Log collection using the Elastic Stack at Education Services Australia

Transcript

1. Log Collection Using The Elastic Stack https://www.linkedin.com/in/bensoncslim http://pugnusferreus.github.io @pugnusferreus Benson

   Lim Software Developer at Education Services Australia

2. Who are we? https://www.scootle.edu.au/ https://sso.esa.edu.au

3. Back in the good ol' days • Figure out which

   server that the exception occurs. • Look for the logs (based on the date) • Analyse the logs.

4. Downsides • Takes forever to find the error trace (if

   any) • Not centralised • Only the techies know how to do this • Hard to monitor and especially hard to see how often a particular error may be occurring

5. App Server File Beat Elasticsearch Kibana Audit Table from Postgres

   Log File Overview of our Logging Architecture Logstash

6. Overview of our Logging Architecture App Server File Beat Elasticsearch

   Kibana Audit Table from Postgres Log File Logstash Log Retrieval

7. Overview of our Logging Architecture App Server File Beat Elasticsearch

   Kibana Audit Table from Postgres Log File Logstash Processing

8. Overview of our Logging Architecture App Server File Beat Elasticsearch

   Kibana Audit Table from Postgres Log File Logstash Storage

9. Overview of our Logging Architecture App Server File Beat Elasticsearch

   Kibana Audit Table from Postgres Log File Logstash View

10. • https://www.elastic.co/guide/en/elasticsearch/client/curator/current/installation.html • https://www.elastic.co/guide/en/elasticsearch/client/curator/current/command- line.html Use Curator to purge old

    logs curator --host 127.0.0.1 delete indices --older-than 30 --time-unit days --timestring '%Y. %m.%d' --exclude '.*loginaudit-.*'

11. Demo

12. Post implementation • Reduce the time needed to debug •

    Ability to see how often an event occurs (with the right logging) • Non techies could use it • Very modular. Any app can join in • No longer need to tail the log during post deployment • Could potentially re-use Elasticsearch for other areas (user authentication, content searching, reporting)

13. References • https://www.elastic.co/guide/index.html • http://pugnusferreus.github.io/blog/2016/01/03/integrating- logstash-with-your-java-application/ • https://www.digitalocean.com/community/tutorials/how-to-install- elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04 (

    slightly outdated, but has good reference for setting up Nginx ) • https://www.elastic.co/guide/en/elasticsearch/client/curator/ current/installation.html • https://www.elastic.co/guide/en/elasticsearch/client/curator/ current/command-line.html

14. Questions? https://www.linkedin.com/in/bensoncslim http://pugnusferreus.github.io @pugnusferreus