OSDC 2014: Jordan Sissel & Lennart Koopmann - Intro to log management
description
Transcript of OSDC 2014: Jordan Sissel & Lennart Koopmann - Intro to log management
Log ManagementAn Introduction
Lennart Koopmann Jordan Sissel
What is a Log?
time + data
What is a Log?
37.5.55.31 - - [08/Apr/2014:15:31:30 -0400] "GET /images/web/2009/banner.png HTTP/1.1" 304 - "http://semicomplete.com/style2.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:28.0) Gecko/20100101 Firefox/28.0"
What is a Log? time + data
120707 0:40:34 4 Connect root@localhost on 4 Query select @@version_comment limit 1 120707 0:40:45 4 Query select * from mysql.user
What is a Log? time + data
?????? ???????
Kinds of Logs
Trace and Debug
Kinds of Logs
Accounting
Kinds of Logs
Transaction
Kinds of Logs
Problems
Difficult to Access
Problems
Too Many Logs
Problems Difficult to Access
Too Many Servers
Problems Difficult to Access
No Permissions :(
Problems Difficult to Access
Difficult to Consume
Problems
Unstructured
Problems Difficult to Consume
Requires Expertise
Problems Difficult to Consume
Requires Maintenance
Problems
Configuration
Problems Requires Maintenance
Log Retention
Problems Requires Maintenance
Bad Tooling
Problems
grep, ssh, awk
Problems Bad Tooling
Life of a Log
Life of a Log
Record
Transport
Search & Analyze
Archive
Delete
Sources of Logs
Vendor Hardware
Sources of Logs
Routers, VPNs, Printers, Phones, AWS CloudTrail, etc
Vendor Software
Sources of Logs
Nginx, Wordpress, Jira
In-house Software
Sources of Logs
Your company controls it
Solutions(Open Source!)
Solutions
Logstashfrom Elasticsearch
Graylog2from Torch