SlideShare a Scribd company logo

OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers

NETWAYS
NETWAYS

Until recently, sending logs to Graylog without using Syslog or any third party program was a bit cumbersome. This has changed since version 1.1. Graylog now has its own log collector which is tightly integrated with the Graylog server and web interface to simplify the management of log shippers. The Graylog collector runs on several operating systems including Linux, Windows, Mac OS and AIX. It makes it easy to send data like Apache access logs or Windows event logs to Graylog without the need of any third party tools. In this talk I will introduce the Graylog collector and show how to install and configure it on Linux and Windows. I will also show how to extract structured data from those logs and an example integration with the Icinga monitoring system to alert on critical events.

Technology
1 of 44
Download to read offline
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Monitoring Linux and Windows Logs with Graylog Collector Bernd Ahlers Graylog, Inc.
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Logging & Introduction to Graylog Collector Bernd Ahlers Graylog, Inc.
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog ● Open source log management platform ● Collect, index and analyze structured and unstructured log data ● Alerts based on log data ● Extensible via custom plugins
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com More about Graylog ● www.graylog.org ● marketplace.graylog.org ● docs.graylog.org ● github.com/Graylog2
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why are we writing logs? ● Getting insight & collecting business metrics ● Debugging problems ● Building an audit trail ● Monitoring
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How do we access our logs? ● Applications write to local files ● SSH into machines ● tail, grep, awk ● If lucky: central log management
Bernd Ahlers – Graylog, Inc. bernd@graylog.com What do they look like? ● Syslog RFC 3164 (BSD) ● Syslog RFC 5424
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 3164 (BSD) Nov 10 15:55:01 tumbler CRON[2684]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Apache 127.0.0.1 - bernd [28/Dec/2014:06:43:15 +0100] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 910 "-" "Mozilla/5.0 (Linux) mirall/1.7.1"
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Postfix Aug 5 17:05:26 hostname postfix/qmgr[308]: A44F828C71: from=<bamm@example.com>, size=153136, nrcpt=1 (queue active)
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Squid sq18.wikimedia.org 1715898 2010-12- 01T21:57:22.331 0 1.2.3.4 TCP_MEM_HIT/200 13208 GET http://en.wikipedia.org/wiki/Main_Page NONE/- text/html - - Mozilla/4.0%20(compatible;%20MSIE %206.0;%20Windows%20NT%205.1;%20.NET%20CLR %201.1.4322) en-US -
Bernd Ahlers – Graylog, Inc. bernd@graylog.com log4j 0 [main] INFO MyApp - Entering application. 36 [main] DEBUG com.foo.Bar - Did it again! 51 [main] INFO MyApp - Exiting application.
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Ruby Logger I, [2015-11-18T00:16:27.723972 #3609] INFO -- : Hello world!
Bernd Ahlers – Graylog, Inc. bernd@graylog.com #1 Problem: Timestamps ● Everyone likes to invent one ● Missing most of the time: timezone, year
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to get value out of unstructured logs? ● Regex ● More regex ● Even more regex
Bernd Ahlers – Graylog, Inc. bernd@graylog.com ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(: [0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}) {1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1- 9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((: [0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0- 4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f] {1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1- 9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f] {1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0- 5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)) {3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A- Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f] {1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:)))(%.+)?
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Grok IPV6 ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9... USERNAME [a-zA-Z0-9._-]+ USER %{USERNAME} HOSTNAME b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A-Za-z][0-9A- Za-z-]{0,62}))*(.?|b) EMAILLOCALPART [a-zA-Z][a-zA-Z0-9_.+-=:]+ EMAILADDRESS %{EMAILLOCALPART}@%{HOSTNAME} ... COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Graylog: Extractors ● Regular expressions based ● Extracts data into message fields
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to fix this? ● Central log collection (Graylog, ELK, others) ● Use structured log formats – Structured Syslog RFC 5424 – CEF Format – GELF – JSON
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
Bernd Ahlers – Graylog, Inc. bernd@graylog.com CEF by ArcSight/HP Sep 19 08:26:10 host CEF:0|HP|siem| 1.0|100|service successfully stopped|10| src=10.0.0.1 dst=2.1.2.2 spt=1232
Bernd Ahlers – Graylog, Inc. bernd@graylog.com GELF { "version": "1.1", "timestamp": 1385053862.3072, "host": "example.org", "short_message": "A short message", "full_message": "Backtrace herennmore stuff", "level": 1, "_user_id": 9001, "_some_info": "foo", "_some_env_var": "bar"}
Bernd Ahlers – Graylog, Inc. bernd@graylog.com JSON { "source": "example.org", "message": "A log message", "timestamp": "2015-11-15T10:43:21Z", "user_id": 9001, "http_method": "GET"}
Bernd Ahlers – Graylog, Inc. bernd@graylog.com How we try to improve the ecosystem ● Icinga2 GELF output for events ● Docker GELF logging driver (since Docker 1.8) ● apache-mod_log_gelf (beta) ● log4j2-gelf ● gelfclient Java library ● svloggelfd (log forwarding for runit)
Bernd Ahlers – Graylog, Inc. bernd@graylog.com We at Graylog <3 structured data and you should too!
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog Collector ● Reads local log files and ships them to Graylog ● Windows EventLog support (limited for now) ● Transport encryption via TLS ● Runs on Linux, Windows, Mac OS X and AIX
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why another Collector? ● There are lots of others: nxlog, fluentd, heka, filebeat, rsyslog, syslog-ng ● We want integration and centralized management of collectors in Graylog
Bernd Ahlers – Graylog, Inc. bernd@graylog.com
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Installation ● OS packages for Linux distributions ● Manual installation on Windows via ZIP file (MSI upcoming) Runs as Windows service
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Configuration server-url = "http://your-graylog-server:12900" inputs { windows-application-log { type = "windows-eventlog" source-name = "Application" } } outputs { gelf-tcp { type = "gelf" host = "your-graylog-server" port = 12201 } }
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector: Current State ● Windows EventLog support needs update to support new Windows APIs ● File reading needs improvement ● Centralized management needs to be implemented ● :-(
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Tomorrow: Hackathon
Bernd Ahlers – Graylog, Inc. bernd@graylog.com Thank you! Thank you for your time!
Bernd Ahlers – Graylog, Inc. bernd@graylog.com QA Ask me anything! Bernd Ahlers / Graylog, Inc. bernd@graylog.com @berndahlers www.graylog.org github.com/Graylog2

Recommended

NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要Taro Hagiya
 
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperOSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperNETWAYS
 
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterOSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterNETWAYS
 
OSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinOSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinNETWAYS
 
OSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonOSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonNETWAYS
 
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...NETWAYS
 
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationOSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationNETWAYS
 
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderOSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderNETWAYS
 

Recommended

NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要NeuLion IBC2017 展示概要
NeuLion IBC2017 展示概要Taro Hagiya
 
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperOSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang Alper
OSMC 2015: Zabbix 3.0. The Simple, the Powerful and the Shiny by Wolfgang AlperNETWAYS
 
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterOSMC 2015: Collectd Thresholds Plugin and Icinga by Florian Forster
OSMC 2015: Collectd Thresholds Plugin and Icinga by Florian ForsterNETWAYS
 
OSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinOSMC 2015: NSClient++: A brief Introduction by Michael Medin
OSMC 2015: NSClient++: A brief Introduction by Michael MedinNETWAYS
 
OSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonOSMC 2015: The Assimilation Project by Alan Robertson
OSMC 2015: The Assimilation Project by Alan RobertsonNETWAYS
 
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...
OSDC 2015: Martin Gerhard Loschwitz - Kristian Köhntopp | 45 Minutes of OpenS...NETWAYS
 
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationOSDC 2015: James Fryman | DevOps Next Steps: Event Driven Operation
OSDC 2015: James Fryman | DevOps Next Steps: Event Driven OperationNETWAYS
 
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderOSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de Vylder
OSMC 2015:The road to lazy monitoring with Icinga 2 and Puppet by Tom de VylderNETWAYS
 
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzOSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzNETWAYS
 
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardOSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardNETWAYS
 
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaOSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaNETWAYS
 
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensOSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensNETWAYS
 
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...NETWAYS
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatNETWAYS
 
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogOSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogNETWAYS
 
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmOSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmNETWAYS
 
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...NETWAYS
 
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynotePuppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynoteNETWAYS
 
Working in and with Open Source Communities
Working in and with Open Source CommunitiesWorking in and with Open Source Communities
Working in and with Open Source CommunitiesNETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...NETWAYS
 
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...NETWAYS
 
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...NETWAYS
 
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...NETWAYS
 
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) NETWAYS
 
OSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemOSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemNETWAYS
 
Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngPeter Czanik
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 

More Related Content

Viewers also liked

OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzOSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzNETWAYS
 
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardOSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardNETWAYS
 
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaOSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaNETWAYS
 
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensOSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensNETWAYS
 
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...NETWAYS
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatNETWAYS
 
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogOSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogNETWAYS
 
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmOSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmNETWAYS
 
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...NETWAYS
 
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynotePuppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynoteNETWAYS
 
Working in and with Open Source Communities
Working in and with Open Source CommunitiesWorking in and with Open Source Communities
Working in and with Open Source CommunitiesNETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...NETWAYS
 
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...NETWAYS
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekNETWAYS
 
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...NETWAYS
 
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...NETWAYS
 
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...NETWAYS
 
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) NETWAYS
 
OSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemOSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemNETWAYS
 

Viewers also liked (20)

OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian ReinartzOSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
OSMC 2015: Prometheus: A Next-Generation Monitoring System by Fabian Reinartz
 
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel ÖdegaardOSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
OSMC 2015: Grafana and Future of Metrics Visualization by Torkel Ödegaard
 
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen VignaOSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
OSMC 2015: End to End Monitoring mit Alyvix-Jürgen Vigna
 
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet MensOSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
OSMC 2015: MQTT it´s also for monitoring by Jan-Piet Mens
 
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
OSMC 2015: Monitor Open stack environments from the bottom up and front to ba...
 
OSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas BhagatOSMC 2015: Testing in Production by Devdas Bhagat
OSMC 2015: Testing in Production by Devdas Bhagat
 
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus BalogOSMC 2015: What's Happening with OpenNMS? by Tarus Balog
OSMC 2015: What's Happening with OpenNMS? by Tarus Balog
 
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin ParmOSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
OSMC 2015: Monitoring at Spotify-When things go ping in the night by Martin Parm
 
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
OSMC 2014: Processing millions of logs with Logstash and integrating with Ela...
 
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet KeynotePuppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
Puppet Camp Berlin 2015: Nigel Kersten | Puppet Keynote
 
Working in and with Open Source Communities
Working in and with Open Source CommunitiesWorking in and with Open Source Communities
Working in and with Open Source Communities
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
OpenNebula Conf 2014 | Lightning talk: OpenNebula Puppet Module - Norman Mess...
 
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
OpenNebula Conf 2014 | Practical experiences with OpenNebula for cloudifying ...
 
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
OpenNebula Conf 2014 | Lightning talk: A brief introduction to Cloud Catalyst...
 
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan HoracekOpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
OpenNebula Conf 2014 | Lightning talk: OpenNebula at Etnetera by Jan Horacek
 
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
OSBConf 2015 | Backups with rdiff backup and rsnapshot by christoph mitasch &...
 
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
OSBConf 2015 | Backup vmware snapshots with bareos by philipp storz &amp; ste...
 
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
OSBConf 2015 | Contemporary and cost efficient backups to to tape by josef we...
 
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016) Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
Icinga 2: Einrichten von Notifications (Webinar vom 21. Januar 2016)
 
OSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage SystemOSDC 2015: John Spray | The Ceph Storage System
OSDC 2015: John Spray | The Ceph Storage System
 

Similar to OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers

Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngPeter Czanik
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logsJeremy Cook
 
syslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionsyslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionBalaBit
 
Mesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим ШовкоплясMesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим ШовкоплясSigma Software
 
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?NETWAYS
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngPeter Czanik
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGAll Things Open
 
CDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPSCDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPSSaúl Ibarra Corretgé
 
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...BalaBit
 
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...Guy Eschemann
 
Getting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitGetting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitSulamita Garcia
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...NETWAYS
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logsSmartLogic
 
Fuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP SeasidesFuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP SeasidesOWASPSeasides
 
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORINGEko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORINGPablo Garbossa
 

Similar to OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers (20)

Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ng
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Turbo charge your logs
Turbo charge your logsTurbo charge your logs
Turbo charge your logs
 
Graylog
GraylogGraylog
Graylog
 
syslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extractionsyslog-ng: from log collection to processing and information extraction
syslog-ng: from log collection to processing and information extraction
 
Mesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим ШовкоплясMesa and Its Debugging, Вадим Шовкопляс
Mesa and Its Debugging, Вадим Шовкопляс
 
GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018GrayLog for Java developers FOSDEM 2018
GrayLog for Java developers FOSDEM 2018
 
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
OSDC 2015: Bernd Ahlers | What is your configuration management system doing?
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NG
 
CDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPSCDRTool: CDR mediation and rating engine for OpenSIPS
CDRTool: CDR mediation and rating engine for OpenSIPS
 
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...
 
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
airhdl -- A Web-Based Register File Generator for Xilinx ZYNQ, MicroBlaze, an...
 
Getting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer KitGetting started with Intel IoT Developer Kit
Getting started with Intel IoT Developer Kit
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdf
 
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
OSDC 2016 - Bareos Backup Integration with Standard Open Source Tools by Maik...
 
OpenSIPS Workshop
OpenSIPS WorkshopOpenSIPS Workshop
OpenSIPS Workshop
 
Logstash: Get to know your logs
Logstash: Get to know your logsLogstash: Get to know your logs
Logstash: Get to know your logs
 
Fuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP SeasidesFuzzing softwares for bugs - OWASP Seasides
Fuzzing softwares for bugs - OWASP Seasides
 
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORINGEko10 workshop - OPEN SOURCE DATABASE MONITORING
Eko10 workshop - OPEN SOURCE DATABASE MONITORING
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

OSMC 2015: Monitoring Linux and Windows Logs with the Graylog Collector byBernd Ahlers

  • 1. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Monitoring Linux and Windows Logs with Graylog Collector Bernd Ahlers Graylog, Inc.
  • 2. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Logging & Introduction to Graylog Collector Bernd Ahlers Graylog, Inc.
  • 3. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog ● Open source log management platform ● Collect, index and analyze structured and unstructured log data ● Alerts based on log data ● Extensible via custom plugins
  • 4. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 5. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 6. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 7. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 8. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 9. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 10. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 11. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 12. Bernd Ahlers – Graylog, Inc. bernd@graylog.com More about Graylog ● www.graylog.org ● marketplace.graylog.org ● docs.graylog.org ● github.com/Graylog2
  • 13. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why are we writing logs? ● Getting insight & collecting business metrics ● Debugging problems ● Building an audit trail ● Monitoring
  • 14. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How do we access our logs? ● Applications write to local files ● SSH into machines ● tail, grep, awk ● If lucky: central log management
  • 15. Bernd Ahlers – Graylog, Inc. bernd@graylog.com What do they look like? ● Syslog RFC 3164 (BSD) ● Syslog RFC 5424
  • 16. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 3164 (BSD) Nov 10 15:55:01 tumbler CRON[2684]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
  • 17. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
  • 18. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Apache 127.0.0.1 - bernd [28/Dec/2014:06:43:15 +0100] "PROPFIND /remote.php/webdav/ HTTP/1.1" 207 910 "-" "Mozilla/5.0 (Linux) mirall/1.7.1"
  • 19. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Postfix Aug 5 17:05:26 hostname postfix/qmgr[308]: A44F828C71: from=<bamm@example.com>, size=153136, nrcpt=1 (queue active)
  • 20. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Squid sq18.wikimedia.org 1715898 2010-12- 01T21:57:22.331 0 1.2.3.4 TCP_MEM_HIT/200 13208 GET http://en.wikipedia.org/wiki/Main_Page NONE/- text/html - - Mozilla/4.0%20(compatible;%20MSIE %206.0;%20Windows%20NT%205.1;%20.NET%20CLR %201.1.4322) en-US -
  • 21. Bernd Ahlers – Graylog, Inc. bernd@graylog.com log4j 0 [main] INFO MyApp - Entering application. 36 [main] DEBUG com.foo.Bar - Did it again! 51 [main] INFO MyApp - Exiting application.
  • 22. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Ruby Logger I, [2015-11-18T00:16:27.723972 #3609] INFO -- : Hello world!
  • 23. Bernd Ahlers – Graylog, Inc. bernd@graylog.com #1 Problem: Timestamps ● Everyone likes to invent one ● Missing most of the time: timezone, year
  • 24. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to get value out of unstructured logs? ● Regex ● More regex ● Even more regex
  • 25. Bernd Ahlers – Graylog, Inc. bernd@graylog.com ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(: [0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}) {1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1- 9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((: [0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0- 4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f] {1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1- 9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f] {1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0- 5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)) {3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A- Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f] {1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d| 1dd|[1-9]?d)){3}))|:)))(%.+)?
  • 26. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Grok IPV6 ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9... USERNAME [a-zA-Z0-9._-]+ USER %{USERNAME} HOSTNAME b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A-Za-z][0-9A- Za-z-]{0,62}))*(.?|b) EMAILLOCALPART [a-zA-Z][a-zA-Z0-9_.+-=:]+ EMAILADDRESS %{EMAILLOCALPART}@%{HOSTNAME} ... COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
  • 27. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Graylog: Extractors ● Regular expressions based ● Extracts data into message fields
  • 28. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 29. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How to fix this? ● Central log collection (Graylog, ELK, others) ● Use structured log formats – Structured Syslog RFC 5424 – CEF Format – GELF – JSON
  • 30. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Structured Syslog RFC 5424 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] BOMAn application event log entry...
  • 31. Bernd Ahlers – Graylog, Inc. bernd@graylog.com CEF by ArcSight/HP Sep 19 08:26:10 host CEF:0|HP|siem| 1.0|100|service successfully stopped|10| src=10.0.0.1 dst=2.1.2.2 spt=1232
  • 32. Bernd Ahlers – Graylog, Inc. bernd@graylog.com GELF { "version": "1.1", "timestamp": 1385053862.3072, "host": "example.org", "short_message": "A short message", "full_message": "Backtrace herennmore stuff", "level": 1, "_user_id": 9001, "_some_info": "foo", "_some_env_var": "bar"}
  • 33. Bernd Ahlers – Graylog, Inc. bernd@graylog.com JSON { "source": "example.org", "message": "A log message", "timestamp": "2015-11-15T10:43:21Z", "user_id": 9001, "http_method": "GET"}
  • 34. Bernd Ahlers – Graylog, Inc. bernd@graylog.com How we try to improve the ecosystem ● Icinga2 GELF output for events ● Docker GELF logging driver (since Docker 1.8) ● apache-mod_log_gelf (beta) ● log4j2-gelf ● gelfclient Java library ● svloggelfd (log forwarding for runit)
  • 35. Bernd Ahlers – Graylog, Inc. bernd@graylog.com We at Graylog <3 structured data and you should too!
  • 36. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Introduction: Graylog Collector ● Reads local log files and ships them to Graylog ● Windows EventLog support (limited for now) ● Transport encryption via TLS ● Runs on Linux, Windows, Mac OS X and AIX
  • 37. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Why another Collector? ● There are lots of others: nxlog, fluentd, heka, filebeat, rsyslog, syslog-ng ● We want integration and centralized management of collectors in Graylog
  • 38. Bernd Ahlers – Graylog, Inc. bernd@graylog.com
  • 39. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Installation ● OS packages for Linux distributions ● Manual installation on Windows via ZIP file (MSI upcoming) Runs as Windows service
  • 40. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector Configuration server-url = "http://your-graylog-server:12900" inputs { windows-application-log { type = "windows-eventlog" source-name = "Application" } } outputs { gelf-tcp { type = "gelf" host = "your-graylog-server" port = 12201 } }
  • 41. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Collector: Current State ● Windows EventLog support needs update to support new Windows APIs ● File reading needs improvement ● Centralized management needs to be implemented ● :-(
  • 42. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Tomorrow: Hackathon
  • 43. Bernd Ahlers – Graylog, Inc. bernd@graylog.com Thank you! Thank you for your time!
  • 44. Bernd Ahlers – Graylog, Inc. bernd@graylog.com QA Ask me anything! Bernd Ahlers / Graylog, Inc. bernd@graylog.com @berndahlers www.graylog.org github.com/Graylog2