cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Kinsella <...@stratosec.co>
Subject Re: [DISCUSS] Syslog enhancements
Date Thu, 03 Jan 2013 19:07:50 GMT
So I've been thinking about that a little as well, from the POV of having a messaging/alerting
framework. What sounds ideal to me is a single API for logging/messaging/whatever, which leverages
messaging plugins and a rule file/UI to specify what types of messages go where.  I don't
want security alerts going to "generic" sysadmins. The plugins, then, define anything past
log4j capabilities - SMS, SNMP, Prowl, what have you. (remedy? hehe) 

A proper rules setup could allow escalation, notification windows…I suspect if there were
hooks on the rules side more interesting things could come up...

An argument could be made that an organization's existing monitoring/alerting system should
handle this. Could probably counter it with the more info you supply to that monitoring system,
the better.

I don't want to hijack what Ram's up to if I'm going too far off on a tangent, here… :)

John

On Jan 3, 2013, at 10:42 AM, Chip Childers <chip.childers@sungard.com> wrote:

> I think that Ram and Hari are talking about CloudStack system "events"
> (call this set 1). The log4j conversation is around log messages being
> sent through the logger (call this set 2).
> 
> If we assume that (2) is a superset of (1), then IMO there is no
> reason to do something different from the log4j syslog appender.  On
> the other hand, if there is a portion of set (1) that is not included
> in set (2), then I actually think we have a logging problem to fix.
> 
> On Thu, Jan 3, 2013 at 1:36 PM, John Kinsella <jlk@stratosec.co> wrote:
>> Ram - my coffee's still kicking in, but that's still not clear to me.  Maybe you
could put some sample logs in the wiki? Based off what you have there right now (IP, time
stamp, message type, log level, log message) this comes already from the log4j appender. 
Sample output that I just set up by setting the syslog appender level to DEBUG and setting
up my syslog daemon on the master to accept network traffic ("-r" flag in /etc/sysconfig/syslog
on centos)
>> 
>> Jan  3 12:33:46 localhost.localdomain DEBUG [cloud.alert.ClusterAlertAdapter] (Cluster-Notification-1:)
Receive cluster alert, EventArgs: com.cloud.cluster.ClusterNodeJoinEventArgs
>> 
>> Whether localhost.localdomain is an IP or resolved hostname is based on syslogd/syslog-ng
settings. Happy to write up a wiki on this (probably should anyways) but still trying to figure
out if your plan is to provide more than this...
>> 
>> John
>> 
>> On Jan 3, 2013, at 8:53 AM, Ram Ganesh <Ram.Ganesh@citrix.com> wrote:
>> 
>>> Alex,
>>> 
>>> With this requirement CloudStack will send out events in syslog format. Apart
from sending them in SNMP format(if configured accordingly) and also in email format. Hope
it is clear
>>> 
>>> Thanks,
>>> Ram
>>> 
>>>> -----Original Message-----
>>>> From: Alex Huang [mailto:Alex.Huang@citrix.com]
>>>> Sent: 03 January 2013 00:14
>>>> To: cloudstack-dev@incubator.apache.org
>>>> Cc: Hari Kannan
>>>> Subject: RE: [DISCUSS] Syslog enhancements
>>>> 
>>>> Here's some references for people who don't know log4j and syslog well.
>>>> 
>>>> http://loggly.com/support/sending-data/logging-from/application-
>>>> logs/java/
>>>> 
>>>> Maybe all we need is someone to add this information to our wiki or
>>>> maybe this is only a docs improvement?
>>>> 
>>>> --Alex
>>>> 
>>>>> -----Original Message-----
>>>>> From: Alex Huang [mailto:Alex.Huang@citrix.com]
>>>>> Sent: Wednesday, January 02, 2013 10:39 AM
>>>>> To: cloudstack-dev@incubator.apache.org
>>>>> Cc: Hari Kannan
>>>>> Subject: RE: [DISCUSS] Syslog enhancements
>>>>> 
>>>>> Hari,
>>>>> 
>>>>> I echo John's question here.  I don't see any requirements on the
>>>> wiki that
>>>>> require more than a syslog appender for log4j.  What this means is
>>>> that
>>>>> whatever is logged to our current log file will get sent to syslog.
>>>> That's
>>>>> something someone can configure today on existing releases.  Do you
>>>> have
>>>>> more use cases?  For example, is there anything that should be logged
>>>> to
>>>>> syslogs but not in our logs or vice versa?
>>>>> 
>>>>> --Alex
>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: John Kinsella [mailto:jlk@stratosec.co]
>>>>>> Sent: Wednesday, December 26, 2012 1:53 PM
>>>>>> To: cloudstack-dev@incubator.apache.org
>>>>>> Subject: Re: [DISCUSS] Syslog enhancements
>>>>>> 
>>>>>> (Changed subject as noted by Alex)
>>>>>> 
>>>>>> Question - is this feature something beyond using the syslog
>>>> appender in
>>>>>> log4j?
>>>>>> 
>>>>>> One thing I'd like to see is logs using key-vaue pairs. The closer
>>>> to that we
>>>>> can
>>>>>> get, the easier it is for me to have the logs consumed by a
>>>> separate
>>>>> analytics
>>>>>> package.
>>>>>> 
>>>>>> One nitpick - syslog can be udp or tcp.
>>>>>> 
>>>>>> On Dec 26, 2012, at 11:12 AM, Hari Kannan <hari.kannan@citrix.com>
>>>> wrote:
>>>>>> 
>>>>>>> Hello All,
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> I wish to propose syslog enhancements in CloudStack - I have
>>>> added
>>>>> some
>>>>>> details
>>>>>> 
>>>>> here<https://cwiki.apache.org/confluence/display/CLOUDSTACK/syslog+en
>>>>>> hancements> along with a JIRA ticket 772
>>>>>>> 
>>>>>> 
>>> 
>>> 
>> 
>> Stratosec - Secure Infrastructure as a Service
>> o: 415.315.9385
>> @johnlkinsella
>> 
> 

Stratosec - Secure Infrastructure as a Service
o: 415.315.9385
@johnlkinsella


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message