SlideShare a Scribd company logo

Open Source Logging and Metric Tools

Phase2
Phase2

This document discusses open source logging and metrics tools. It provides an introduction to customizing logs from common daemons and focuses on log aggregation, parsing, and search. It describes a demo setup using the ELK stack to aggregate and visualize logs and metrics from a Drupal site. The document discusses shipping logs with rsyslog and logstash, and parsing different log formats. It also covers monitoring performance with tools like Graphite and Grafana.

1 of 69
Download to read offline
Open Source Logging
 and Metrics Tools CapitalCamp and Gov Days 2014
Introduction
Director of Engineering, Phase2 Steven Merrill Twitter: @stevenmerrill
About This Talk • Let you visualize your data with OSS tools • Information on customizing logs from common daemons • Strong focus on log aggregation, parsing, and search • Information about drupal.org's logging setup • Some information on performance metrics tools • Two-machine demo of Drupal and logging tools
Demo:
 ELK Stack in Action
Demo Setup • 2 Google Cloud Engine g1.small instances • All instances run collectd to grab system metrics • 1 'drupal' instance with Apache, Varnish, MySQL, PHP • 1 'utility' instance with rsyslog host, Jenkins, Graphite, Grafana, ElasticSearch, Logstash, Kibana, bucky
Logs
Ceci n'est pas une log
Logs are time + data. Creator of Logstash Jordan Sissel “ ”
What Are Logs • Ultimately, logs are about keeping track of events • Logs are very different; some use custom formats, while some may be in pure XML or JSON • Some are one line, some are many, like Java stacktraces or MySQL slow query logs
Who Produces Logs • Drupal • nginx • Apache • Varnish • Jenkins • SOLR • MySQL • cron • sudo • ...
Types of Logs • Error Logs • Transaction Logs • Trace Logs • Debug Logs
Issues With Logs • Legal retention requirements • Require shell access to view • Not often human-parseable • Cyborg-friendly tooling
Solving Problems With Log Data • Find slow pages or queries • Sort through Drupal logs to trace user action on a site • Get an average idea of traffic to a particular area • Track new PHP error types
Shipping Logs
Ship Those Logs! • syslog-ng • rsyslogd • Ship syslog • Ship other log files • Lumberjack (logstash- forwarder) • Beaver
Shipping Concerns • Queueing • Behavior when shipping to remote servers • Max spool disk usage • Retries? • Security • Encrypted channel • Encrypted at rest • Access to sensitive data
Configuring rsyslogd Clients • Ship logs to another rsyslog server over TCP • *.* @@utility:514 • This defaults to shipping anything that it would normally log to /var/log/syslog or /var/log/messages
Configuring rsyslogd Servers • Prevent remote logs from showing up in /var/log/messages • if $source != 'utility' then ~ • Store logs coming in based on hostname and date • $template DailyPerHostLogs,"/var/log/rsyslog/%HOSTNAME%/ %HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log"
 *.* -?DailyPerHostLogs;RSYSLOG_TraditionalFileFormat
Configuring rsyslogd Shipping • Read lines from a particular file and ship over syslog • $ModLoad imfile
 $InputFileName /var/log/httpd/access_log
 $InputFileTag apache_access:
 $InputFileStateFile state-apache_access
 $InputFileSeverity info
 $InputFileFacility local0
 $InputFilePollInterval 10
 $InputRunFileMonitor
Configuring rsyslogd Spooling • Configure spooling and queueing behavior • $WorkDirectory /var/lib/rsyslog # where to place spool files
 $ActionQueueFileName fwdRule1 # unique name prefix for spool files
 $ActionQueueMaxDiskSpace 1g # 1gb space limit
 $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
 $ActionQueueType LinkedList # run asynchronously
 $ActionResumeRetryCount -1 # infinite retries if host is down
Syslog-shipped Log Files Mar 11 15:38:14 drupal drupal: http://192.168.32.3|1394566694| system|192.168.32.1|http://192.168.32.3/admin/modules/list /confirm|http://192.168.32.3/admin/modules|1||php module installed. ! Jul 30 15:04:14 drupal varnish_access: 156.40.118.178 - - [30/ Jul/2014:15:04:09 +0000] "GET http://23.251.149.143/misc/ tableheader.js?n9j5uu HTTP/1.1" 200 1848 "http:// 23.251.149.143/admin/modules" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 0.000757 miss
Log Formats
Syslog Apr 11 18:35:53 shiftiest dnsmasq-dhcp[23185]: DHCPACK(br100) 192.168.32.4 fa:16:3e:c4:2f:fd varnish4 Mar 11 15:38:14 drupal drupal: http://192.168.32.3|1394566694| system|192.168.32.1|http://192.168.32.3/admin/modules/list /confirm|http://192.168.32.3/admin/modules|1||php module installed.
Apache 127.0.0.1 - - [08/Mar/2014:00:36:44 -0500] "GET /dashboard HTTP/1.0" 302 20 "https://68.232.187.42/dashboard/" "Mozilla/ 5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
nginx 192.168.32.1 - - [11/Apr/2014:10:44:36 -0400] "GET /kibana/ font/fontawesome-webfont.woff?v=3.2.1 HTTP/1.1" 200 43572 "http://192.168.32.6/kibana/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36"
Varnish 192.168.32.1 - - [11/Apr/2014:10:47:52 -0400] "GET http:// 192.168.32.3/themes/seven/images/list-item.png HTTP/1.1" 200 195 "http://192.168.32.3/admin/config" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36"
Additional Features • Apache, nginx, and Varnish all support additional output • Varnish can log cache hit/miss • With Logstash we can look at how to normalize these • A regex engine with built-in named patterns • Online tools to parse sample logs
Apache • Configurable log formats are available – http:// httpd.apache.org/docs/2.2/mod/mod_log_config.html • A single LogFormat directive in any Apache configuration file will override all log formats • The default NCSA combined log format is as follows • LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i"
 "%{User-agent}i"" combined
Apache • Additional useful information: • %D Time taken to serve request in microseconds • %{Host}i Value of the Host HTTP header • %p Port • New LogFormat line: • LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i"
 "%{User-Agent}i" %D %{Host}i %p" combined
nginx • Log formats are defined with the log_format directive – http:// nginx.org/en/docs/http/ngx_http_log_module.html#log_format • You may not override the default NCSA combined format • log_format combined '$remote_addr - $remote_user [$time_local] '
 '"$request" $status $body_bytes_sent '
 '"$http_referer" "$http_user_agent"';
Apache 127.0.0.1 - - [29/Jul/2014:22:03:07 +0000] "GET /admin/config/ development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" ! 127.0.0.1 - - [29/Jul/2014:22:03:07 +0000] "GET /admin/config/ development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 45304 23.251.149.143 80
nginx • Additional useful information: • $request_time Time taken to serve request in seconds with millisecond resolution (e.g. 0.073) • $http_host Value of the Host HTTP header • $server_post Port
nginx • New log_format line and example config for a vhost: • log_format logstash '$remote_addr - $remote_user [$time_local] '
 '"$request" $status $body_bytes_sent '
 '"$http_referer" "$http_user_agent" '
 '$request_time $http_host $server_port'; • access_log /var/log/nginx/access.log logstash;
nginx 70.42.157.6 - - [22/Jul/2014:22:03:30 +0000] "POST / logstash-2014.07.22/_search HTTP/1.0" 200 281190 "http:// 146.148.34.62/kibana/index.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" ! 70.42.157.6 - - [22/Jul/2014:22:03:30 +0000] "POST / logstash-2014.07.22/_search HTTP/1.0" 200 281190 "http:// 146.148.34.62/kibana/index.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 0.523 146.148.34.62 80
Varnish • The varnishncsa daemon outputs NCSA-format logs • You may pass a different log format to the varnishncsa daemon; many share the same format as Apache
Varnish • Additional useful information: • %D Time taken to serve request in seconds with
 microsecond precision (e.g. 0.000884) • %{Varnish:hitmiss}x The text "hit" or "miss" • varnishncsa daemon argument: • -F '%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i"
 %D %{Varnish:hitmiss}x'
Varnish 70.42.157.6 - - [29/Jul/2014:22:03:07 +0000] "GET http:// 23.251.149.143/admin/config/development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" ! 70.42.157.6 - - [29/Jul/2014:22:03:07 +0000] "GET http:// 23.251.149.143/admin/config/development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 0.045969 miss
Automated Tools
Proprietary Tools • Third-party SaaS systems are plentiful in this area • Splunk • SumoLogic • Loggly • LogEntries
Logstash • http://logstash.net/ • Great tool to work with logs of ALL sorts • Has input, filter, and output pipelines • Inputs can be parsed with different codecs (JSON, netflow) • http://logstash.net/docs/1.4.2/ describes many options
ElasticSearch • http://www.elasticsearch.com/ • A Java search engine based on Lucene, similar to SOLR • Offers a nicer REST API; easy discovery for clustering
Kibana • Great viewer for Logstash logs • Needs direct HTTP access to ElasticSearch • You may need to protect this with nginx or the like • Uses ElasticSearch features to show statistical information • Can show any ElasticSearch data, not just Logstash
Grok • Tool for pulling semantic data from logs; logstash filter • A regex engine with built-in named patterns • Online tools to parse sample logs • http://grokdebug.herokuapp.com/ • http://grokconstructor.appspot.com/
Example:
 Grokking nginx Logs 192.168.32.1 - - [11/Apr/2014:10:44:36 -0400] "GET /kibana/ font/fontawesome-webfont.woff?v=3.2.1 HTTP/1.1" 200 43572 "http://192.168.32.6/kibana/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko)
Configuring Logstash
Logstash Config • By default Logstash looks in /etc/logstash/conf.d/*.conf • You many include multiple files • Each must have at least an input, filter, or output stanza
Logstash Config input { file { path => "/var/log/rsyslog/*/*.log" exclude => "*.bz2" type => syslog sincedb_path => "/var/run/logstash/sincedb" sincedb_write_interval => 10 } }
Logstash Config filter { if [type] == "syslog" { mutate { add_field => [ "syslog_message", "%{message}" ] remove_field => "message" } grok { match => [ "syslog_message", "%{SYSLOGLINE}" ] } date { match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } # Parse Drupal logs that are logged to syslog.
Logstash Config date { match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } if [program] == "drupal" { grok { match => [ "message", "https?://%{HOSTNAME:vhost}?|% {NUMBER:d_timestamp}|(?<d_type>[^|]*)|%{IP:d_ip}|(?<d_request_uri>[^ |]*)|(?<d_referer>[^|]*)|(?<d_uid>[^|]*)|(?<d_link>[^|]*)|(? <d_message>.*)" ] } }
Logstash Config if [program] == "nginx_access" { ruby { code => "event['duration'] = event['duration'].to_f * 1000.0" } } if [program] == "varnish_access" { ruby { code => "event['duration'] = event['duration'].to_f * 1000.0" } } } }
Monitoring and Performance Metrics
Logs vs Performance Counters • Generally, logs capture data at a particular time • You may also want to keep information about how your servers are running and performing • A separate set of tools are often used to help monitoring and manage systems performance • This data can then be trended to chart resource usage and capacity
Proprietary Tools • Third-party SaaS systems are also plentiful in this area • DataDog • Librato Metrics • Circonus • New Relic / AppNeta
Time-Series Data • Generally, performance counters are taken with regular sampling at an interval, known as time-series data • Several OSS tools exist to store and query time-series data: • RRDTool • Whisper • InfluxDB
First Wave: RRD-based Tools • Many tools can graph metrics and make and plot RRD files • Munin • Cacti • Ganglia • collectd
Second Wave: Graphite • Graphite is a more general tool; it does not collect metrics • It uses an advanced storage engine called Whisper • It can buffer data and cache it under heavy load • It does not require data to be inserted all the time • It's fully designed to take time-series data and graph it
Grafana • Grafana is to Graphite as Kibana is to ElasticSearch • HTML / JavaScript app • Needs direct HTTP access to Graphite • You may need to protect this with nginx or the like
Collectd • http://collectd.org/ • Collectd is a tool that makes it easy to capture many system-level statistics • It can write to RRD databases or to Graphite • Collectd is written in C and is efficient; it can remain resident in memory and report on a regular interval
Demo: Graphite / collectd / Grafana
The Drupal.org
 Logging Setup
Single Log Host Machine • CentOS 5 • Dual quad-core Gulftown Xeons (8 cores, 16 threads) • 16 GB RAM • 600 GB of HDD storage dedicated to Logstash
Software • ElasticSearch 0.90 • Logstash 1.2 • Kibana 3.0.0m3 • Curator 0.6.2
Stats • Consolidating logs from ≈ 10 web servers • Incoming syslog (Drupal), Apache, nginx, and Varnish logs • Non-syslog logs are updated every hour with rsync • > 2 billion logs processed per month • Indexing is spiky but not constant; load average of 0.5
Questions?
Resources
Links • http://logstash.net/ • http://elasticsearch.com/ • https://github.com/elasticsearch/kibana/ • http://graphite.wikidot.com/ • http://grafana.org/
Links • https://collectd.org/ • https://www.drupal.org/documentation/modules/syslog • https://github.com/elasticsearch/logstash-forwarder
PHASE2TECHNOLOGY.COM

Recommended

Open Source Logging and Monitoring Tools
Open Source Logging and Monitoring ToolsOpen Source Logging and Monitoring Tools
Open Source Logging and Monitoring Tools
Phase2
 
Open Source Monitoring Tools
Open Source Monitoring ToolsOpen Source Monitoring Tools
Open Source Monitoring Toolsm_richardson
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introduction
Owen Wu
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and Kibana
Prajal Kulkarni
 
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Oleksiy Panchenko
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
琛琳 饶
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibana
inovex GmbH
 
ELK introduction
ELK introductionELK introduction
ELK introduction
Waldemar Neto
 

Recommended

Open Source Logging and Monitoring Tools
Open Source Logging and Monitoring ToolsOpen Source Logging and Monitoring Tools
Open Source Logging and Monitoring Tools
Phase2
 
Open Source Monitoring Tools
Open Source Monitoring ToolsOpen Source Monitoring Tools
Open Source Monitoring Toolsm_richardson
 
Logstash family introduction
Logstash family introductionLogstash family introduction
Logstash family introduction
Owen Wu
 
Attack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and KibanaAttack monitoring using ElasticSearch Logstash and Kibana
Attack monitoring using ElasticSearch Logstash and Kibana
Prajal Kulkarni
 
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Elasticsearch, Logstash, Kibana. Cool search, analytics, data mining and more...
Oleksiy Panchenko
 
ELK stack at weibo.com
ELK stack at weibo.comELK stack at weibo.com
ELK stack at weibo.com
琛琳 饶
 
Mobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und KibanaMobile Analytics mit Elasticsearch und Kibana
Mobile Analytics mit Elasticsearch und Kibana
inovex GmbH
 
ELK introduction
ELK introductionELK introduction
ELK introduction
Waldemar Neto
 
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
Cloud Elements
 
Logstash
LogstashLogstash
Logstash
琛琳 饶
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016
Steve Howe
 
Using Riak for Events storage and analysis at Booking.com
Using Riak for Events storage and analysis at Booking.comUsing Riak for Events storage and analysis at Booking.com
Using Riak for Events storage and analysis at Booking.com
Damien Krotkine
 
More kibana
More kibanaMore kibana
More kibana
琛琳 饶
 
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB
Gaurav Bhardwaj
 
Logs aggregation and analysis
Logs aggregation and analysisLogs aggregation and analysis
Logs aggregation and analysis
Divante
 
Search onhadoopsfhug081413
Search onhadoopsfhug081413Search onhadoopsfhug081413
Search onhadoopsfhug081413gregchanan
 
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Nederlandstalige Zabbix Gebruikersgroep
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)
Mathew Beane
 
How to Make Norikra Perfect
How to Make Norikra PerfectHow to Make Norikra Perfect
How to Make Norikra Perfect
SATOSHI TAGOMORI
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Jonathan Katz
 
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Nederlandstalige Zabbix Gebruikersgroep
 
LogStash in action
LogStash in actionLogStash in action
LogStash in action
Manuj Aggarwal
 
Logmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKLogmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELK
Icinga
 
Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELK
Daniel Berman
 
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, KibanaLogging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Md Safiyat Reza
 
Elasitcsearch + Logstash + Kibana 日誌監控
Elasitcsearch + Logstash + Kibana 日誌監控Elasitcsearch + Logstash + Kibana 日誌監控
Elasitcsearch + Logstash + Kibana 日誌監控
Jui An Huang (黃瑞安)
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDB
Robert Stewart
 
Open Source Logging and Metrics Tools
Open Source Logging and Metrics ToolsOpen Source Logging and Metrics Tools
Open Source Logging and Metrics Tools
Phase2
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructureharendra_pathak
 

More Related Content

What's hot

'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
Cloud Elements
 
Logstash
LogstashLogstash
Logstash
琛琳 饶
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016
Steve Howe
 
Using Riak for Events storage and analysis at Booking.com
Using Riak for Events storage and analysis at Booking.comUsing Riak for Events storage and analysis at Booking.com
Using Riak for Events storage and analysis at Booking.com
Damien Krotkine
 
More kibana
More kibanaMore kibana
More kibana
琛琳 饶
 
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB
Gaurav Bhardwaj
 
Logs aggregation and analysis
Logs aggregation and analysisLogs aggregation and analysis
Logs aggregation and analysis
Divante
 
Search onhadoopsfhug081413
Search onhadoopsfhug081413Search onhadoopsfhug081413
Search onhadoopsfhug081413gregchanan
 
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Nederlandstalige Zabbix Gebruikersgroep
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)
Mathew Beane
 
How to Make Norikra Perfect
How to Make Norikra PerfectHow to Make Norikra Perfect
How to Make Norikra Perfect
SATOSHI TAGOMORI
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Jonathan Katz
 
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Nederlandstalige Zabbix Gebruikersgroep
 
LogStash in action
LogStash in actionLogStash in action
LogStash in action
Manuj Aggarwal
 
Logmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKLogmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELK
Icinga
 
Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELK
Daniel Berman
 
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, KibanaLogging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Md Safiyat Reza
 
Elasitcsearch + Logstash + Kibana 日誌監控
Elasitcsearch + Logstash + Kibana 日誌監控Elasitcsearch + Logstash + Kibana 日誌監控
Elasitcsearch + Logstash + Kibana 日誌監控
Jui An Huang (黃瑞安)
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaAmazee Labs
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDB
Robert Stewart
 

What's hot (20)

'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
 
Logstash
LogstashLogstash
Logstash
 
Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016Logging logs with Logstash - Devops MK 10-02-2016
Logging logs with Logstash - Devops MK 10-02-2016
 
Using Riak for Events storage and analysis at Booking.com
Using Riak for Events storage and analysis at Booking.comUsing Riak for Events storage and analysis at Booking.com
Using Riak for Events storage and analysis at Booking.com
 
More kibana
More kibanaMore kibana
More kibana
 
Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB Large Scale Log collection using LogStash & mongoDB
Large Scale Log collection using LogStash & mongoDB
 
Logs aggregation and analysis
Logs aggregation and analysisLogs aggregation and analysis
Logs aggregation and analysis
 
Search onhadoopsfhug081413
Search onhadoopsfhug081413Search onhadoopsfhug081413
Search onhadoopsfhug081413
 
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
Automating Zabbix with Puppet (Werner Dijkerman / 26-11-2015)
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)
 
How to Make Norikra Perfect
How to Make Norikra PerfectHow to Make Norikra Perfect
How to Make Norikra Perfect
 
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMSafely Protect PostgreSQL Passwords - Tell Others to SCRAM
Safely Protect PostgreSQL Passwords - Tell Others to SCRAM
 
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
Monitoring the ELK stack using Zabbix and Grafana (Dennis Kanbier / 26-11-2015)
 
LogStash in action
LogStash in actionLogStash in action
LogStash in action
 
Logmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELKLogmanagement with Icinga2 and ELK
Logmanagement with Icinga2 and ELK
 
Monitoring Docker with ELK
Monitoring Docker with ELKMonitoring Docker with ELK
Monitoring Docker with ELK
 
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, KibanaLogging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana
 
Elasitcsearch + Logstash + Kibana 日誌監控
Elasitcsearch + Logstash + Kibana 日誌監控Elasitcsearch + Logstash + Kibana 日誌監控
Elasitcsearch + Logstash + Kibana 日誌監控
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & Kibana
 
Logging Application Behavior to MongoDB
Logging Application Behavior to MongoDBLogging Application Behavior to MongoDB
Logging Application Behavior to MongoDB
 

Similar to Open Source Logging and Metric Tools

Open Source Logging and Metrics Tools
Open Source Logging and Metrics ToolsOpen Source Logging and Metrics Tools
Open Source Logging and Metrics Tools
Phase2
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructureharendra_pathak
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
uzzal basak
 
Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)
ewerkboy
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with Elasticsearch
Vic Hargrave
 
Ingesting hdfs intosolrusingsparktrimmed
Ingesting hdfs intosolrusingsparktrimmedIngesting hdfs intosolrusingsparktrimmed
Ingesting hdfs intosolrusingsparktrimmed
whoschek
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise Services
Sam Bowne
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise Services
Sam Bowne
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
Jakub Hajek
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
PROIDEA
 
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Apex
 
Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...
Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...
Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...
Nagios
 
Configuration management
Configuration managementConfiguration management
Configuration management
Luca De Vitis
 
Adding Support for Networking and Web Technologies to an Embedded System
Adding Support for Networking and Web Technologies to an Embedded SystemAdding Support for Networking and Web Technologies to an Embedded System
Adding Support for Networking and Web Technologies to an Embedded System
John Efstathiades
 
Nginx conf.compressed
Nginx conf.compressedNginx conf.compressed
Nginx conf.compressed
Mauricio Roman
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more Docker
sarahnovotny
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more Docker
Sarah Novotny
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
Ortus Solutions, Corp
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
LetsConnect
 

Similar to Open Source Logging and Metric Tools (20)

Open Source Logging and Metrics Tools
Open Source Logging and Metrics ToolsOpen Source Logging and Metrics Tools
Open Source Logging and Metrics Tools
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructure
 
Elk presentation 2#3
Elk presentation 2#3Elk presentation 2#3
Elk presentation 2#3
 
Top ten-list
Top ten-listTop ten-list
Top ten-list
 
Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)Pm ix tutorial-june2019-pub (1)
Pm ix tutorial-june2019-pub (1)
 
Managing Your Security Logs with Elasticsearch
Managing Your Security Logs with ElasticsearchManaging Your Security Logs with Elasticsearch
Managing Your Security Logs with Elasticsearch
 
Ingesting hdfs intosolrusingsparktrimmed
Ingesting hdfs intosolrusingsparktrimmedIngesting hdfs intosolrusingsparktrimmed
Ingesting hdfs intosolrusingsparktrimmed
 
CNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise ServicesCNIT 152: 10 Enterprise Services
CNIT 152: 10 Enterprise Services
 
CNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise ServicesCNIT 121: 10 Enterprise Services
CNIT 121: 10 Enterprise Services
 
Docker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic StackDocker Logging and analysing with Elastic Stack
Docker Logging and analysing with Elastic Stack
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek Docker Logging and analysing with Elastic Stack - Jakub Hajek
Docker Logging and analysing with Elastic Stack - Jakub Hajek
 
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache ApexApache Big Data EU 2016: Building Streaming Applications with Apache Apex
Apache Big Data EU 2016: Building Streaming Applications with Apache Apex
 
Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...
Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...
Nagios Conference 2014 - Rob Hassing - How To Maintain Over 20 Monitoring App...
 
Configuration management
Configuration managementConfiguration management
Configuration management
 
Adding Support for Networking and Web Technologies to an Embedded System
Adding Support for Networking and Web Technologies to an Embedded SystemAdding Support for Networking and Web Technologies to an Embedded System
Adding Support for Networking and Web Technologies to an Embedded System
 
Nginx conf.compressed
Nginx conf.compressedNginx conf.compressed
Nginx conf.compressed
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more Docker
 
NGINX 101 - now with more Docker
NGINX 101 - now with more DockerNGINX 101 - now with more Docker
NGINX 101 - now with more Docker
 
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin JonesITB2019 NGINX Overview and Technical Aspects - Kevin Jones
ITB2019 NGINX Overview and Technical Aspects - Kevin Jones
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 

More from Phase2

Phase2 Health and Wellness Brochure
Phase2 Health and Wellness BrochurePhase2 Health and Wellness Brochure
Phase2 Health and Wellness Brochure
Phase2
 
A Modern Digital Experience Platform
A Modern Digital Experience PlatformA Modern Digital Experience Platform
A Modern Digital Experience Platform
Phase2
 
Beyond websites: A Modern Digital Experience Platform
Beyond websites: A Modern Digital Experience PlatformBeyond websites: A Modern Digital Experience Platform
Beyond websites: A Modern Digital Experience Platform
Phase2
 
Omnichannel For Government
Omnichannel For Government Omnichannel For Government
Omnichannel For Government
Phase2
 
Bad camp2016 Release Management On Live Websites
Bad camp2016 Release Management On Live WebsitesBad camp2016 Release Management On Live Websites
Bad camp2016 Release Management On Live Websites
Phase2
 
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
Phase2
 
The Future of Digital Storytelling - Phase2 Talk
The Future of Digital Storytelling - Phase2 TalkThe Future of Digital Storytelling - Phase2 Talk
The Future of Digital Storytelling - Phase2 Talk
Phase2
 
Site building with end user in mind
Site building with end user in mindSite building with end user in mind
Site building with end user in mind
Phase2
 
Fields, entities, lists, oh my!
Fields, entities, lists, oh my!Fields, entities, lists, oh my!
Fields, entities, lists, oh my!
Phase2
 
Performance Profiling Tools and Tricks
Performance Profiling Tools and TricksPerformance Profiling Tools and Tricks
Performance Profiling Tools and Tricks
Phase2
 
NORTH CAROLINA Open Source, OpenPublic, OpenShift
NORTH CAROLINA Open Source, OpenPublic, OpenShiftNORTH CAROLINA Open Source, OpenPublic, OpenShift
NORTH CAROLINA Open Source, OpenPublic, OpenShift
Phase2
 
Drupal 8 for Enterprise: D8 in a Changing Digital Landscape
Drupal 8 for Enterprise: D8 in a Changing Digital LandscapeDrupal 8 for Enterprise: D8 in a Changing Digital Landscape
Drupal 8 for Enterprise: D8 in a Changing Digital Landscape
Phase2
 
Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...
Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...
Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...
Phase2
 
Site Building with the End User in Mind
Site Building with the End User in MindSite Building with the End User in Mind
Site Building with the End User in Mind
Phase2
 
The Yes, No, and Maybe of "Can We Build That With Drupal?"
The Yes, No, and Maybe of "Can We Build That With Drupal?"The Yes, No, and Maybe of "Can We Build That With Drupal?"
The Yes, No, and Maybe of "Can We Build That With Drupal?"
Phase2
 
User Testing For Humanitarian ID App
User Testing For Humanitarian ID AppUser Testing For Humanitarian ID App
User Testing For Humanitarian ID App
Phase2
 
Redhat.com: An Architectural Case Study
Redhat.com: An Architectural Case StudyRedhat.com: An Architectural Case Study
Redhat.com: An Architectural Case Study
Phase2
 
The New Design Workflow
The New Design WorkflowThe New Design Workflow
The New Design Workflow
Phase2
 
Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)
Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)
Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)
Phase2
 
Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8
Phase2
 

More from Phase2 (20)

Phase2 Health and Wellness Brochure
Phase2 Health and Wellness BrochurePhase2 Health and Wellness Brochure
Phase2 Health and Wellness Brochure
 
A Modern Digital Experience Platform
A Modern Digital Experience PlatformA Modern Digital Experience Platform
A Modern Digital Experience Platform
 
Beyond websites: A Modern Digital Experience Platform
Beyond websites: A Modern Digital Experience PlatformBeyond websites: A Modern Digital Experience Platform
Beyond websites: A Modern Digital Experience Platform
 
Omnichannel For Government
Omnichannel For Government Omnichannel For Government
Omnichannel For Government
 
Bad camp2016 Release Management On Live Websites
Bad camp2016 Release Management On Live WebsitesBad camp2016 Release Management On Live Websites
Bad camp2016 Release Management On Live Websites
 
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
 
The Future of Digital Storytelling - Phase2 Talk
The Future of Digital Storytelling - Phase2 TalkThe Future of Digital Storytelling - Phase2 Talk
The Future of Digital Storytelling - Phase2 Talk
 
Site building with end user in mind
Site building with end user in mindSite building with end user in mind
Site building with end user in mind
 
Fields, entities, lists, oh my!
Fields, entities, lists, oh my!Fields, entities, lists, oh my!
Fields, entities, lists, oh my!
 
Performance Profiling Tools and Tricks
Performance Profiling Tools and TricksPerformance Profiling Tools and Tricks
Performance Profiling Tools and Tricks
 
NORTH CAROLINA Open Source, OpenPublic, OpenShift
NORTH CAROLINA Open Source, OpenPublic, OpenShiftNORTH CAROLINA Open Source, OpenPublic, OpenShift
NORTH CAROLINA Open Source, OpenPublic, OpenShift
 
Drupal 8 for Enterprise: D8 in a Changing Digital Landscape
Drupal 8 for Enterprise: D8 in a Changing Digital LandscapeDrupal 8 for Enterprise: D8 in a Changing Digital Landscape
Drupal 8 for Enterprise: D8 in a Changing Digital Landscape
 
Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...
Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...
Riding the Drupal Wave: The Future for Drupal and Open Source Content Manage...
 
Site Building with the End User in Mind
Site Building with the End User in MindSite Building with the End User in Mind
Site Building with the End User in Mind
 
The Yes, No, and Maybe of "Can We Build That With Drupal?"
The Yes, No, and Maybe of "Can We Build That With Drupal?"The Yes, No, and Maybe of "Can We Build That With Drupal?"
The Yes, No, and Maybe of "Can We Build That With Drupal?"
 
User Testing For Humanitarian ID App
User Testing For Humanitarian ID AppUser Testing For Humanitarian ID App
User Testing For Humanitarian ID App
 
Redhat.com: An Architectural Case Study
Redhat.com: An Architectural Case StudyRedhat.com: An Architectural Case Study
Redhat.com: An Architectural Case Study
 
The New Design Workflow
The New Design WorkflowThe New Design Workflow
The New Design Workflow
 
Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)
Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)
Drupal 8, Don’t Be Late (Enterprise Orgs, We’re Looking at You)
 
Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8Memorial Sloan Kettering: Adventures in Drupal 8
Memorial Sloan Kettering: Adventures in Drupal 8
 

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 

Open Source Logging and Metric Tools

  • 1. Open Source Logging
 and Metrics Tools CapitalCamp and Gov Days 2014
  • 3. Director of Engineering, Phase2 Steven Merrill Twitter: @stevenmerrill
  • 4. About This Talk • Let you visualize your data with OSS tools • Information on customizing logs from common daemons • Strong focus on log aggregation, parsing, and search • Information about drupal.org's logging setup • Some information on performance metrics tools • Two-machine demo of Drupal and logging tools
  • 6. Demo Setup • 2 Google Cloud Engine g1.small instances • All instances run collectd to grab system metrics • 1 'drupal' instance with Apache, Varnish, MySQL, PHP • 1 'utility' instance with rsyslog host, Jenkins, Graphite, Grafana, ElasticSearch, Logstash, Kibana, bucky
  • 8. Ceci n'est pas une log
  • 9. Logs are time + data. Creator of Logstash Jordan Sissel “ ”
  • 10. What Are Logs • Ultimately, logs are about keeping track of events • Logs are very different; some use custom formats, while some may be in pure XML or JSON • Some are one line, some are many, like Java stacktraces or MySQL slow query logs
  • 11. Who Produces Logs • Drupal • nginx • Apache • Varnish • Jenkins • SOLR • MySQL • cron • sudo • ...
  • 12. Types of Logs • Error Logs • Transaction Logs • Trace Logs • Debug Logs
  • 13. Issues With Logs • Legal retention requirements • Require shell access to view • Not often human-parseable • Cyborg-friendly tooling
  • 14. Solving Problems With Log Data • Find slow pages or queries • Sort through Drupal logs to trace user action on a site • Get an average idea of traffic to a particular area • Track new PHP error types
  • 16. Ship Those Logs! • syslog-ng • rsyslogd • Ship syslog • Ship other log files • Lumberjack (logstash- forwarder) • Beaver
  • 17. Shipping Concerns • Queueing • Behavior when shipping to remote servers • Max spool disk usage • Retries? • Security • Encrypted channel • Encrypted at rest • Access to sensitive data
  • 18. Configuring rsyslogd Clients • Ship logs to another rsyslog server over TCP • *.* @@utility:514 • This defaults to shipping anything that it would normally log to /var/log/syslog or /var/log/messages
  • 19. Configuring rsyslogd Servers • Prevent remote logs from showing up in /var/log/messages • if $source != 'utility' then ~ • Store logs coming in based on hostname and date • $template DailyPerHostLogs,"/var/log/rsyslog/%HOSTNAME%/ %HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log"
 *.* -?DailyPerHostLogs;RSYSLOG_TraditionalFileFormat
  • 20. Configuring rsyslogd Shipping • Read lines from a particular file and ship over syslog • $ModLoad imfile
 $InputFileName /var/log/httpd/access_log
 $InputFileTag apache_access:
 $InputFileStateFile state-apache_access
 $InputFileSeverity info
 $InputFileFacility local0
 $InputFilePollInterval 10
 $InputRunFileMonitor
  • 21. Configuring rsyslogd Spooling • Configure spooling and queueing behavior • $WorkDirectory /var/lib/rsyslog # where to place spool files
 $ActionQueueFileName fwdRule1 # unique name prefix for spool files
 $ActionQueueMaxDiskSpace 1g # 1gb space limit
 $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
 $ActionQueueType LinkedList # run asynchronously
 $ActionResumeRetryCount -1 # infinite retries if host is down
  • 22. Syslog-shipped Log Files Mar 11 15:38:14 drupal drupal: http://192.168.32.3|1394566694| system|192.168.32.1|http://192.168.32.3/admin/modules/list /confirm|http://192.168.32.3/admin/modules|1||php module installed. ! Jul 30 15:04:14 drupal varnish_access: 156.40.118.178 - - [30/ Jul/2014:15:04:09 +0000] "GET http://23.251.149.143/misc/ tableheader.js?n9j5uu HTTP/1.1" 200 1848 "http:// 23.251.149.143/admin/modules" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 0.000757 miss
  • 24. Syslog Apr 11 18:35:53 shiftiest dnsmasq-dhcp[23185]: DHCPACK(br100) 192.168.32.4 fa:16:3e:c4:2f:fd varnish4 Mar 11 15:38:14 drupal drupal: http://192.168.32.3|1394566694| system|192.168.32.1|http://192.168.32.3/admin/modules/list /confirm|http://192.168.32.3/admin/modules|1||php module installed.
  • 25. Apache 127.0.0.1 - - [08/Mar/2014:00:36:44 -0500] "GET /dashboard HTTP/1.0" 302 20 "https://68.232.187.42/dashboard/" "Mozilla/ 5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36"
  • 26. nginx 192.168.32.1 - - [11/Apr/2014:10:44:36 -0400] "GET /kibana/ font/fontawesome-webfont.woff?v=3.2.1 HTTP/1.1" 200 43572 "http://192.168.32.6/kibana/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36"
  • 27. Varnish 192.168.32.1 - - [11/Apr/2014:10:47:52 -0400] "GET http:// 192.168.32.3/themes/seven/images/list-item.png HTTP/1.1" 200 195 "http://192.168.32.3/admin/config" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36"
  • 28. Additional Features • Apache, nginx, and Varnish all support additional output • Varnish can log cache hit/miss • With Logstash we can look at how to normalize these • A regex engine with built-in named patterns • Online tools to parse sample logs
  • 29. Apache • Configurable log formats are available – http:// httpd.apache.org/docs/2.2/mod/mod_log_config.html • A single LogFormat directive in any Apache configuration file will override all log formats • The default NCSA combined log format is as follows • LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i"
 "%{User-agent}i"" combined
  • 30. Apache • Additional useful information: • %D Time taken to serve request in microseconds • %{Host}i Value of the Host HTTP header • %p Port • New LogFormat line: • LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i"
 "%{User-Agent}i" %D %{Host}i %p" combined
  • 31. nginx • Log formats are defined with the log_format directive – http:// nginx.org/en/docs/http/ngx_http_log_module.html#log_format • You may not override the default NCSA combined format • log_format combined '$remote_addr - $remote_user [$time_local] '
 '"$request" $status $body_bytes_sent '
 '"$http_referer" "$http_user_agent"';
  • 32. Apache 127.0.0.1 - - [29/Jul/2014:22:03:07 +0000] "GET /admin/config/ development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" ! 127.0.0.1 - - [29/Jul/2014:22:03:07 +0000] "GET /admin/config/ development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 45304 23.251.149.143 80
  • 33. nginx • Additional useful information: • $request_time Time taken to serve request in seconds with millisecond resolution (e.g. 0.073) • $http_host Value of the Host HTTP header • $server_post Port
  • 34. nginx • New log_format line and example config for a vhost: • log_format logstash '$remote_addr - $remote_user [$time_local] '
 '"$request" $status $body_bytes_sent '
 '"$http_referer" "$http_user_agent" '
 '$request_time $http_host $server_port'; • access_log /var/log/nginx/access.log logstash;
  • 35. nginx 70.42.157.6 - - [22/Jul/2014:22:03:30 +0000] "POST / logstash-2014.07.22/_search HTTP/1.0" 200 281190 "http:// 146.148.34.62/kibana/index.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" ! 70.42.157.6 - - [22/Jul/2014:22:03:30 +0000] "POST / logstash-2014.07.22/_search HTTP/1.0" 200 281190 "http:// 146.148.34.62/kibana/index.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 0.523 146.148.34.62 80
  • 36. Varnish • The varnishncsa daemon outputs NCSA-format logs • You may pass a different log format to the varnishncsa daemon; many share the same format as Apache
  • 37. Varnish • Additional useful information: • %D Time taken to serve request in seconds with
 microsecond precision (e.g. 0.000884) • %{Varnish:hitmiss}x The text "hit" or "miss" • varnishncsa daemon argument: • -F '%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i"
 %D %{Varnish:hitmiss}x'
  • 38. Varnish 70.42.157.6 - - [29/Jul/2014:22:03:07 +0000] "GET http:// 23.251.149.143/admin/config/development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" ! 70.42.157.6 - - [29/Jul/2014:22:03:07 +0000] "GET http:// 23.251.149.143/admin/config/development/performance HTTP/1.0" 200 3500 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 0.045969 miss
  • 40. Proprietary Tools • Third-party SaaS systems are plentiful in this area • Splunk • SumoLogic • Loggly • LogEntries
  • 41. Logstash • http://logstash.net/ • Great tool to work with logs of ALL sorts • Has input, filter, and output pipelines • Inputs can be parsed with different codecs (JSON, netflow) • http://logstash.net/docs/1.4.2/ describes many options
  • 42. ElasticSearch • http://www.elasticsearch.com/ • A Java search engine based on Lucene, similar to SOLR • Offers a nicer REST API; easy discovery for clustering
  • 43. Kibana • Great viewer for Logstash logs • Needs direct HTTP access to ElasticSearch • You may need to protect this with nginx or the like • Uses ElasticSearch features to show statistical information • Can show any ElasticSearch data, not just Logstash
  • 44. Grok • Tool for pulling semantic data from logs; logstash filter • A regex engine with built-in named patterns • Online tools to parse sample logs • http://grokdebug.herokuapp.com/ • http://grokconstructor.appspot.com/
  • 45. Example:
 Grokking nginx Logs 192.168.32.1 - - [11/Apr/2014:10:44:36 -0400] "GET /kibana/ font/fontawesome-webfont.woff?v=3.2.1 HTTP/1.1" 200 43572 "http://192.168.32.6/kibana/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko)
  • 47. Logstash Config • By default Logstash looks in /etc/logstash/conf.d/*.conf • You many include multiple files • Each must have at least an input, filter, or output stanza
  • 48. Logstash Config input { file { path => "/var/log/rsyslog/*/*.log" exclude => "*.bz2" type => syslog sincedb_path => "/var/run/logstash/sincedb" sincedb_write_interval => 10 } }
  • 49. Logstash Config filter { if [type] == "syslog" { mutate { add_field => [ "syslog_message", "%{message}" ] remove_field => "message" } grok { match => [ "syslog_message", "%{SYSLOGLINE}" ] } date { match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } # Parse Drupal logs that are logged to syslog.
  • 50. Logstash Config date { match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] } if [program] == "drupal" { grok { match => [ "message", "https?://%{HOSTNAME:vhost}?|% {NUMBER:d_timestamp}|(?<d_type>[^|]*)|%{IP:d_ip}|(?<d_request_uri>[^ |]*)|(?<d_referer>[^|]*)|(?<d_uid>[^|]*)|(?<d_link>[^|]*)|(? <d_message>.*)" ] } }
  • 51. Logstash Config if [program] == "nginx_access" { ruby { code => "event['duration'] = event['duration'].to_f * 1000.0" } } if [program] == "varnish_access" { ruby { code => "event['duration'] = event['duration'].to_f * 1000.0" } } } }
  • 53. Logs vs Performance Counters • Generally, logs capture data at a particular time • You may also want to keep information about how your servers are running and performing • A separate set of tools are often used to help monitoring and manage systems performance • This data can then be trended to chart resource usage and capacity
  • 54. Proprietary Tools • Third-party SaaS systems are also plentiful in this area • DataDog • Librato Metrics • Circonus • New Relic / AppNeta
  • 55. Time-Series Data • Generally, performance counters are taken with regular sampling at an interval, known as time-series data • Several OSS tools exist to store and query time-series data: • RRDTool • Whisper • InfluxDB
  • 56. First Wave: RRD-based Tools • Many tools can graph metrics and make and plot RRD files • Munin • Cacti • Ganglia • collectd
  • 57. Second Wave: Graphite • Graphite is a more general tool; it does not collect metrics • It uses an advanced storage engine called Whisper • It can buffer data and cache it under heavy load • It does not require data to be inserted all the time • It's fully designed to take time-series data and graph it
  • 58. Grafana • Grafana is to Graphite as Kibana is to ElasticSearch • HTML / JavaScript app • Needs direct HTTP access to Graphite • You may need to protect this with nginx or the like
  • 59. Collectd • http://collectd.org/ • Collectd is a tool that makes it easy to capture many system-level statistics • It can write to RRD databases or to Graphite • Collectd is written in C and is efficient; it can remain resident in memory and report on a regular interval
  • 62. Single Log Host Machine • CentOS 5 • Dual quad-core Gulftown Xeons (8 cores, 16 threads) • 16 GB RAM • 600 GB of HDD storage dedicated to Logstash
  • 63. Software • ElasticSearch 0.90 • Logstash 1.2 • Kibana 3.0.0m3 • Curator 0.6.2
  • 64. Stats • Consolidating logs from ≈ 10 web servers • Incoming syslog (Drupal), Apache, nginx, and Varnish logs • Non-syslog logs are updated every hour with rsync • > 2 billion logs processed per month • Indexing is spiky but not constant; load average of 0.5
  • 67. Links • http://logstash.net/ • http://elasticsearch.com/ • https://github.com/elasticsearch/kibana/ • http://graphite.wikidot.com/ • http://grafana.org/