http://github/draco2003 ! Lead the Infrastructure Tools Teams - InternalTools : Customers are Employees - DevTools : Customers are Engineers ! Next Monitorama in New England? Boston 2015? I’ll bring reptiles :) !
to map IP to key file in config • Not all SSL ciphers supported, but most are easy to add. • We don't store request or response bodies, but you can… • This is alpha as we improve performance at full volume.
in ! • Wiff keeps track of connections ! • Orders the packets by sequence number ! • Stitches the payloads ! • Decrypting if needed. ! • The stream is then parsed into a response / request pair and sent to Elasticsearch
the processed data somewhere. • Our primary usage is send to Elasticsearch (via RabbitMQ) • Parse the stitched tcpstream into JSON Object of request / response pair. ! • Example reporter for sending to Elasticsearch for Windows/Low volume usage. !
the beginning of the pipeline. ! • Kibana friendly data format • Example/Pre-configured dashboards coming soon. ! • It’s in Elasticsearch, analyze to your hearts content. ! • Alert: • Tattle for Elasticsearch? (that's another talk ;) ) • Whatever you use now for alerting from ES queries.
errors or logs if the load balancer is mis- configured or erroring? (Other than the customer) • Web servers can only log the requests they see. • Web servers can only log the requests they complete. • Apache / Nginx don't write log line on segfault, etc.. • Application can only log requests they complete. • Logging not up high enough when needed? set-cookie anyone?
• a farm of web servers handling requests. • multiple types of web servers handling requests. • appliances handling some portion of requests. • lots of different log formats. ! • Single Pane of glass/Single format of data.