Skip to content

Latest commit

 

History

History
44 lines (28 loc) · 1.69 KB

README.md

File metadata and controls

44 lines (28 loc) · 1.69 KB

Log collection, big picture:

  • logs are collected via filebeats container running on all openstack nodes.

    • filebeats journald input collects operating system logs
    • filebeats filestream input collects container logs
    • static configuration of filebeats controls routing of message to specific indexes and ingestion pipelines
    • filebeats is responsible for ensuring that log delivery happens at least once and only once (queueing and tracking)
  • filebeats container is deployed on all openstack nodes

    • using ansible nerc-osp-config/playbooks/roles/log_collection
    • pulled form registry.connect.redhat.com
  • Ingestion pipelines are used to parse and process logs into form that is useful for monitoring and investigation

    • spliting out essential properties like timestamp, source, process, facility, severity, body of the message
    • openstack container log formats are varying and custom parsing rules need to be a applied based on it's source
    • removing of useless data: initially collect all data, but after some experience with it, determining what can be discareded safely
  • Presentation of the data collected

    • discovery workflow - dynamic search interface.
    • building custom views that produce daily reports based on logs collected
  • configuration management of elasticsearch/kibana

    • json files in git?
    • scripts to apply via REST?

Ingestion flow:

  • nerc-osp-container-logs

    • initialization and setup of helpful tags
    • redirect to a format sepcific ingestion pipeline
    • handling of ingestion outcome
  • nerc-osp-container-{specific-log}

    • make a record which filters were applied
    • perform log parsing, processing
    • create records of parsing outcomes