logging for openstack - elasticsearch, fluentd, logstash, kibana
TRANSCRIPT
![Page 1: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/1.jpg)
OPENSTACK&
LOGGING
![Page 2: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/2.jpg)
ABOUT ME
Md Safiyat Reza
Fresh out of college!
Open-source enthusiast
An EMACS and KDE user.
Software Engineer at Snapdeal.com
safiyat
@reza_safiyat
![Page 3: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/3.jpg)
Logs are boring!
![Page 4: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/4.jpg)
nova-compute nova-network nova-manage nova-conductor nova-scheduler nova-api nova-cert nova-console nova-consoleauth nova-dhcpbridge
apache logs
cinder-apicinder-schedulercinder-volume
syslog
keystone
glance-api glance-registry
dhcp-agent l3-agent metadata-agent openvswitch-agent server.log openvswitch-server
Lots of logs!
![Page 5: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/5.jpg)
![Page 6: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/6.jpg)
What logs contain...TIMESTAMP
PID
NAME
REQUESTID
USERID
TENANTID
[INSTANCE INSTANCEID]
MESSAGE
![Page 7: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/7.jpg)
All that is fine,
How to use them?
![Page 8: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/8.jpg)
When shit happens...
DEBUG INFO AUDIT WARNING ERROR CRITICAL TRACE
![Page 9: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/9.jpg)
Use logs for a good cause.
![Page 10: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/10.jpg)
![Page 11: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/11.jpg)
Log Collection, Aggregation & Visualization
![Page 12: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/12.jpg)
Log Collectors and Aggregators
![Page 13: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/13.jpg)
The flow of logs
![Page 14: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/14.jpg)
• Open source• Centralized logging• Collection & Transport• High availability
• Written in Ruby• Requires Ruby (alt. td-agent)• XML-styled configuration• Plugins available• Owned by Treasure Data
• Written in JRuby• Requires JVM• JSON-styled configuration• A lot and lot of plugins• Owned by Elastic
![Page 15: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/15.jpg)
<source>path /var/log/syslogtype syslogformat grokgrok_pattern %{SYSLOGLINE}tag system
</source>
<filter> type record_transformer enable_ruby <record> timestamp ${timestamp.gsub!(" ", "T");
timestamp.gsub(/\.\d*/, "+05:30"} </record></filter>
<match *> type forest subtype elasticsearch <template> host elasticsearchhost index_name someindexname type_name sometypename </template></match>
Fluentd: syslog to elasticsearch
![Page 16: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/16.jpg)
input { file { path => "/var/log/syslog" start_position => beginning type => syslog sincedb_path => "/dev/null" }}
filter { Grok { match => [ "message", "%{SYSLOGLINE:log}" ] }}
output { file { path => "/home/safiyat/kafkaop" } elasticsearch { protocol => "http" }}
Logstash: syslog to elasticsearch
![Page 17: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/17.jpg)
Kibana
![Page 18: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/18.jpg)
Kibana, again.
![Page 19: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/19.jpg)
Thank you for bearing this!
![Page 20: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/20.jpg)
![Page 21: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/21.jpg)
![Page 22: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/22.jpg)
![Page 23: Logging for OpenStack - Elasticsearch, Fluentd, Logstash, Kibana](https://reader034.vdocuments.us/reader034/viewer/2022050614/58ef44d91a28ab9d1b8b45d9/html5/thumbnails/23.jpg)