drupal and logstash centralised logging

Drupal and Logstash: centralised logging Marji Cermak Marji Cermak - PowerPoint PPT Presentation

Jan 17, 2023 •185 likes •1k views

Drupal and Logstash: centralised logging Marji Cermak Marji Cermak Systems Engineer at Morpht @cermakm The BELK stack Marji Cermak @cermakm To get you an idea Customer says they get randomly redirected while browsing their website

  2. Drupal and Logstash: centralised logging Marji Cermak

  3. Marji Cermak Systems Engineer at Morpht @cermakm The BELK stack Marji Cermak @cermakm

  4. To get you an idea Customer says they get randomly redirected while browsing their website… The BELK stack The BELK stack Marji Cermak @cermakm Marji Cermak @cermakm

  5. The old school $ grep ' 30[1234] ' /var/logs/apache2/access.log | grep -v baidu | grep -v Googlebot 173.230.156.8 - - [04/Sep/2015:06:10:10 +0000] "GET /morpht HTTP/1.0" 301 26 "-" "Mozilla/5.0 (pc-x86_64-linux-gnu)" 192.3.83.5 - - [04/Sep/2015:06:10:22 +0000] "GET /?q=node/add HTTP/1.0" 301 26 "http://morpht.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5" 192.3.83.5 - - [04/Sep/2015:06:10:23 +0000] "GET /?q=user/register HTTP/1.0" 301 26 "http://morpht.com/node/add" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600. 2.5" The BELK stack Marji Cermak @cermakm

  6. The new school logtype: "apache" AND website: "mysite" AND server_response: [301 TO 304] The BELK stack Marji Cermak @cermakm

  7. The BELK stack Marji Cermak @cermakm

  8. The BELK stack Marji Cermak @cermakm

  9. The BELK stack Marji Cermak @cermakm

  10. What have we just seen? ✤ These were interactions with Kibana. ✤ We executed a query, created several visualisations. ✤ But what else is under the hood? ✤ And where is logstash? The BELK stack Marji Cermak @cermakm

  11. The BELK stack Marji Cermak @cermakm Source: "Family of Elk on Grassland" (CC BY-NC-ND 2.0) by Princess-Lodges

  12. The ELK stack E lasticsearch L ogstash K ibana The BELK stack Marji Cermak @cermakm

  13. Source: https://www.elastic.co/blog/heya-elastic-stack-and-x-pack The BELK stack Marji Cermak @cermakm

  14. The BELK stack B eats E lasticsearch L ogstash K ibana The BELK stack Marji Cermak @cermakm

  15. The elastic stack The BELK stack Marji Cermak @cermakm

  16. The elastic stack The BELK stack Marji Cermak @cermakm

  17. The stack’s goal ✤ Take data from any source, any format, The BELK stack Marji Cermak @cermakm

  18. The stack’s goal ✤ Take data from any source, any format, ✤ process, transform and enrich it, The BELK stack Marji Cermak @cermakm

  19. The stack’s goal ✤ Take data from any source, any format, ✤ process, transform and enrich it, ✤ store it, The BELK stack Marji Cermak @cermakm

  20. The stack’s goal ✤ Take data from any source, any format, ✤ process, transform and enrich it, ✤ store it, ✤ so you can search, analyse and visualise it in real time. The BELK stack Marji Cermak @cermakm

  21. The four components The BELK stack Marji Cermak @cermakm

  22. E lasticsearch ✤ open source, full-text search analytic engine ✤ distributed, High Availability ✤ designed for horizontal scalability and reliability ✤ based on Apache Lucene (like Apache solr) ✤ written in Java The BELK stack Marji Cermak @cermakm

  23. L ogstash ✤ tool to collect, process, and forward events and log messages ✤ data collection, enrichment and transformation pipeline ✤ configurable input and output plugins ✤ e.g. logfile, MS windows eventlog, socket, Syslog, redis, salesforce, Drupal DBLog The BELK stack Marji Cermak @cermakm

  24. Source: https://www.elastic.co/guide/en/logstash/current/introduction.html The BELK stack Marji Cermak @cermakm

  25. L ogstash dozens of input plugins Beats ✤ file ✤ TCP, UDP, websocket ✤ syslog ✤ redis ✤ MS windows eventlog ✤ drupal_dblog ✤ The BELK stack Marji Cermak @cermakm

  26. L ogstash dozens of input plugins file ✤ TCP, UDP, websocket ✤ dozens of output plugins syslog ✤ redis, SQS ✤ graphite, influxdb ✤ nagios, zabbix ✤ jira, redmine ✤ s3 ✤ elasticsearch ✤ The BELK stack Marji Cermak @cermakm

  27. L ogstash dozens of input plugins grok ✤ mutate ✤ dozens of output plugins drop ✤ date ✤ dozens of filter plugins geoip ✤ The BELK stack Marji Cermak @cermakm

  28. K ibana ✤ open source data visualisation platform ✤ allows to interact with data through powerful graphics ✤ brings data to life with visuals The BELK stack Marji Cermak @cermakm

  29. B eats ✤ Open source data shippers ✤ Lightweight ✤ e.g. network packets, log files The BELK stack Marji Cermak @cermakm

  30. The BELK flow Elasticsearch Kibana The BELK stack Marji Cermak @cermakm

  31. The BELK flow Data Source Elasticsearch Data Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  32. The BELK flow Data Source Elasticsearch Logstash Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  33. The BELK flow Data B Source Elasticsearch Logstash Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  34. The BELK flow Data B Logstash Source Elasticsearch Input Filter Output plugin plugin plugin Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  35. The BELK stack Marji Cermak @cermakm

  36. Docker Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. The BELK stack Marji Cermak @cermakm

  37. Docker Docker is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. The BELK stack Marji Cermak @cermakm

  38. Docker Logstash Hello World! docker run -it --rm logstash:2.3 logstash -e ' input { stdin { } } output { stdout { codec => rubydebug} }' 107.187.90.29 - - [05/Sep/2015:01:14:02 +0000] "GET / HTTP/1.1" 200 453 "-" "curl/7.21.0" The BELK stack Marji Cermak @cermakm

  39. Docker Logstash Hello World, apache! docker run -it --rm logstash:2.3 logstash -e ' input { stdin { } } filter { grok { match => [ "message", "%{COMBINEDAPACHELOG}"]}} output { stdout { codec => rubydebug } }' 107.187.90.29 - - [05/Sep/2015:01:14:02 +0000] "GET / HTTP/1.1" 200 453 "-" "curl/7.21.0" The BELK stack Marji Cermak @cermakm

  40. Now let’s try this Data B Logstash Source Elasticsearch Input Filter Output plugin plugin plugin Data B Source Kibana Data Source The BELK stack Marji Cermak @cermakm

  41. Docker ELK Let’s run 3 docker images: $ docker run --name myes -d elasticsearch:2.3 $ docker run --name mykibana --link myes:elasticsearch -p 5601:5601 -d kibana:4.5 $ docker run --rm --link myes:elasticsearch -v ${PWD}/config-dir:/config-dir -v ${PWD}/source:/source logstash:2.3 logstash -f /config-dir The BELK stack Marji Cermak @cermakm

  42. Is it going to work this time? :) Local demo The BELK stack Marji Cermak @cermakm

  43. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile The BELK stack Marji Cermak @cermakm

  44. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile ✤ Logstash filter matching them with COMBINEDAPACHELOG pattern The BELK stack Marji Cermak @cermakm

  45. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile ✤ Logstash filter matching them with COMBINEDAPACHELOG pattern ✤ Logstash output storing parsed lines to Elasticsearch The BELK stack Marji Cermak @cermakm

  46. What we have just seen (In case it worked :) ✤ Logstash input reading lines from apache logfile ✤ Logstash filter matching them with COMBINEDAPACHELOG pattern ✤ Logstash output storing parsed lines to Elasticsearch ✤ Kibana querying the data from Elasticsearch , visualising them The BELK stack Marji Cermak @cermakm

  47. L ogstash input { dozens of input plugins file { path => "/source/access.log" type => "apache" dozens of output plugins start_position => "beginning" } } output { elasticsearch { hosts => ["myes"] } stdout { codec => rubydebug } } The BELK stack Marji Cermak @cermakm

  48. L ogstash filter { dozens of input plugins if [type] == "apache" { grok { match => [ dozens of output plugins "message", "%{COMBINEDAPACHELOG}" ] } dozens of filter plugins } } The BELK stack Marji Cermak @cermakm

  49. L ogstash filter { dozens of input plugins if [type] == "apache" { grok { match => [ dozens of output plugins "message", "%{COMBINEDAPACHELOG}" ] } dozens of filter plugins geoip { source => "clientip" } } } The BELK stack Marji Cermak @cermakm

  50. L ogstash filter { dozens of input plugins if [type] == "apache" { grok { match => [ dozens of output plugins "message", "%{COMBINEDAPACHELOG}" ] } dozens of filter plugins geoip { source => "clientip" } date { locale => "en" match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ] } } } The BELK stack Marji Cermak @cermakm

Recommend

Drupal 8s multilingual APIs Gbor Hojtsy DRUPAL 7 MULTILINGUAL DRUPAL 7 MULTILINGUAL Drupal

Drupal 8s multilingual APIs Gbor Hojtsy DRUPAL 7 MULTILINGUAL DRUPAL 7 MULTILINGUAL Drupal

Drupal 8s multilingual APIs Gbor Hojtsy DRUPAL 7 MULTILINGUAL DRUPAL 7 MULTILINGUAL Drupal CORE DRUPAL 7 MULTILINGUAL LOCALE Drupal CORE DRUPAL 7 MULTILINGUAL LOCALE L10n UP m Drupal CORE DRUPAL 7 MULTILINGUAL LOCALE

916 views • 73 slides
Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and

Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and

Introduction to Drupal Andrew Rudy Outline What is Drupal Why use Drupal (Pros and Cons) Examples of what Drupal can do How to download and install Drupal How to use Drupals user interface What is Drupal? Drupal

319 views • 18 slides
Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson

Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson

Mostly Core Constructing real world sites [mostly] using Drupal 8 core Karen Stevenson DrupalCamp Florida March 2016 Drupal Drupal Drupal Drupal Drupal Drupal Drupal User Stories Demo Site Drupal 8 core Bootstrap subtheme

537 views • 24 slides
Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices

Drupal Basics an introduction to Drupal This introductory session will get the Drupal juices flowing, and help give a broad overview of Drupal jargon, Drupal Architecture & the Drupal Community... May 21st, 2010 - SNHU, Manchester, NH

1.12k views • 52 slides
DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal

DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal

DRUPAL [ REMOTELY ] Is Remote Drupal Employment For You? Gray Sadler, Drupal Developer Drupal Camp 2014 | Orlando, Florida DRUPAL [ REMOTELY ] WHATS ON THE MENU TODAY? Working Remotely Challenges Finding Remote Employment [

578 views • 19 slides
2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin

2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin

2016-09-28 Routing in Drupal 9, and lessons learned in Drupal 8 Peter Wolanin drupal.org/u/pwolanin Track: Core Conversations events.drupal.org/dublin2016/sessions/routing-drupal-9-and-lessons-learned-drupal-8 This is a Conversation If I get

631 views • 23 slides
FormAPI + Drupal 8 Form and AJAX Mikhail Kraynuk Mikhail Kraynuk Drupal Senior Developer About

FormAPI + Drupal 8 Form and AJAX Mikhail Kraynuk Mikhail Kraynuk Drupal Senior Developer About

FormAPI + Drupal 8 Form and AJAX Mikhail Kraynuk Mikhail Kraynuk Drupal Senior Developer About my experience in Drupal development Development Project management Drupal audit Drupal Localization Mikhail Kraynuk Drupal

625 views • 21 slides
Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Speaker notes Talk to me

Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Speaker notes Talk to me

Talk to me Drupal Talk to me Drupal Using Drupal to power a Voice App Speaker notes Talk to me Drupal; Using Drupal to power a Voice App You should be able to follow along by visiting the link below. If you have an Echo device, please mute the

1.67k views • 87 slides
JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up?

JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up?

JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up? Elasticsearch fast Splunk MongoDB file system scalable other logstash Kibana graylog logstash rsyslog graylog fluentd Elasticsearch Head

186 views • 18 slides
What is Drupal Haydn? Bill Bohling, M.C. sunset_bill, D.O. Welcome to What is Drupal Haydn. Im

What is Drupal Haydn? Bill Bohling, M.C. sunset_bill, D.O. Welcome to What is Drupal Haydn. Im

What is Drupal Haydn? Bill Bohling, M.C. sunset_bill, D.O. Welcome to What is Drupal Haydn. Im your host, Bill Bohling. My Drupal id is sunset_bill. I am not a Symfony developer, I do Drupal at Turner. I first heard about Symfony and Drupal

1k views • 68 slides
What is Drupal? Or What is this Drew-Paul thing you do? Drupal for the average person

What is Drupal? Or What is this Drew-Paul thing you do? Drupal for the average person

What is Drupal? Or What is this Drew-Paul thing you do? Drupal for the average person Drupal lets me build websites that help people build their own websites without needing to know anything about programming Drupal for IT People Drupal

627 views • 26 slides
Custom Content Migrations to Drupal 8 Getting your stuff into Drupal 8 Michael Anello

Custom Content Migrations to Drupal 8 Getting your stuff into Drupal 8 Michael Anello

Custom Content Migrations to Drupal 8 Getting your stuff into Drupal 8 Michael Anello DrupalEasy/Anello Consulting, Inc. drupaleasy.com ultimike on drupal.org (drupal.org/u/ultimike) @ultimike Drupal 8 core contributor -

469 views • 31 slides
www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog

www.drupaleurope.org The Future of Drupal Watchdog Magazine Brian Osborn, Drupal Watchdog Publisher Drupal Community Track Drupal Watchdog @drupalwatchdog www.drupalwatchdog.com Drupal Watchdog - History First launched in 2011

358 views • 11 slides
Staging Drupal Change Management Strategies for Drupal DrupalCamp CT 2010 Staging Drupal

Staging Drupal Change Management Strategies for Drupal DrupalCamp CT 2010 Staging Drupal

Staging Drupal Change Management Strategies DrupalCamp CT 2010 Staging Drupal Change Management Strategies for Drupal DrupalCamp CT 2010 Staging Drupal Change Management Strategies DrupalCamp CT 2010 Introductions Erich Beyrent

578 views • 28 slides
ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview

ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview

ALMA Common Software Basic Track Logging and Error Systems Logging system conceptual overview Logging system The logging system provide status and diagnostic information historical archive filtering capabilities by

305 views • 11 slides
DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #5: LOGGING

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #5: LOGGING

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #5: LOGGING AND RECOVERY PROTOCOLS 2 TODAYS AGENDA Logging Schemes Crash Course on ARIES protocol Physical Logging Logical Logging 3 LOGGING &

1.64k views • 125 slides
dra$-ie(-cdni-logging Open Discussion Non-Real-Time vs

dra$-ie(-cdni-logging Open Discussion Non-Real-Time vs

dra$-ie(-cdni-logging Open Discussion Non-Real-Time vs Real-Time Observa:ons: Different understanding of what real-:me means

453 views • 12 slides
RHIP COUNCIL No November 17, 17, 2020 2020 Meeting Objectives Det eter ermine n e next

RHIP COUNCIL No November 17, 17, 2020 2020 Meeting Objectives Det eter ermine n e next

RHIP COUNCIL No November 17, 17, 2020 2020 Meeting Objectives Det eter ermine n e next s steps eps f for r equ equity wo work rk He Hear ar key ey upd pdates es r rel elated t to He Heal althConnect an and Trueblo

791 views • 47 slides
Emerging Service Provider Scenarios for IPv6 Deployment draft-carpenter-v6ops-isp-scenarios-01

Emerging Service Provider Scenarios for IPv6 Deployment draft-carpenter-v6ops-isp-scenarios-01

Emerging Service Provider Scenarios for IPv6 Deployment draft-carpenter-v6ops-isp-scenarios-01 Brian Carpenter University of Auckland Sheng Jiang Huawei March 2010 1 1 Motivation Its several years since the IETF last worked on ISP

517 views • 20 slides
Sequence-to-sequence models used for machine translation and Murat Apishev Katya Artemova

Sequence-to-sequence models used for machine translation and Murat Apishev Katya Artemova

Sequence-to-sequence models used for machine translation and Murat Apishev Katya Artemova Computational Pragmatics Lab, HSE December 2, 2019 Apishev, Artemova (HSE) Sequence-to-sequence models December 2, 2019 1 / 67 Machine translation

970 views • 67 slides
USING SCL TO SIMPLIFY SYSLOG-NG CONFIGURATION Libre Software Meeting 2017 Peter Czanik / Balabit

USING SCL TO SIMPLIFY SYSLOG-NG CONFIGURATION Libre Software Meeting 2017 Peter Czanik / Balabit

USING SCL TO SIMPLIFY SYSLOG-NG CONFIGURATION Libre Software Meeting 2017 Peter Czanik / Balabit SCL syslog-ng configuration library Reusable configuration blocks Hide away complexity of configuration 2 apache-accesslog-parser()

341 views • 7 slides
Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I

Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I

Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I

750 views • 58 slides
Survival analysis techniques for studying cybercrime Tyler Moore Computer Science &

Survival analysis techniques for studying cybercrime Tyler Moore Computer Science &

Notes Survival analysis techniques for studying cybercrime Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX November 1, 2012 Case-control studies for analyzing data Survival analysis Notes Outline Case-control

401 views • 6 slides
CS261N: Internet/Network Security Surveillance Who am I? Computer Science PhD Candidate at UC

CS261N: Internet/Network Security Surveillance Who am I? Computer Science PhD Candidate at UC

CS261N: Internet/Network Security Surveillance Who am I? Computer Science PhD Candidate at UC Berkeley Co-Founder of Bahrain Watch Senior Researcher at Citizen Lab Value Description 0 Not targeted , e.g. spam or financially motivated

1.06k views • 38 slides

More recommend