Rediculous easy centralized application logging & monitoring

Transcript

1. Ridiculously Easy Centralized Application Logging & Monitoring Marco Pas @marcopas

2. Goal Learn how to gather logging & monitoring information from

   distributed systems.
3. None
4. None
5. None

6. Let's make the world easier by using… Distributed Computing Monolith

   Microservices

7. 1st law of distributed computing “Do not distribute until you

   really need it“
8. None

9. Logging

10. • Providing useful information, seems hard! • Common Log Formats

    ◦ W3C, Common Log Format, Combined Log Format ◦ used for: ▪ Proxy & Web Servers • Agree upon Application Log Formats ◦ Do not forget -> Log levels! • Data security ◦ Do not log passwords or privacy related data Generate Collect Transport Store Analyze Alert

11. Some seriously useful log message :) • “No need to

    log, we know what is happening” • “Something happened not sure what” • “Empty log message” • “Lots of sh*t happing” • “It works b****” • “How did we end up here?” • “Okay i am getting tired of this error message” • “Does this work?” • “We hit a bug, still figuring out what” • “Call 911 we have a problem”

12. • Syslog / Syslog-ng • Files -> multiple places (/var/log)

    ◦ Near real time replication to remote destinations • Stdout ◦ Normally goes to /dev/null Generate Collect Transport Store Analyze Alert In container based environments logging to “Stdout” has the preference

13. • Specialized transporters and collectors available using frameworks like: ◦

    Logstash, Flume, Fluentd • Accumulate data coming from multiple hosts / services ◦ Multiple input sources • Optimized network traffic ◦ Pull / Push Generate Collect Transport Store Analyze Alert

14. Generate Collect Transport Store Analyze Alert • Where should it

    be stored? ◦ Short vs Long term ◦ Associated costs ◦ Speed of data ingestion & retrieval ◦ Data access policies (who needs access) • Example storage options: ◦ S3, Glacier, Tape backup ◦ HDFS, Cassandra, MongoDB or ElasticSearch

15. • Batch processing of log data ◦ HDFS, Hive, PIG

    → MapReduce Jobs • UI based Analyses ◦ Kibana, GrayLog2 Generate Collect Transport Store Analyze Alert

16. • Based on patterns or “calculated” metrics → send out

    events ◦ Trigger alert and send notifications • Logging != Monitoring ◦ Logging -> recording to diagnose a system ◦ Monitoring -> observation, checking and recording Generate Collect Transport Store Analyze Alert http_requests_total{method="post",code="200"} 1027 1395066363000 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

17. Logging

18. Distributed Logging

19. None

20. Need for a Unified Logging Layer

21. None

22. Fluentd • Open source log collector written in Ruby •

    Reliable, scalable and easy to extend ◦ Pluggable architecture ◦ Rubygem ecosystem for plugins • Reliable log forwarding

23. Example

24. Event structure • Tag ◦ Where an event comes from,

    used for message routing • Time ◦ When an event happens, Epoch time ◦ Parsed time coming from the datasource • Record ◦ Actual log content being a JSON object ◦ Internally MessagePack

25. Event example 192.168.0.1 - - [28/Feb/2013:12:00:00 +0900] "GET / HTTP/1.1"

    200 777 tag:: apache.access # set by configuration time: 1362020400 # 28/Feb/2013:12:00:00 +0900 record: {"user":"-","method":"GET","code":200,"size":777,"host":"192.168.0.1","path":"/"}

26. Configuration • Driven by a simple text based configuration file

    ◦ fluent.conf → Tell where the data comes from (input) → Tell fluentd what to do (output) → Event processing pipeline → Groups filter and output for internal routing <source><source/> <match></match> <filter></filter> source -> filter 1 -> ... -> filter N -> output <label></label>

27. # receive events via HTTP <source> @type http port 9880

    </source> # read logs from a file <source> @type tail path /var/log/httpd.log format apache tag apache.access </source> # save access logs to MongoDB <match apache.access> @type mongo database apache collection log </match> # add a field to an event <filter myapp.access> @type record_transformer <record> host_param "#{Socket.gethostname}" </record> </filter>

28. Demo: Capture Grails/Spring Boot Logs

29. Code Demo “Capture Grails/Spring Boot Logs”

30. Monitoring

31. Our scary movie “The Happy Developer” • Let's push out

    features • I can demo so it works :) • It works with 1 user, so it will work with multiple • Don’t worry about performance we will just scale using multiple machines/processes • Logging is into place

32. Did anyone notice? Disaster Strikes

33. Logging “recording to diagnose a system” Monitoring “observation, checking and

    recording” http_requests_total{method="post",code="200"} 1027 1395066363000 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 Logging != Monitoring

34. Vital Signs

35. Why Monitoring? • Know when things go wrong ◦ Detection

    & Alerting • Be able to debug and gain insight • Detect changes over time and drive technical/business decisions • Feed into other systems/processes (e.g. security, automation)

36. What to monitor? IT Network Operating System Services Applications Capture

    Monitoring Information metric data

37. Houston we have Storage problem! Storage metric data metric data

    metric data metric data metric data metric data metric data metric data metric data How to store the mass amount of metrics and also making them easy to query?

38. Time Series - Database • Time series data is a

    sequence of data points collected at regular intervals over a period of time. (metrics) ◦ Examples: ▪ Device data ▪ Weather data ▪ Stock prices ▪ Tide measurements ▪ Solar flare tracking • The data requires aggregation and analysis Time Series Database metric data • High write performance • Data compaction • Fast, easy range queries

39. metric name and a set of key-value pairs, also known

    as labels <metric name>{<label name>=<label value>, ...} value [ timestamp ] http_requests_total{method="post",code="200"} 1027 1395066363000 Time Series - Data format

40. Source: http://db-engines.com/en/ranking/time+series+dbms http://db-engines.com/en/ranking/time+series+dbms

41. Prometheus Overview

42. Prometheus Prometheus is an open-source systems monitoring and alerting toolkit

    originally built at SoundCloud. It is now a standalone open source project and maintained independently of any company. https://prometheus.io Implemented using

43. Prometheus Components • The main Prometheus server which scrapes and

    stores time series data • Client libraries for instrumenting application code • A push gateway for supporting short-lived jobs • Special-purpose exporters (for HAProxy, StatsD, Graphite, etc.) • An alertmanager • Various support tools

44. Prometheus Overview

45. List of Job Exporters • Prometheus managed: ◦ JMX ◦

    Node ◦ Graphite ◦ Blackbox ◦ SNMP ◦ HAProxy ◦ Consul ◦ Memcached ◦ AWS Cloudwatch ◦ InfluxDB ◦ StatsD ◦ ... • Custom ones: ◦ Database ◦ Hardware related ◦ Messaging systems ◦ Storage ◦ HTTP ◦ APIs ◦ Logging ◦ … https://prometheus.io/docs/instrumenting/exporters/

46. Demo: Application Monitoring

47. Code Demo “Prometheus monitoring including alerting”

48. That’s a wrap! Question? https://github.com/mpas/ridiculously-easy-centralized-application-logging-and-monitoring