC 2013)Sammy Fung
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 

More Related Content

Similar to OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2

penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.luigi capuzzello
 
Logs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackLogs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackJosef Karásek
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNA Green
 
How we lose etu hadoop competition
How we lose etu hadoop competitionHow we lose etu hadoop competition
How we lose etu hadoop competitionEvans Ye
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
RHCE administration ii book by Moamen Hany
RHCE administration ii book by Moamen HanyRHCE administration ii book by Moamen Hany
RHCE administration ii book by Moamen HanyMoamen Hany ELNASHAR
 
Building hadoop based big data environment
Building hadoop based big data environmentBuilding hadoop based big data environment
Building hadoop based big data environmentEvans Ye
 
Creating Open Data with Open Source (beta2)
Creating Open Data with Open Source (beta2)Creating Open Data with Open Source (beta2)
Creating Open Data with Open Source (beta2)Sammy Fung
 
SDN Onboarding: Open vSwitch CLIs, OpenDaylight
SDN Onboarding: Open vSwitch CLIs, OpenDaylightSDN Onboarding: Open vSwitch CLIs, OpenDaylight
SDN Onboarding: Open vSwitch CLIs, OpenDaylightTelematika Open Session
 
How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic Sumo Logic
 
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...PROIDEA
 
Hunting Botnets with Zmap
Hunting Botnets with ZmapHunting Botnets with Zmap
Hunting Botnets with ZmapHeadlessZeke
 
Inithub.org presentation
Inithub.org presentationInithub.org presentation
Inithub.org presentationAaron Welch
 
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...SGS
 
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...NETWAYS
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Chris Tankersley
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftpTushar B Kute
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous DeploymentRon Heft
 
How do we develop open source software to help open data ? (MOSC 2013)
How do we develop open source software to help open data ? (MOSC 2013)How do we develop open source software to help open data ? (MOSC 2013)
How do we develop open source software to help open data ? (MOSC 2013)Sammy Fung
 

Similar to OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2 (20)

penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.
 
Logs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK StackLogs/Metrics Gathering With OpenShift EFK Stack
Logs/Metrics Gathering With OpenShift EFK Stack
 
Securing Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPNSecuring Back Office Business Processes with OpenVPN
Securing Back Office Business Processes with OpenVPN
 
How we lose etu hadoop competition
How we lose etu hadoop competitionHow we lose etu hadoop competition
How we lose etu hadoop competition
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
RHCE administration ii book by Moamen Hany
RHCE administration ii book by Moamen HanyRHCE administration ii book by Moamen Hany
RHCE administration ii book by Moamen Hany
 
Building hadoop based big data environment
Building hadoop based big data environmentBuilding hadoop based big data environment
Building hadoop based big data environment
 
Creating Open Data with Open Source (beta2)
Creating Open Data with Open Source (beta2)Creating Open Data with Open Source (beta2)
Creating Open Data with Open Source (beta2)
 
SDN Onboarding: Open vSwitch CLIs, OpenDaylight
SDN Onboarding: Open vSwitch CLIs, OpenDaylightSDN Onboarding: Open vSwitch CLIs, OpenDaylight
SDN Onboarding: Open vSwitch CLIs, OpenDaylight
 
How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic How Netskope Mastered DevOps with Sumo Logic
How Netskope Mastered DevOps with Sumo Logic
 
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...
PLNOG16: Mix 2-in-1: IPv6 troubleshooting for helpdesks - and – DANE/DNSSE...
 
Hunting Botnets with Zmap
Hunting Botnets with ZmapHunting Botnets with Zmap
Hunting Botnets with Zmap
 
Inithub.org presentation
Inithub.org presentationInithub.org presentation
Inithub.org presentation
 
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
Automated SDTM Creation and Discrepancy Detection Jobs: The Numbers Tell The ...
 
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
 
Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015Your Inner Sysadmin - MidwestPHP 2015
Your Inner Sysadmin - MidwestPHP 2015
 
Share File easily between computers using sftp
Share File easily between computers using sftpShare File easily between computers using sftp
Share File easily between computers using sftp
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous Deployment
 
From Zero to Data Flow in Hours with Apache NiFi
From Zero to Data Flow in Hours with Apache NiFiFrom Zero to Data Flow in Hours with Apache NiFi
From Zero to Data Flow in Hours with Apache NiFi
 
How do we develop open source software to help open data ? (MOSC 2013)
How do we develop open source software to help open data ? (MOSC 2013)How do we develop open source software to help open data ? (MOSC 2013)
How do we develop open source software to help open data ? (MOSC 2013)
 

Recently uploaded

ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Nitya salvi
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Recently uploaded (20)

ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 

OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2

  • 1. Graylog2 Lennart Koopmann, OSDC 2014 @_lennart / www.graylog2.org
  • 2. About me • 25 years old • Living in Hamburg, Germany • @_lennart on Twitter • Co-Founder of TORCH - The Graylog2 company.
  • 3. Graylog2 history • Started as open source project by Lennart Koopmann in 2010 and was developed entirely in free time. • TORCH founded as company behind it in late 2012 after seeing massive growth and worldwide distribution in large scale setups. • Now team of 6 working full-time on it, three more people joining this summer. (and still hiring) • www.graylog2.org
  • 4. Graylog2 history • Big rewrite of Graylog2 started in 2012 and finished with releasing a final v0.20.0 in February 2014 that addresses what we learnt from our first customers and all users. • Web Interface now (like the server) written in Java and easy to install. Prior versions used Ruby On Rails and were hard to install. • New web Interface focussing on powerful analytics. • Unified REST API communication for easy extending and integrating with other products, tools and scripts.
  • 5. Free and open source analysis of any machine data written in your datacenter. ! Running on the JVM in your own environment. Not limited by licenses.
  • 6. Basic architecture message sources graylog2-server graylog2-server ElasticSearch Cluster MongoDB graylog2-web-interface Your own reporting scripts Your own subscribers RESTREST Inputs
  • 7. Architecture considerations • Use graylog2-radio for HA and high level buffering • Put load balancers in front and scale out horizontally
  • 8. Architecture considerations • graylog2-server / graylog2-radio: Focus on CPU • ElasticSearch: Focus on RAM and IO • MongoDB: Replication set for failover, not much load • graylog2-web-interface: Not much load at all
  • 10. No message left behind 2014-04-04 14:05:43,147 INFO : org.graylog2.Core - SIGNAL received. Shutting down. 2014-04-04 14:05:43,150 INFO : org.graylog2.system.shutdown.GracefulShutdown - Graceful shutdown initiated. 2014-04-04 14:05:43,150 INFO : org.graylog2.system.shutdown.GracefulShutdown - Node status: [Halting [LB:DEAD]]. Waiting <5sec> for possible load balancers to recognize state change. ! … ! 2014-04-04 14:05:49,156 INFO : org.graylog2.system.shutdown.GracefulShutdown - Attempting to close input <org.graylog2.inputs.raw.udp.RawUDPInput.531f89283004f7b66a87e163> [Raw/Plaintext UDP]. 2014-04-04 14:05:49,157 INFO : org.graylog2.system.shutdown.GracefulShutdown - Input [org.graylog2.inputs.raw.udp.RawUDPInput.531f89283004f7b66a87e163] closed. Took [1ms] … ! 2014-04-04 14:05:49,158 INFO : org.graylog2.caches.Caches - Waiting until all caches are empty. 2014-04-04 14:05:49,158 INFO : org.graylog2.caches.Caches - All caches are empty. Continuing. 2014-04-04 14:05:49,159 INFO : org.graylog2.buffers.Buffers - Waiting until all buffers are empty. 2014-04-04 14:05:49,159 INFO : org.graylog2.buffers.Buffers - All buffers are empty. Continuing. ! … ! 2014-04-04 14:05:49,176 INFO : org.graylog2.system.shutdown.GracefulShutdown - Goodbye.
  • 11. No message left behind
  • 12. GELF http://graylog2.org/gelf • The “Graylog2 Extended Log Format”. Structured and compressed, based on JSON. • Optional UDP chunking allows sending a lot of data without having to care about connection management in your application (timeouts, …) if you don’t need transport security. • Already over 30 libraries from the community and integrated into the first products.
  • 13. Streams • Performant realtime routing of messages based on rules. Matching applied when the message is received and processed. • Create streams like “SSH logins” or “Exceptions in application X” for quick access in the web interface (like saved searches) or alerts. • Be alerted based on message count thresholds or results of statistical computation of given relative time windows. “Send me an alert when the standard deviation of the response time in application X was higher than 100 in the last 10 minutes.” • Forward to other systems based on matched streams. “Forward all business intelligence related logs to another system. (to save license costs)”