Downloaded 54 times
More Related Content
Centralized logging
- 1.
- 2. Logging provides value. How’sthat now?
- 3. How does logging providevalue? We can gather information on the system while it’s in operation. We can use this information to provide more value to the business.
- 4. More Value? Information gatheredfrom logs allows you to proactively take actions that will keep systems providing the most value to the business.
- 5. Talk in circlesmuch? Centralized logging provides visibility into the operational efficiency of the system and process.
- 6. A story onoperational sleep efficiency
- 7. How is itdone? Logs for most/all systems are shipped, parsed and stored in a central location for monitoring and decision making.
- 8. Um…sounds like abunch of work. IIS Logs SQL Logs Router Logs Etc.
- 9. Initial focus ison application logging for in-house applications.
- 10. Where we are… Systemlogs file to directory System logs file to database ? System logs file to directory Where many are…we’re not alone.
- 11. Where we wantto go. Shipper Systems Parsing, Indexing, St orage Logger Viewer App A system that has the ability to store and analyze log data from any system that provides it.
- 12.
- 13. Access To Log Gettingaccess to production servers is not always easy.
- 14. Standardizing Logging format Log(“Error Occurred,45, 64”) Log({Error : “Doh!”,Exeception : ex}) While enabling extensibility… Mobile Client Log Database Log Web Client(js) Log Service Log DNN Log MVC Application Log
- 15. Access to alllog data Web Client L o g s Mobile Client L o g s Service/Logic L o g s Data Tier DB L o g s L o g s
- 16. Use log datafor… • Troubleshoot errors and design • Monitoring and notification • Auditing
- 17. Upcoming version ofKibana! Business decisions (Analytics)
- 18.
- 19. Windows Event Log •Low Cost – Built in. • Built in UI • Can forward logs to a central server
- 20. Windows Event Log •Event entries stored in memory. • Have to configure logging per server. • Service interface for other clients to hook into not available.
- 21. Log to centralSQL database • Low Cost – SQL in house, create an database/table.
- 22. Log to centralSQL database • Relational (Schema based) format challenging to use for unstructured data. • logging straight to database could degrade application performance.
- 23. Commercial Hosted Tools •Handles multiple log formats • Robust charting/searching Features
- 24. • Turned downpreviously • $$$ - pricey for amount of space allotted
- 25. And the winneris…. A Hybrid Approach.
- 26. Kibana Rest API Archival Elastic Search Log Indexer RedisQueue L o g L o g EL EL EL Application Application Application
- 27.
- 28. Extensible Log Indexer (Publisher) Notifications Statistics (Subscriber) (Subscriber) Redis Queue Using aPub/Sub pattern from the queue will allow other components to subscribe to it.
- 29. Runs on Windows Java/Rubybased tools run on windows with some setup.
- 30.
- 31.
- 32. Inverted Index “In computerscience, an inverted index (also referred to as postings file or inverted file) is anindex data structure storing a mapping from content, such as words or numbers, to its locations in adatabase file, or in a document or a set of documents. The purpose of an inverted index is to allow fast full text searches, at a cost of increased processing when a document is added to the database.” via http://en.wikipedia.org/wiki/Inverted_index Word Word Word Page Page Page Page Word Regular Index Inverted Index
- 33. Documented Oriented • Noneed to define schema upfront • Can store, index and quickly search unstructured data. • Schema can be defined per type for customization of the indexing process.
- 34. Big Community • VIAhttp://www.elasticsearch.org/community/
- 35. Easy to scale •Distributed by nature. • Indexes broken down by shards with 0 or more replicas.
- 36. Easy Level 1Rest API • Well documented and straight forward api, which makes it easy to build a client for it.
- 37. What’s Needed recap • • • • Serverfor Elastic Search (Windows/Linux) Redis Server Windows service to index logs from queue. Modify Enterprise Library Logger to send to queue.
- 38. In closing Gathering thedata is one part. Logging enough information and knowing what questions your are looking to answer is another part.
- 39.