drupal and logstash centralised logging
play

Drupal and Logstash: centralised logging Marji Cermak Marji Cermak - PowerPoint PPT Presentation

Jan 17, 2023 •185 likes •1k views

Drupal and Logstash: centralised logging Marji Cermak Marji Cermak Systems Engineer at Morpht @cermakm The BELK stack Marji Cermak @cermakm To get you an idea Customer says they get randomly redirected while browsing their website

  2. Drupal and Logstash: centralised logging Marji Cermak

  3. Marji Cermak Systems Engineer at Morpht @cermakm The BELK stack Marji Cermak @cermakm

  4. To get you an idea Customer says they get randomly redirected while browsing their website… The BELK stack The BELK stack Marji Cermak @cermakm Marji Cermak @cermakm

  5. The old school $ grep ' 30[1234] ' /var/logs/apache2/access.log | grep -v baidu | grep -v Googlebot 173.230.156.8 - - [04/Sep/2015:06:10:10 +0000] "GET /morpht HTTP/1.0" 301 26 "-" "Mozilla/5.0 (pc-x86_64-linux-gnu)" 192.3.83.5 - - [04/Sep/2015:06:10:22 +0000] "GET /?q=node/add HTTP/1.0" 301 26 "http://morpht.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5" 192.3.83.5 - - [04/Sep/2015:06:10:23 +0000] "GET /?q=user/register HTTP/1.0" 301 26 "http://morpht.com/node/add" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600. 2.5" The BELK stack Marji Cermak @cermakm

  6. The new school logtype: "apache" AND website: "mysite" AND server_response: [301 TO 304] The BELK stack Marji Cermak @cermakm

  7. The BELK stack Marji Cermak @cermakm

  8. The BELK stack Marji Cermak @cermakm

  9. The BELK stack Marji Cermak @cermakm

  10. What have we just seen? ✤ These were interactions with Kibana. ✤ We executed a query, created several visualisations. ✤ But what else is under the hood? ✤ And where is logstash? The BELK stack Marji Cermak @cermakm

  11. The BELK stack Marji Cermak @cermakm Source: "Family of Elk on Grassland" (CC BY-NC-ND 2.0) by Princess-Lodges

  12. The ELK stack E lasticsearch L ogstash K ibana The BELK stack Marji Cermak @cermakm

  13. Source: https://www.elastic.co/blog/heya-elastic-stack-and-x-pack The BELK stack Marji Cermak @cermakm

  14. The BELK stack B eats E lasticsearch L ogstash K ibana The BELK stack Marji Cermak @cermakm

  15. The elastic stack The BELK stack Marji Cermak @cermakm

  16. The elastic stack The BELK stack Marji Cermak @cermakm

  17. The stack’s goal ✤ Take data from any source, any format, The BELK stack Marji Cermak @cermakm

  18. The stack’s goal ✤ Take data from any source, any format, ✤ process, transform and enrich it, The BELK stack Marji Cermak @cermakm

  19. The stack’s goal ✤ Take data from any source, any format, ✤ process, transform and enrich it, ✤ store it, The BELK stack Marji Cermak @cermakm

  20. The stack’s goal ✤ Take data from any source, any format, ✤ process, transform and enrich it, ✤ store it, ✤ so you can search, analyse and visualise it in real time. The BELK stack Marji Cermak @cermakm

  21. The four components The BELK stack Marji Cermak @cermakm

  22. E lasticsearch ✤ open source, full-text search analytic engine ✤ distributed, High Availability ✤ designed for horizontal scalability and reliability ✤ based on Apache Lucene (like Apache solr) ✤ written in Java The BELK stack Marji Cermak @cermakm

  23. L ogstash ✤ tool to collect, process, and forward events and log messages ✤ data collection, enrichment and transformation pipeline ✤ configurable input and output plugins ✤ e.g. logfile, MS windows eventlog, socket, Syslog, redis, salesforce, Drupal DBLog The BELK stack Marji Cermak @cermakm

  24. Source: https://www.elastic.co/guide/en/logstash/current/introduction.html The BELK stack Marji Cermak @cermakm

  25. L ogstash dozens of input plugins Beats ✤ file ✤ TCP, UDP, websocket ✤ syslog ✤ redis ✤ MS windows eventlog ✤ drupal_dblog ✤ The BELK stack Marji Cermak @cermakm

  26. L ogstash dozens of input plugins file ✤ TCP, UDP, websocket ✤ dozens of output plugins syslog ✤ redis, SQS ✤ graphite, influxdb ✤ nagios, zabbix ✤ jira, redmine ✤ s3 ✤ elasticsearch ✤ The BELK stack Marji Cermak @cermakm

  27. L ogstash dozens of input plugins grok ✤ mutate ✤ dozens of output plugins drop ✤ date ✤ dozens of filter plugins geoip ✤ The BELK stack Marji Cermak @cermakm

  28. K ibana ✤ open source data visualisation platform ✤ allows to interact with data through powerful graphics ✤ brings data to life with visuals The BELK stack Marji Cermak @cermakm

  29. B eats ✤ Open source data shippers ✤ Lightweight ✤ e.g. network packets, log files The BELK stack Marji Cermak @cermakm

  30. The BELK flow Elasticsearch Kibana The BELK stack Marji Cermak @cermakm

  31. The BELK flow Data Source Elasticsearch Data Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  32. The BELK flow Data Source Elasticsearch Logstash Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  33. The BELK flow Data B Source Elasticsearch Logstash Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  34. The BELK flow Data B Logstash Source Elasticsearch Input Filter Output plugin plugin plugin Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  35. The BELK stack Marji Cermak @cermakm

  36. Docker Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. The BELK stack Marji Cermak @cermakm

  37. Docker Docker is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. The BELK stack Marji Cermak @cermakm

  38. Docker Logstash Hello World! docker run -it --rm logstash:2.3 logstash -e ' input { stdin { } } output { stdout { codec => rubydebug} }' 107.187.90.29 - - [05/Sep/2015:01:14:02 +0000] "GET / HTTP/1.1" 200 453 "-" "curl/7.21.0" The BELK stack Marji Cermak @cermakm

  39. Docker Logstash Hello World, apache! docker run -it --rm logstash:2.3 logstash -e ' input { stdin { } } filter { grok { match => [ "message", "%{COMBINEDAPACHELOG}"]}} output { stdout { codec => rubydebug } }' 107.187.90.29 - - [05/Sep/2015:01:14:02 +0000] "GET / HTTP/1.1" 200 453 "-" "curl/7.21.0" The BELK stack Marji Cermak @cermakm

  40. Now let’s try this Data B Logstash Source Elasticsearch Input Filter Output plugin plugin plugin Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  41. Docker ELK Let’s run 3 docker images: $ docker run --name myes -d elasticsearch:2.3 $ docker run --name mykibana --link myes:elasticsearch -p 5601:5601 -d kibana:4.5 $ docker run --rm --link myes:elasticsearch -v ${PWD}/config-dir:/config-dir -v ${PWD}/source:/source logstash:2.3 logstash -f /config-dir The BELK stack Marji Cermak @cermakm

  42. Is it going to work this time? :) Local demo The BELK stack Marji Cermak @cermakm

  43. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile The BELK stack Marji Cermak @cermakm

  44. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile ✤ Logstash filter matching them with COMBINEDAPACHELOG pattern The BELK stack Marji Cermak @cermakm

  45. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile ✤ Logstash filter matching them with COMBINEDAPACHELOG pattern ✤ Logstash output storing parsed lines to Elasticsearch The BELK stack Marji Cermak @cermakm

  46. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile ✤ Logstash filter matching them with COMBINEDAPACHELOG pattern ✤ Logstash output storing parsed lines to Elasticsearch ✤ Kibana querying the data from Elasticsearch , visualising them The BELK stack Marji Cermak @cermakm

  47. L ogstash input { dozens of input plugins file { path => "/source/access.log" type => "apache" dozens of output plugins start_position => "beginning" } } output { elasticsearch { hosts => ["myes"] } stdout { codec => rubydebug } } The BELK stack Marji Cermak @cermakm

  48. L ogstash filter { dozens of input plugins if [type] == "apache" { grok { match => [ dozens of output plugins "message", "%{COMBINEDAPACHELOG}" ] } dozens of filter plugins } } The BELK stack Marji Cermak @cermakm

  49. L ogstash filter { dozens of input plugins if [type] == "apache" { grok { match => [ dozens of output plugins "message", "%{COMBINEDAPACHELOG}" ] } dozens of filter plugins geoip { source => "clientip" } } } The BELK stack Marji Cermak @cermakm

  50. L ogstash filter { dozens of input plugins if [type] == "apache" { grok { match => [ dozens of output plugins "message", "%{COMBINEDAPACHELOG}" ] } dozens of filter plugins geoip { source => "clientip" } date { locale => "en" match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ] } } } The BELK stack Marji Cermak @cermakm

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up?

JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up?

JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up? Elasticsearch fast Splunk MongoDB file system scalable other logstash Kibana graylog logstash rsyslog graylog fluentd Elasticsearch Head

186 views • 18 slides
Trying to Outpace Log Collection with ELK Elasticsearch, Logstash, Kibana Time: 0:10 Hi

Trying to Outpace Log Collection with ELK Elasticsearch, Logstash, Kibana Time: 0:10 Hi

Trying to Outpace Log Collection with ELK Elasticsearch, Logstash, Kibana Time: 0:10 Hi everyone! Im Neil Schelly, a sysadmin up at Dyn in New Hampshire. Ive been focused for the last year on a project to get centralized logging in place

782 views • 61 slides
Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices flowing, and help give a broad overview of Drupal jargon, Drupal Architecture & the Drupal Community... May 21st, 2010 - SNHU, Manchester, NH

1.12k views • 52 slides
Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and

Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and

Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and Cons) Examples of what Drupal can do How to download and install Drupal How to use Drupals user interface What is Drupal? Drupal

319 views • 18 slides
Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson

Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson

Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson DrupalCamp Florida March 2016 Drupal Drupal Drupal Drupal Drupal Drupal Drupal User Stories Demo Site Drupal 8 core Bootstrap subtheme

537 views • 24 slides
Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy equipment. Robert VanNatta, Logging History of Columbia County Database Management

534 views • 26 slides
A centralised ElasticSearch service: Design ideas and status Motivation for a centralised ES

A centralised ElasticSearch service: Design ideas and status Motivation for a centralised ES

A centralised ElasticSearch service: Design ideas and status Motivation for a centralised ES service Project Mandat Organisation Team Strategy and design Status and resources Issues PaaS Conclusions/summary

653 views • 20 slides
Why Im looking forward to Drupal 8 Who Am I? Jim Taylor drupal.org/u/bigjim @jalama

Why Im looking forward to Drupal 8 Who Am I? Jim Taylor drupal.org/u/bigjim @jalama

Why Im looking forward to Drupal 8 Who Am I? Jim Taylor drupal.org/u/bigjim @jalama Currently: Manager, Web Development @ Highlights for Children Yes Were Hiring! Started with Drupal in 2007 (Drupal 5.2) Past Roles: Owned a small

546 views • 31 slides
DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal

DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal

DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal Camp 2014 | Orlando, Florida DRUPAL [ REMOTELY ] WHATS ON THE MENU TODAY? Working Remotely Challenges Finding Remote Employment [

578 views • 19 slides
Debugging & Logging Java Logging Java has built-in support for logging Logs contain

Debugging & Logging Java Logging Java has built-in support for logging Logs contain

Debugging & Logging Java Logging Java has built-in support for logging Logs contain messages that provide information to Software developers (e.g., debugging) System administrators Customer support agents Programs send

254 views • 10 slides
Logging in: 1. You will receive an email indicating that a user account has been created for you.

Logging in: 1. You will receive an email indicating that a user account has been created for you.

Drupal Use Case Providers Logging in: 1. You will receive an email indicating that a user account has been created for you. The email will include an activation URL. 2. Click the first URL. Once the URL is clicked, youll be presented with

254 views • 9 slides
TomskGAZPROMgeofjzika Company Profjle { Logging while drilling { Production logging for reservoir

TomskGAZPROMgeofjzika Company Profjle { Logging while drilling { Production logging for reservoir

TomskGAZPROMgeofjzika Geophysical Services We provide full range of well logging and mud logging op- erations, cement quality control, MWD and well engineering services throughout Western and Eastern Siberia. Over 15 years of top quality

554 views • 31 slides
Review of pre-submission interactions in the centralised procedure and best practices 3 rd

Review of pre-submission interactions in the centralised procedure and best practices 3 rd

Review of pre-submission interactions in the centralised procedure and best practices 3 rd Industry stakeholder platform on the operation of the centralised procedure for human medicinal products Presented by Michael Berntgen and Hector Boix

354 views • 13 slides
LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

Outline Launching of t he LHC Logging proj ect Mandat e, scope and obj ect ives LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic f unct ionalit ies Filt ering of dat a I nt erf acing t o ot

667 views • 3 slides
2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin

2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin

2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin drupal.org/u/pwolanin Track: Core Conversations events.drupal.org/dublin2016/sessions/routing-drupal-9-and-lessons-learned-drupal-8 This is a Conversation If I get

631 views • 23 slides
Drupal for Designers Not decorating on top of what Drupal gives you, but rather, letting

Drupal for Designers Not decorating on top of what Drupal gives you, but rather, letting

Drupal for Designers Not decorating on top of what Drupal gives you, but rather, letting Drupals default behavior simply provide a guide for your design. Drupal for Designers by Dani Nordin http://my.safaribooksonline.com

736 views • 26 slides
dra$-ie(-cdni-logging Open Discussion Non-Real-Time vs

dra$-ie(-cdni-logging Open Discussion Non-Real-Time vs

dra$-ie(-cdni-logging Open Discussion Non-Real-Time vs Real-Time Observa:ons: Different understanding of what real-:me means

453 views • 12 slides
RHIP COUNCIL No November 17, 17, 2020 2020 Meeting Objectives Det eter ermine n e next

RHIP COUNCIL No November 17, 17, 2020 2020 Meeting Objectives Det eter ermine n e next

RHIP COUNCIL No November 17, 17, 2020 2020 Meeting Objectives Det eter ermine n e next s steps eps f for r equ equity wo work rk He Hear ar key ey upd pdates es r rel elated t to He Heal althConnect an and Trueblo

791 views • 47 slides
Emerging Service Provider Scenarios for IPv6 Deployment draft-carpenter-v6ops-isp-scenarios-01

Emerging Service Provider Scenarios for IPv6 Deployment draft-carpenter-v6ops-isp-scenarios-01

Emerging Service Provider Scenarios for IPv6 Deployment draft-carpenter-v6ops-isp-scenarios-01 Brian Carpenter University of Auckland Sheng Jiang Huawei March 2010 1 1 Motivation Its several years since the IETF last worked on ISP

516 views • 20 slides
Sequence-to-sequence models used for machine translation and Murat Apishev Katya Artemova

Sequence-to-sequence models used for machine translation and Murat Apishev Katya Artemova

Sequence-to-sequence models used for machine translation and Murat Apishev Katya Artemova Computational Pragmatics Lab, HSE December 2, 2019 Apishev, Artemova (HSE) Sequence-to-sequence models December 2, 2019 1 / 67 Machine translation

970 views • 67 slides
USING SCL TO SIMPLIFY SYSLOG-NG CONFIGURATION Libre Software Meeting 2017 Peter Czanik / Balabit

USING SCL TO SIMPLIFY SYSLOG-NG CONFIGURATION Libre Software Meeting 2017 Peter Czanik / Balabit

USING SCL TO SIMPLIFY SYSLOG-NG CONFIGURATION Libre Software Meeting 2017 Peter Czanik / Balabit SCL syslog-ng configuration library Reusable configuration blocks Hide away complexity of configuration 2 apache-accesslog-parser()

341 views • 7 slides
Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I

Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I

Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I

750 views • 58 slides
Survival analysis techniques for studying cybercrime Tyler Moore Computer Science &

Survival analysis techniques for studying cybercrime Tyler Moore Computer Science &

Notes Survival analysis techniques for studying cybercrime Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX November 1, 2012 Case-control studies for analyzing data Survival analysis Notes Outline Case-control

401 views • 6 slides
CS261N: Internet/Network Security Surveillance Who am I? Computer Science PhD Candidate at UC

CS261N: Internet/Network Security Surveillance Who am I? Computer Science PhD Candidate at UC

CS261N: Internet/Network Security Surveillance Who am I? Computer Science PhD Candidate at UC Berkeley Co-Founder of Bahrain Watch Senior Researcher at Citizen Lab Value Description 0 Not targeted , e.g. spam or financially motivated

1.06k views • 38 slides

More recommend