Your SlideShare is downloading. ×
0
Non-DIY* Logging
using
A Smalltalk Syslog library
* DIY: Do It Yourself
What is Syslog?
● RFC 3164 - The BSD syslog Protocol
● It's not a standard, but it is widely used
Status of this Memo
This memo provides i...
What is Syslog?
1. Introduction
Since the beginning, life has relied upon the transmission of
messages. For the self-aware...
What is Syslog?
● It's way of using sockets to pass messages of
1024 octets in length that look like this:
<34>Oct 11 22:1...
What is Syslog?
● It's way of using sockets to pass messages of
1024 octets in length that look like this:
<34>Oct 11 22:1...
What is Syslog?
● It's way of using sockets to pass messages of
1024 octets in length that look like this:
<34>Oct 11 22:1...
Messages
● 1024 octets in length & composed like this:
– PRI
● e.g. <12> (User-Level Warning)
– Header
● e.g. Oct 11 22:14...
The 3 Players
● Device (aka a Sender)
– Remarkably, sends syslog messages
● Collector (aka Receiver)
– A syslog server
● R...
The Smalltalk Syslog Library
● OskSyslog in the public Store
– Developed in VW using Sport
– Available under the LGPL
– Us...
Sender
● The RFC says that messages must be sent to
UDP port 514
● Really should make sure the message is well
formed.
– “...
Simple Sender
● Using the logger command:
–>logger Hello, World.
–Sends a user notice to the local syslog server
–tail -f ...
The Syslog Library
● OskSyslog in the public Store
● To repeat the Dead Simple Example:
| sender |
[| message |
sender := ...
Are you listening?
● Many syslog servers don't listen on UDP by
default
– They mostly listen on local *nix sockets
– Easy ...
UDP vs. TCP
Jim Snow: http://syn.cs.pdx.edu/~jsnow/
UDP vs. TCP
Jim Snow: http://syn.cs.pdx.edu/~jsnow/
● Speed vs reliable delivery
– TCP does not guarantee delivery, but it...
Receiver
● Listens on UDP port 514
– Note that you'll need to run as root or use iptables
to redirect traffic from 514 to ...
Collector
● Uses a Receiver to get messages
– Keep
– Summarise
– Discard
● OpenSkills will be using PostgreSQL
– Looking f...
Relay
● Combination of
– a Receiver
– a Sender
● Can be used to
– Filter & Route messages
– Redirect messages over a port ...
Summary
● Lots of existing tools
– e.g. less
● Best effort delivery with UDP
– If it absolutely definitely has to be there...
Upcoming SlideShare
Loading in...5
×

Non-DIY* Logging

487

Published on

Non-DIY* Logging using A Smalltalk Syslog library. ESUG 2008, Amsterdam

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
487
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Non-DIY* Logging"

  1. 1. Non-DIY* Logging using A Smalltalk Syslog library * DIY: Do It Yourself
  2. 2. What is Syslog?
  3. 3. ● RFC 3164 - The BSD syslog Protocol ● It's not a standard, but it is widely used Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. What is Syslog?
  4. 4. What is Syslog? 1. Introduction Since the beginning, life has relied upon the transmission of messages. For the self-aware organic unit, these messages can ... From RFC 3164:
  5. 5. What is Syslog? ● It's way of using sockets to pass messages of 1024 octets in length that look like this: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvickon /dev/pts/8
  6. 6. What is Syslog? ● It's way of using sockets to pass messages of 1024 octets in length that look like this: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvickon /dev/pts/8 <165>Aug 24 05:34:00 CST 1987 mymachine myproc[10]: %% It's time to make the do-nuts. %% Ingredients: Mix=OK, Jelly=OK #Devices: Mixer=OK, Jelly_Injector =OK, Frier=OK #Transport:Conveyer1=OK, Conveyer2=OK # %%
  7. 7. What is Syslog? ● It's way of using sockets to pass messages of 1024 octets in length that look like this: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvickon /dev/pts/8 <165>Aug 24 05:34:00 CST 1987 mymachine myproc[10]: %% It's time to make the do-nuts. %% Ingredients: Mix=OK, Jelly=OK #Devices: Mixer=OK, Jelly_Injector =OK, Frier=OK #Transport:Conveyer1=OK, Conveyer2=OK # %% Use the BFG!
  8. 8. Messages ● 1024 octets in length & composed like this: – PRI ● e.g. <12> (User-Level Warning) – Header ● e.g. Oct 11 22:14:15 myhost – MSG ● e.g. hyper: bad request received from 12.63.103.16
  9. 9. The 3 Players ● Device (aka a Sender) – Remarkably, sends syslog messages ● Collector (aka Receiver) – A syslog server ● Relay – Both a Receiver and a Sender – Typically will filter and route messages – Could also act as a collector
  10. 10. The Smalltalk Syslog Library ● OskSyslog in the public Store – Developed in VW using Sport – Available under the LGPL – Used by OpenSkills in VW and GemStone ● An implementation of RFC 3164, including: – Message – Sender – Receiver – Relay
  11. 11. Sender ● The RFC says that messages must be sent to UDP port 514 ● Really should make sure the message is well formed. – “Use the BFG” is not so good
  12. 12. Simple Sender ● Using the logger command: –>logger Hello, World. –Sends a user notice to the local syslog server –tail -f /var/log/messages
  13. 13. The Syslog Library ● OskSyslog in the public Store ● To repeat the Dead Simple Example: | sender | [| message | sender := OSkSyslogSender sendingToHostNamed: '192.168.29.129'. message := OSkSyslogEventMessage userLevelNotice: 'vwnc: A test from Smalltalk'. sender send: message] ensure: [sender close].
  14. 14. Are you listening? ● Many syslog servers don't listen on UDP by default – They mostly listen on local *nix sockets – Easy to switch on UDP listening, though. In Debian: vi /etc/default/syslogd (ensure SYSLOGD="-r") /etc/init.d/sysklogd restart sudo netstat -a | grep syslog (shows if it is indeed listening on UDP)
  15. 15. UDP vs. TCP Jim Snow: http://syn.cs.pdx.edu/~jsnow/
  16. 16. UDP vs. TCP Jim Snow: http://syn.cs.pdx.edu/~jsnow/ ● Speed vs reliable delivery – TCP does not guarantee delivery, but it will let you know if a delivery failed. ● If you can't afford to lose a message or three – ask yourself if what you are doing is really logging
  17. 17. Receiver ● Listens on UDP port 514 – Note that you'll need to run as root or use iptables to redirect traffic from 514 to a port with a number > 1024 server := OSkSyslogReceiver onPort: 514 forEachMessageDo: [:aSyslogMessage | Transcript cr; show: aSyslogMessage asOctetArray asString].
  18. 18. Collector ● Uses a Receiver to get messages – Keep – Summarise – Discard ● OpenSkills will be using PostgreSQL – Looking for patterns over time – ... and whatever else comes to mind
  19. 19. Relay ● Combination of – a Receiver – a Sender ● Can be used to – Filter & Route messages – Redirect messages over a port > 1024 – perhaps send alerts to pagers?
  20. 20. Summary ● Lots of existing tools – e.g. less ● Best effort delivery with UDP – If it absolutely definitely has to be there, use TCP ● Syslog – The only way to fly for extra-image logging
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×