SlideShare une entreprise Scribd logo

Log management with Graylog2 - FrOSCon 2012

L
lennartkoopmann
Technologie
1  sur  49
Télécharger pour lire hors ligne
Log management with Graylog2 Lennart Koopmann, FrOSCon 2012 Mittwoch, 29. August 12
About me 24 years old, Software Engineer at XING AG Hamburg, Germany @_lennart Mittwoch, 29. August 12
Graylog2 Free and open source log management system Started in early 2010 by me 80.000 downloads in total since today Current version 0.9.6p1 Sponsored by XING since this year. www.graylog2.org / @graylog2 Mittwoch, 29. August 12
What is this log management stuff? Even grepping over flat files can be log management. Mittwoch, 29. August 12
Log Management Maturity Scale Log management can be done on different levels - Raffael Marty set up a scale for that. Mittwoch, 29. August 12
Level 0 Do not collect logs at all. Mittwoch, 29. August 12
Level 1 Collect logs. Mostly simple log files from email or HTTP servers. Mittwoch, 29. August 12
Level 2 Use the logs for forensics and troubleshooting. Why was that email (not) sent out? Why was that HTTP 500 thrown? Mittwoch, 29. August 12
Level 3 Save searches. The most basic case would be to save a grep command you used. Mittwoch, 29. August 12
Level 4 Share searches. Store that search command somewhere so co-workers can find and use it to solve similar problems. Mittwoch, 29. August 12
Level 5 Reporting. Easily generate reports from your logs. How many exceptions did we have this week, how many last week? Charts, PDF, stuff managers love! Mittwoch, 29. August 12
Level 6 Alerting. Automate some of your troubleshooting tasks. Be warned automatically instead of waiting for a user to complain. Mittwoch, 29. August 12
Level 7 Collect more logs! We may need more log sources for some use cases. Firewall logs, Router logs, even physical access logs. Mittwoch, 29. August 12
Level 8 Correlation. Manual analysis of all that new data may take too long. Correlate different sources. Mittwoch, 29. August 12
Level 9 Visual analysis. Mittwoch, 29. August 12
Next levels Pattern detection, interactive visualization, dynamic queries, anomaly detection, more sharing, ... Mittwoch, 29. August 12
You need a central place to send your logs to Mittwoch, 29. August 12
You need a central place to send your logs to graylog2-server Mittwoch, 29. August 12
You need a central place to make use of those logs graylog2-web-interface Mittwoch, 29. August 12
Mittwoch, 29. August 12
Mittwoch, 29. August 12
How to send your logs Classic syslog via TCP/UDP GELF via TCP/UDP both via AMQP ...or write your own input plugins. Mittwoch, 29. August 12
GELF Graylog Extended Log Format - Lets you structure your logs. Many libraries for different systems and languages available. Mittwoch, 29. August 12
Example GELF message { ‘short_message’ : ‘Something went wrong’, ‘host’ : ‘some-host-1.example.org’, ‘severity’ : 2, ‘facility’ : ‘some subsystem’, ‘full_message’ : ‘Stacktrace and stuff’, ‘file’ : ‘some_controller.rb’, ‘line’ : 7, ‘_from_load_balancer’ : ‘lb-3’, ‘_user_id’ : 9001, ‘_http_response_code’ : 500 } Mittwoch, 29. August 12
Two different types of log messages Mittwoch, 29. August 12
Type I Automatically generated from a service. Usually huge amount of structured but raw data. You have only limited control about what is logged. Mittwoch, 29. August 12
Type II Logs directly sent from within your applications. Triggered for example by a log.error() call or an exception catcher. Possible to send highly structured via GELF. Mittwoch, 29. August 12
Architecture Hosts graylog2-server ElasticSearch MongoDB graylog2-web-interface You Mittwoch, 29. August 12
How we do it rails-apps perl-app AMQP bus (every HTTP request ex/in) graylog2-server logjam fetch_logs syslog logstash hosts Around 5000 msgs / sec Mittwoch, 29. August 12
Logstash Logstash works great together with Graylog2! Use it to filter and process logs. Central point to anonymize IP addresses and filter out credit card numbers. (Also possible in Graylog2) www.logstash.net Mittwoch, 29. August 12
Logstash input filter output Mittwoch, 29. August 12
Logstash inputs 20 inputs. For example: amqp, exec, file, GELF, heroku, log4j, pipe, redis, stdin, tcp, udp, xmpp, 0mq Mittwoch, 29. August 12
Logstash filters 17 filters. For example: date, gelfify, grep, grok, mutate, dns, checksum Mittwoch, 29. August 12
Logstash outputs 39 outputs. For example: amqp, GELF, elasticsearch, email, file, graphite, http, irc, mongodb, pagerduty, pipe, redis, riak, stdout, tcp, websocket, xmpp, 0mq Mittwoch, 29. August 12
Decouple logging Sending of a log message must never interrupt application flow. Think about timeouts, latency, DNS problems, ... Mittwoch, 29. August 12
Extract information to fields Have fields like user_id, http_response_code, _processed_controller, _processed_action, ... Mittwoch, 29. August 12
...and get powerful analytics _oauth_consumer_key = ‘acbd18db4cc2f85cedef654fccc4a4d8’ _processed_controller = ‘NewsfeedController’ _processed_action = ‘comment’ _http_method = ‘DELETE’ Is the iPhone application using a specific API call? Old versions using that call getting used less over time? Mittwoch, 29. August 12
facility = ‘rails-app’ _source = ‘applogs’ _exception_type = ‘CSRFProtect::AuthenticityTokenMissingException’ You enforced the authenticity token CSRF protection system wide. This will go live next Wednesday. Prepare a stream that catches all Exceptions related to that. See where you forgot to adapt view/form behavior. Mittwoch, 29. August 12
facility = ‘rails-app’ _source = ‘applogs’ _exception_type = ‘CSRFProtect::AuthenticityTokenMissingException’ ...and get a distribution of controllers that produce this error / were forgotten to adapt. Analytics shell: stream(csrf).distribution({_processed_controller}) -> Events::PostingsController (5347), Profile::SettingsController (459) Mittwoch, 29. August 12
facility = ‘rails-app’ _source = ‘applogs’ _exception_type = ‘CSRFProtect::AuthenticityTokenMissingException’ ...or the specific actions in a controller stream(csrf).distribution({_processed_action}, _processed_controller = ‘Events::PostingsController’) -> destroy (42), create (5302) Mittwoch, 29. August 12
_oauth_consumer_key = ‘acbd18db4cc2f85cedef654fccc4a4d8’ Give your in-house iPhone developers access to the logs they produce. Mittwoch, 29. August 12
_oauth_consumer_key = ‘acbd18db4cc2f85cedef654fccc4a4d8’ _http_response_code = ^(4|5).* ...and let them see the errors they produce with one click on the “Errors from iPhone app” stream. Mittwoch, 29. August 12
_http_response_code = 404 _from_lb = ‘lb-3’ Is there an imbalance of HTTP 404s caused by different load balancers? (possible config problem) all.distribution({_from_lb}, _http_response_code = 404) > lb-1 (5732), lb-2 (69), lb-3 (45), lb-4 (22) Mittwoch, 29. August 12
host = “router-1” level = 3 Are there routers with especially high error rates? all.distribution({host}, level >= 4) > router-1 (0), router-2 (0), router-3 (0) Mittwoch, 29. August 12
_processed_controller = “Session” _processed_action = “create” _http_return_code = 301 How many signups did you have today? all.count(_processed_controller = ‘Session’, _processed_action = ‘create’, _http_return_code = 301) > 294358 Mittwoch, 29. August 12
_processed_controller = “Session” _processed_action = “create” _http_return_code = 301 ...and how many failed? Graph this! all.count(_processed_controller = ‘Session’, _processed_action = ‘create’, _http_return_code = 200) > 10452 Mittwoch, 29. August 12
Forward messages to other hosts, feed Graphite, feed team dashboards, unleash the power of your logs! Extract everything you could ever need! How much you can do with the logs strongly depends on the message quality. Mittwoch, 29. August 12
Coming in v0.9.7: Complete server re-write - Plugin system - Better performance - Possible to run multiple server instances in parallel Better web interface performance - Multiple indices - Recent index More new stuff like LDAP integration, more visualizations and analytics, JavaScript fixes, improvements and bugfixes! Mittwoch, 29. August 12
Live demo / QA www.graylog2.org / @graylog2 (XING is hiring) Mittwoch, 29. August 12

Recommandé

Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)lennartkoopmann
 
Graylog Engineering - Design Your Architecture
Graylog Engineering - Design Your ArchitectureGraylog Engineering - Design Your Architecture
Graylog Engineering - Design Your ArchitectureGraylog
 
GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018Jose Manuel Ortega Candel
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyVietnam Open Infrastructure User Group
 
Managing the logs of your (Rails) applications - RailsWayCon 2011
Managing the logs of your (Rails) applications - RailsWayCon 2011Managing the logs of your (Rails) applications - RailsWayCon 2011
Managing the logs of your (Rails) applications - RailsWayCon 2011lennartkoopmann
 
Rails exception tracking with Graylog2 - RubyAndRails 2010 EU
Rails exception tracking with Graylog2 - RubyAndRails 2010 EURails exception tracking with Graylog2 - RubyAndRails 2010 EU
Rails exception tracking with Graylog2 - RubyAndRails 2010 EUlennartkoopmann
 
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,GrafanaPrometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,GrafanaSridhar Kumar N
 
Cassandra To Infinity And Beyond
Cassandra To Infinity And BeyondCassandra To Infinity And Beyond
Cassandra To Infinity And BeyondRomain Hardouin
 

Recommandé

Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)Graylog2 (MongoBerlin/MongoHamburg 2010)
Graylog2 (MongoBerlin/MongoHamburg 2010)lennartkoopmann
 
Graylog Engineering - Design Your Architecture
Graylog Engineering - Design Your ArchitectureGraylog Engineering - Design Your Architecture
Graylog Engineering - Design Your ArchitectureGraylog
 
GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018Jose Manuel Ortega Candel
 
Graylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyGraylog for open stack 3 steps to know why
Graylog for open stack 3 steps to know whyVietnam Open Infrastructure User Group
 
Managing the logs of your (Rails) applications - RailsWayCon 2011
Managing the logs of your (Rails) applications - RailsWayCon 2011Managing the logs of your (Rails) applications - RailsWayCon 2011
Managing the logs of your (Rails) applications - RailsWayCon 2011lennartkoopmann
 
Rails exception tracking with Graylog2 - RubyAndRails 2010 EU
Rails exception tracking with Graylog2 - RubyAndRails 2010 EURails exception tracking with Graylog2 - RubyAndRails 2010 EU
Rails exception tracking with Graylog2 - RubyAndRails 2010 EUlennartkoopmann
 
Prometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,GrafanaPrometheus - Intro, CNCF, TSDB,PromQL,Grafana
Prometheus - Intro, CNCF, TSDB,PromQL,GrafanaSridhar Kumar N
 
Cassandra To Infinity And Beyond
Cassandra To Infinity And BeyondCassandra To Infinity And Beyond
Cassandra To Infinity And BeyondRomain Hardouin
 
An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)Brian Brazil
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.comRenzo Tomà
 
How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.Renzo Tomà
 
Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Brian Brazil
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alertingTobias Schmidt
 
Chronix as Long-Term Storage for Prometheus
Chronix as Long-Term Storage for PrometheusChronix as Long-Term Storage for Prometheus
Chronix as Long-Term Storage for PrometheusQAware GmbH
 
Monitoring a Kubernetes-backed microservice architecture with Prometheus
Monitoring a Kubernetes-backed microservice architecture with PrometheusMonitoring a Kubernetes-backed microservice architecture with Prometheus
Monitoring a Kubernetes-backed microservice architecture with PrometheusFabian Reinartz
 
Monitoring microservices with Prometheus
Monitoring microservices with PrometheusMonitoring microservices with Prometheus
Monitoring microservices with PrometheusTobias Schmidt
 
Monitoring in a scalable world
Monitoring in a scalable worldMonitoring in a scalable world
Monitoring in a scalable worldTechExeter
 
Anatomy of an action
Anatomy of an actionAnatomy of an action
Anatomy of an actionGordon Chung
 
Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Dhrubaji Mandal ♛
 
Monitoring Kafka w/ Prometheus
Monitoring Kafka w/ PrometheusMonitoring Kafka w/ Prometheus
Monitoring Kafka w/ Prometheuskawamuray
 
Monitoring your Python with Prometheus (Python Ireland April 2015)
Monitoring your Python with Prometheus (Python Ireland April 2015)Monitoring your Python with Prometheus (Python Ireland April 2015)
Monitoring your Python with Prometheus (Python Ireland April 2015)Brian Brazil
 
Stabilising the jenga tower
Stabilising the jenga towerStabilising the jenga tower
Stabilising the jenga towerGordon Chung
 
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...Jeff Yang
 
20140513_jeffyang_demo_openstack
20140513_jeffyang_demo_openstack20140513_jeffyang_demo_openstack
20140513_jeffyang_demo_openstackJeff Yang
 
8 Ways Network Engineers use Snabb (RIPE 77)
8 Ways Network Engineers use Snabb (RIPE 77)8 Ways Network Engineers use Snabb (RIPE 77)
8 Ways Network Engineers use Snabb (RIPE 77)Igalia
 
An Introduction to Prometheus
An Introduction to PrometheusAn Introduction to Prometheus
An Introduction to PrometheusEvgeny Shmarnev
 
Determinism in finance
Determinism in financeDeterminism in finance
Determinism in financePeter Lawrey
 
Monitoring NGINX (plus): key metrics and how-to
Monitoring NGINX (plus): key metrics and how-toMonitoring NGINX (plus): key metrics and how-to
Monitoring NGINX (plus): key metrics and how-toDatadog
 
Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 
Graylog advanced v1.2
Graylog advanced v1.2Graylog advanced v1.2
Graylog advanced v1.2Mạnh Đinh
 

Contenu connexe

Tendances

An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)Brian Brazil
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.comRenzo Tomà
 
How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.Renzo Tomà
 
Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Brian Brazil
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alertingTobias Schmidt
 
Chronix as Long-Term Storage for Prometheus
Chronix as Long-Term Storage for PrometheusChronix as Long-Term Storage for Prometheus
Chronix as Long-Term Storage for PrometheusQAware GmbH
 
Monitoring a Kubernetes-backed microservice architecture with Prometheus
Monitoring a Kubernetes-backed microservice architecture with PrometheusMonitoring a Kubernetes-backed microservice architecture with Prometheus
Monitoring a Kubernetes-backed microservice architecture with PrometheusFabian Reinartz
 
Monitoring microservices with Prometheus
Monitoring microservices with PrometheusMonitoring microservices with Prometheus
Monitoring microservices with PrometheusTobias Schmidt
 
Monitoring in a scalable world
Monitoring in a scalable worldMonitoring in a scalable world
Monitoring in a scalable worldTechExeter
 
Anatomy of an action
Anatomy of an actionAnatomy of an action
Anatomy of an actionGordon Chung
 
Monitoring Kafka w/ Prometheus
Monitoring Kafka w/ PrometheusMonitoring Kafka w/ Prometheus
Monitoring Kafka w/ Prometheuskawamuray
 
Monitoring your Python with Prometheus (Python Ireland April 2015)
Monitoring your Python with Prometheus (Python Ireland April 2015)Monitoring your Python with Prometheus (Python Ireland April 2015)
Monitoring your Python with Prometheus (Python Ireland April 2015)Brian Brazil
 
Stabilising the jenga tower
Stabilising the jenga towerStabilising the jenga tower
Stabilising the jenga towerGordon Chung
 
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...Jeff Yang
 
20140513_jeffyang_demo_openstack
20140513_jeffyang_demo_openstack20140513_jeffyang_demo_openstack
20140513_jeffyang_demo_openstackJeff Yang
 
8 Ways Network Engineers use Snabb (RIPE 77)
8 Ways Network Engineers use Snabb (RIPE 77)8 Ways Network Engineers use Snabb (RIPE 77)
8 Ways Network Engineers use Snabb (RIPE 77)Igalia
 
An Introduction to Prometheus
An Introduction to PrometheusAn Introduction to Prometheus
An Introduction to PrometheusEvgeny Shmarnev
 
Determinism in finance
Determinism in financeDeterminism in finance
Determinism in financePeter Lawrey
 
Monitoring NGINX (plus): key metrics and how-to
Monitoring NGINX (plus): key metrics and how-toMonitoring NGINX (plus): key metrics and how-to
Monitoring NGINX (plus): key metrics and how-toDatadog
 

Tendances (20)

An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)
 
Scaling an ELK stack at bol.com
Scaling an ELK stack at bol.comScaling an ELK stack at bol.com
Scaling an ELK stack at bol.com
 
How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.How bol.com makes sense of its logs, using the Elastic technology stack.
How bol.com makes sense of its logs, using the Elastic technology stack.
 
Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)
 
Efficient monitoring and alerting
Efficient monitoring and alertingEfficient monitoring and alerting
Efficient monitoring and alerting
 
Chronix as Long-Term Storage for Prometheus
Chronix as Long-Term Storage for PrometheusChronix as Long-Term Storage for Prometheus
Chronix as Long-Term Storage for Prometheus
 
Monitoring a Kubernetes-backed microservice architecture with Prometheus
Monitoring a Kubernetes-backed microservice architecture with PrometheusMonitoring a Kubernetes-backed microservice architecture with Prometheus
Monitoring a Kubernetes-backed microservice architecture with Prometheus
 
Monitoring microservices with Prometheus
Monitoring microservices with PrometheusMonitoring microservices with Prometheus
Monitoring microservices with Prometheus
 
Monitoring in a scalable world
Monitoring in a scalable worldMonitoring in a scalable world
Monitoring in a scalable world
 
Anatomy of an action
Anatomy of an actionAnatomy of an action
Anatomy of an action
 
Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana Cloud Monitoring tool Grafana
Cloud Monitoring tool Grafana
 
Monitoring Kafka w/ Prometheus
Monitoring Kafka w/ PrometheusMonitoring Kafka w/ Prometheus
Monitoring Kafka w/ Prometheus
 
Monitoring your Python with Prometheus (Python Ireland April 2015)
Monitoring your Python with Prometheus (Python Ireland April 2015)Monitoring your Python with Prometheus (Python Ireland April 2015)
Monitoring your Python with Prometheus (Python Ireland April 2015)
 
Stabilising the jenga tower
Stabilising the jenga towerStabilising the jenga tower
Stabilising the jenga tower
 
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...
An High Available Database for OpenStack Cloud Production by Pacemaker, Coros...
 
20140513_jeffyang_demo_openstack
20140513_jeffyang_demo_openstack20140513_jeffyang_demo_openstack
20140513_jeffyang_demo_openstack
 
8 Ways Network Engineers use Snabb (RIPE 77)
8 Ways Network Engineers use Snabb (RIPE 77)8 Ways Network Engineers use Snabb (RIPE 77)
8 Ways Network Engineers use Snabb (RIPE 77)
 
An Introduction to Prometheus
An Introduction to PrometheusAn Introduction to Prometheus
An Introduction to Prometheus
 
Determinism in finance
Determinism in financeDeterminism in finance
Determinism in finance
 
Monitoring NGINX (plus): key metrics and how-to
Monitoring NGINX (plus): key metrics and how-toMonitoring NGINX (plus): key metrics and how-to
Monitoring NGINX (plus): key metrics and how-to
 

En vedette

Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?inovex GmbH
 
Graylog advanced v1.2
Graylog advanced v1.2Graylog advanced v1.2
Graylog advanced v1.2Mạnh Đinh
 
Graylog2 use cases for distributed web applications
Graylog2 use cases for distributed web applicationsGraylog2 use cases for distributed web applications
Graylog2 use cases for distributed web applicationslennartkoopmann
 
Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...
Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...
Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...Dr. William J. Ward
 
Webinar usando graylog para la gestión centralizada de logs
Webinar usando graylog para la gestión centralizada de logsWebinar usando graylog para la gestión centralizada de logs
Webinar usando graylog para la gestión centralizada de logsatSistemas
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinAnton Chuvakin
 
Log management principle and usage
Log management principle and usageLog management principle and usage
Log management principle and usageBikrant Gautam
 
Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2
Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2
Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2Icinga
 
Graylog manhdv v1.5
Graylog manhdv v1.5Graylog manhdv v1.5
Graylog manhdv v1.5Mạnh Đinh
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...AlienVault
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
Winning the metrics battle
Winning the metrics battleWinning the metrics battle
Winning the metrics battlesihil
 
Managing the logs of your (Rails) applications - Arrrrcamp 2011
Managing the logs of your (Rails) applications - Arrrrcamp 2011Managing the logs of your (Rails) applications - Arrrrcamp 2011
Managing the logs of your (Rails) applications - Arrrrcamp 2011lennartkoopmann
 
OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2
OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2
OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2NETWAYS
 
Centralized logging
Centralized loggingCentralized logging
Centralized loggingblessYahu
 
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...Anton Chuvakin
 
If Santa Had a Data Audit Log App...
If Santa Had a Data Audit Log App...If Santa Had a Data Audit Log App...
If Santa Had a Data Audit Log App...Gadi Eichhorn
 
Error Handling Framework in Mule ESB
Error Handling Framework in Mule ESBError Handling Framework in Mule ESB
Error Handling Framework in Mule ESBSashidhar Rao GDS
 
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...Nagios
 

En vedette (20)

Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?Monitoring with Graylog - a modern approach to monitoring?
Monitoring with Graylog - a modern approach to monitoring?
 
Graylog advanced v1.2
Graylog advanced v1.2Graylog advanced v1.2
Graylog advanced v1.2
 
Graylog2 use cases for distributed web applications
Graylog2 use cases for distributed web applicationsGraylog2 use cases for distributed web applications
Graylog2 use cases for distributed web applications
 
Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...
Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...
Why Are Amazon, Apple, Facebook and Google The Gang Of 4? Who Are Their Victi...
 
Webinar usando graylog para la gestión centralizada de logs
Webinar usando graylog para la gestión centralizada de logsWebinar usando graylog para la gestión centralizada de logs
Webinar usando graylog para la gestión centralizada de logs
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
 
Log management principle and usage
Log management principle and usageLog management principle and usage
Log management principle and usage
 
Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2
Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2
Log Monitoring Simplified - Get the best out of Graylog2 & Icinga 2
 
Graylog manhdv v1.5
Graylog manhdv v1.5Graylog manhdv v1.5
Graylog manhdv v1.5
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011
 
Winning the metrics battle
Winning the metrics battleWinning the metrics battle
Winning the metrics battle
 
Graylog2 cloud austin
Graylog2 cloud austinGraylog2 cloud austin
Graylog2 cloud austin
 
Managing the logs of your (Rails) applications - Arrrrcamp 2011
Managing the logs of your (Rails) applications - Arrrrcamp 2011Managing the logs of your (Rails) applications - Arrrrcamp 2011
Managing the logs of your (Rails) applications - Arrrrcamp 2011
 
OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2
OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2
OSDC 2014: Lennart Koopmann - Log Analysis with Graylog2
 
Centralized logging
Centralized loggingCentralized logging
Centralized logging
 
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
 
If Santa Had a Data Audit Log App...
If Santa Had a Data Audit Log App...If Santa Had a Data Audit Log App...
If Santa Had a Data Audit Log App...
 
Error Handling Framework in Mule ESB
Error Handling Framework in Mule ESBError Handling Framework in Mule ESB
Error Handling Framework in Mule ESB
 
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...
Nagios Conference 2014 - Scott Wilkerson - Log Monitoring and Log Management ...
 

Similaire à Log management with Graylog2 - FrOSCon 2012

Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngPeter Czanik
 
Embedded Linux Basics
Embedded Linux BasicsEmbedded Linux Basics
Embedded Linux BasicsMarc Leeman
 
GemStone/S Update
GemStone/S UpdateGemStone/S Update
GemStone/S UpdateESUG
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014Christian Beedgen
 
Ad-hoc Big-Data Analysis with Lua
Ad-hoc Big-Data Analysis with LuaAd-hoc Big-Data Analysis with Lua
Ad-hoc Big-Data Analysis with LuaAlexander Gladysh
 
Kim Hammar - Distributed Deep Learning - RISE Learning Machines Meetup
Kim Hammar - Distributed Deep Learning - RISE Learning Machines MeetupKim Hammar - Distributed Deep Learning - RISE Learning Machines Meetup
Kim Hammar - Distributed Deep Learning - RISE Learning Machines MeetupKim Hammar
 
Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2PgTraining
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...Arnaud Joly
 
Infrastructure coders logstash
Infrastructure coders logstashInfrastructure coders logstash
Infrastructure coders logstashDavid Lutz
 
Accelerate Your Rails Site with Automatic Generation-Based Action Caching
Accelerate Your Rails Site with Automatic Generation-Based Action CachingAccelerate Your Rails Site with Automatic Generation-Based Action Caching
Accelerate Your Rails Site with Automatic Generation-Based Action Cachingelliando dias
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 
Dcamp ldn presentation
Dcamp ldn presentationDcamp ldn presentation
Dcamp ldn presentationa_c_m
 
XT Best Practices
XT Best PracticesXT Best Practices
XT Best PracticesJeff Larkin
 
Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...
Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...
Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...JAX London
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGAll Things Open
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngPeter Czanik
 

Similaire à Log management with Graylog2 - FrOSCon 2012 (20)

Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ng
 
Embedded Linux Basics
Embedded Linux BasicsEmbedded Linux Basics
Embedded Linux Basics
 
GemStone/S Update
GemStone/S UpdateGemStone/S Update
GemStone/S Update
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
 
Ad-hoc Big-Data Analysis with Lua
Ad-hoc Big-Data Analysis with LuaAd-hoc Big-Data Analysis with Lua
Ad-hoc Big-Data Analysis with Lua
 
Kim Hammar - Distributed Deep Learning - RISE Learning Machines Meetup
Kim Hammar - Distributed Deep Learning - RISE Learning Machines MeetupKim Hammar - Distributed Deep Learning - RISE Learning Machines Meetup
Kim Hammar - Distributed Deep Learning - RISE Learning Machines Meetup
 
Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2Oracle to Postgres Migration - part 2
Oracle to Postgres Migration - part 2
 
The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...The genesis of clusterlib - An open source library to tame your favourite sup...
The genesis of clusterlib - An open source library to tame your favourite sup...
 
Infrastructure coders logstash
Infrastructure coders logstashInfrastructure coders logstash
Infrastructure coders logstash
 
Accelerate Your Rails Site with Automatic Generation-Based Action Caching
Accelerate Your Rails Site with Automatic Generation-Based Action CachingAccelerate Your Rails Site with Automatic Generation-Based Action Caching
Accelerate Your Rails Site with Automatic Generation-Based Action Caching
 
Syslog.ppt
Syslog.pptSyslog.ppt
Syslog.ppt
 
Performance Strategies
Performance StrategiesPerformance Strategies
Performance Strategies
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 
Dcamp ldn presentation
Dcamp ldn presentationDcamp ldn presentation
Dcamp ldn presentation
 
A false digital alibi on mac os x
A false digital alibi on mac os xA false digital alibi on mac os x
A false digital alibi on mac os x
 
XT Best Practices
XT Best PracticesXT Best Practices
XT Best Practices
 
Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...
Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...
Java Tech & Tools | Big Blobs: Moving Big Data In and Out of the Cloud | Adri...
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NG
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
 

Dernier

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Dernier (20)

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Log management with Graylog2 - FrOSCon 2012

  • 1. Log management with Graylog2 Lennart Koopmann, FrOSCon 2012 Mittwoch, 29. August 12
  • 2. About me 24 years old, Software Engineer at XING AG Hamburg, Germany @_lennart Mittwoch, 29. August 12
  • 3. Graylog2 Free and open source log management system Started in early 2010 by me 80.000 downloads in total since today Current version 0.9.6p1 Sponsored by XING since this year. www.graylog2.org / @graylog2 Mittwoch, 29. August 12
  • 4. What is this log management stuff? Even grepping over flat files can be log management. Mittwoch, 29. August 12
  • 5. Log Management Maturity Scale Log management can be done on different levels - Raffael Marty set up a scale for that. Mittwoch, 29. August 12
  • 6. Level 0 Do not collect logs at all. Mittwoch, 29. August 12
  • 7. Level 1 Collect logs. Mostly simple log files from email or HTTP servers. Mittwoch, 29. August 12
  • 8. Level 2 Use the logs for forensics and troubleshooting. Why was that email (not) sent out? Why was that HTTP 500 thrown? Mittwoch, 29. August 12
  • 9. Level 3 Save searches. The most basic case would be to save a grep command you used. Mittwoch, 29. August 12
  • 10. Level 4 Share searches. Store that search command somewhere so co-workers can find and use it to solve similar problems. Mittwoch, 29. August 12
  • 11. Level 5 Reporting. Easily generate reports from your logs. How many exceptions did we have this week, how many last week? Charts, PDF, stuff managers love! Mittwoch, 29. August 12
  • 12. Level 6 Alerting. Automate some of your troubleshooting tasks. Be warned automatically instead of waiting for a user to complain. Mittwoch, 29. August 12
  • 13. Level 7 Collect more logs! We may need more log sources for some use cases. Firewall logs, Router logs, even physical access logs. Mittwoch, 29. August 12
  • 14. Level 8 Correlation. Manual analysis of all that new data may take too long. Correlate different sources. Mittwoch, 29. August 12
  • 15. Level 9 Visual analysis. Mittwoch, 29. August 12
  • 16. Next levels Pattern detection, interactive visualization, dynamic queries, anomaly detection, more sharing, ... Mittwoch, 29. August 12
  • 17. You need a central place to send your logs to Mittwoch, 29. August 12
  • 18. You need a central place to send your logs to graylog2-server Mittwoch, 29. August 12
  • 19. You need a central place to make use of those logs graylog2-web-interface Mittwoch, 29. August 12
  • 22. How to send your logs Classic syslog via TCP/UDP GELF via TCP/UDP both via AMQP ...or write your own input plugins. Mittwoch, 29. August 12
  • 23. GELF Graylog Extended Log Format - Lets you structure your logs. Many libraries for different systems and languages available. Mittwoch, 29. August 12
  • 24. Example GELF message { ‘short_message’ : ‘Something went wrong’, ‘host’ : ‘some-host-1.example.org’, ‘severity’ : 2, ‘facility’ : ‘some subsystem’, ‘full_message’ : ‘Stacktrace and stuff’, ‘file’ : ‘some_controller.rb’, ‘line’ : 7, ‘_from_load_balancer’ : ‘lb-3’, ‘_user_id’ : 9001, ‘_http_response_code’ : 500 } Mittwoch, 29. August 12
  • 25. Two different types of log messages Mittwoch, 29. August 12
  • 26. Type I Automatically generated from a service. Usually huge amount of structured but raw data. You have only limited control about what is logged. Mittwoch, 29. August 12
  • 27. Type II Logs directly sent from within your applications. Triggered for example by a log.error() call or an exception catcher. Possible to send highly structured via GELF. Mittwoch, 29. August 12
  • 28. Architecture Hosts graylog2-server ElasticSearch MongoDB graylog2-web-interface You Mittwoch, 29. August 12
  • 29. How we do it rails-apps perl-app AMQP bus (every HTTP request ex/in) graylog2-server logjam fetch_logs syslog logstash hosts Around 5000 msgs / sec Mittwoch, 29. August 12
  • 30. Logstash Logstash works great together with Graylog2! Use it to filter and process logs. Central point to anonymize IP addresses and filter out credit card numbers. (Also possible in Graylog2) www.logstash.net Mittwoch, 29. August 12
  • 31. Logstash input filter output Mittwoch, 29. August 12
  • 32. Logstash inputs 20 inputs. For example: amqp, exec, file, GELF, heroku, log4j, pipe, redis, stdin, tcp, udp, xmpp, 0mq Mittwoch, 29. August 12
  • 33. Logstash filters 17 filters. For example: date, gelfify, grep, grok, mutate, dns, checksum Mittwoch, 29. August 12
  • 34. Logstash outputs 39 outputs. For example: amqp, GELF, elasticsearch, email, file, graphite, http, irc, mongodb, pagerduty, pipe, redis, riak, stdout, tcp, websocket, xmpp, 0mq Mittwoch, 29. August 12
  • 35. Decouple logging Sending of a log message must never interrupt application flow. Think about timeouts, latency, DNS problems, ... Mittwoch, 29. August 12
  • 36. Extract information to fields Have fields like user_id, http_response_code, _processed_controller, _processed_action, ... Mittwoch, 29. August 12
  • 37. ...and get powerful analytics _oauth_consumer_key = ‘acbd18db4cc2f85cedef654fccc4a4d8’ _processed_controller = ‘NewsfeedController’ _processed_action = ‘comment’ _http_method = ‘DELETE’ Is the iPhone application using a specific API call? Old versions using that call getting used less over time? Mittwoch, 29. August 12
  • 38. facility = ‘rails-app’ _source = ‘applogs’ _exception_type = ‘CSRFProtect::AuthenticityTokenMissingException’ You enforced the authenticity token CSRF protection system wide. This will go live next Wednesday. Prepare a stream that catches all Exceptions related to that. See where you forgot to adapt view/form behavior. Mittwoch, 29. August 12
  • 39. facility = ‘rails-app’ _source = ‘applogs’ _exception_type = ‘CSRFProtect::AuthenticityTokenMissingException’ ...and get a distribution of controllers that produce this error / were forgotten to adapt. Analytics shell: stream(csrf).distribution({_processed_controller}) -> Events::PostingsController (5347), Profile::SettingsController (459) Mittwoch, 29. August 12
  • 40. facility = ‘rails-app’ _source = ‘applogs’ _exception_type = ‘CSRFProtect::AuthenticityTokenMissingException’ ...or the specific actions in a controller stream(csrf).distribution({_processed_action}, _processed_controller = ‘Events::PostingsController’) -> destroy (42), create (5302) Mittwoch, 29. August 12
  • 41. _oauth_consumer_key = ‘acbd18db4cc2f85cedef654fccc4a4d8’ Give your in-house iPhone developers access to the logs they produce. Mittwoch, 29. August 12
  • 42. _oauth_consumer_key = ‘acbd18db4cc2f85cedef654fccc4a4d8’ _http_response_code = ^(4|5).* ...and let them see the errors they produce with one click on the “Errors from iPhone app” stream. Mittwoch, 29. August 12
  • 43. _http_response_code = 404 _from_lb = ‘lb-3’ Is there an imbalance of HTTP 404s caused by different load balancers? (possible config problem) all.distribution({_from_lb}, _http_response_code = 404) > lb-1 (5732), lb-2 (69), lb-3 (45), lb-4 (22) Mittwoch, 29. August 12
  • 44. host = “router-1” level = 3 Are there routers with especially high error rates? all.distribution({host}, level >= 4) > router-1 (0), router-2 (0), router-3 (0) Mittwoch, 29. August 12
  • 45. _processed_controller = “Session” _processed_action = “create” _http_return_code = 301 How many signups did you have today? all.count(_processed_controller = ‘Session’, _processed_action = ‘create’, _http_return_code = 301) > 294358 Mittwoch, 29. August 12
  • 46. _processed_controller = “Session” _processed_action = “create” _http_return_code = 301 ...and how many failed? Graph this! all.count(_processed_controller = ‘Session’, _processed_action = ‘create’, _http_return_code = 200) > 10452 Mittwoch, 29. August 12
  • 47. Forward messages to other hosts, feed Graphite, feed team dashboards, unleash the power of your logs! Extract everything you could ever need! How much you can do with the logs strongly depends on the message quality. Mittwoch, 29. August 12
  • 48. Coming in v0.9.7: Complete server re-write - Plugin system - Better performance - Possible to run multiple server instances in parallel Better web interface performance - Multiple indices - Recent index More new stuff like LDAP integration, more visualizations and analytics, JavaScript fixes, improvements and bugfixes! Mittwoch, 29. August 12
  • 49. Live demo / QA www.graylog2.org / @graylog2 (XING is hiring) Mittwoch, 29. August 12