domando os logs
TRANSCRIPT
![Page 1: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/1.jpg)
Domando os logs
![Page 2: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/2.jpg)
![Page 3: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/3.jpg)
![Page 4: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/4.jpg)
Logs
![Page 5: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/5.jpg)
Logs
• Registros/eventos -> arquivo
![Page 6: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/6.jpg)
Logs
• Registros/eventos -> arquivo stream/fluxo
![Page 7: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/7.jpg)
Múltiplas streams, múltiplas fontes
![Page 8: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/8.jpg)
Centralização• Unifica logs da mesma stream
• Permite correlacionar streams diferentes
• Histórico
• (SSH + tail -f | grep) * 5
• Segurança (+ difícil eliminar rastros)
• Compliance
![Page 9: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/9.jpg)
Como?
![Page 10: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/10.jpg)
Os 3 tipos de log
• Erros/exceções de aplicações
• Logs em geral
• Métricas
![Page 11: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/11.jpg)
MUITAS soluções, a ideal depende do seu
cenário
![Page 12: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/12.jpg)
Log de exceções de aplicações
![Page 13: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/13.jpg)
O que ganho com isso?
• Agrupamento
• Controle de regressão
• Alertas de fábrica
• Contexto
![Page 14: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/14.jpg)
![Page 15: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/15.jpg)
Soluções
• Sentry
• Airbrake (Errbit)
• Ambas OSS + SaaS
![Page 16: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/16.jpg)
Logs em geral
![Page 17: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/17.jpg)
• Coleta
• Processamento
• Armazenagem
• Visualização
![Page 18: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/18.jpg)
Algumas soluções
• Splunk/Graylog
• ELK (Elasticsearch + Logstash* + Kibana)
• SaaS (Papertrail, Loggly, Logentries etc)
![Page 19: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/19.jpg)
Soluções SaaS
• Coleta
• Processamento
• Armazenagem
• Visualização
• mais rápido
• mais simples
• menos flexível
![Page 20: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/20.jpg)
Soluções “em casa”
• Coleta
• Processamento
• Armazenagem
• Visualização
• mais flexível
• mais recursos
• menor custo em larga escala
• maior custo em pequena escala
• leva mais tempo para implantar
![Page 21: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/21.jpg)
Coleta• Syslog: língua comum
• TCP SEMPRE
• Garantia de entrega? Protocolos específicos (RELP, GELF, Lumberjack)
• Coletor próprio de sua solução escolhida
• Logs em JSON?
![Page 22: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/22.jpg)
Processamento
• Logstash/Heka/Fluentd (processadores)
• Graylog/Splunk (soluções completas)
![Page 23: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/23.jpg)
Armazenagem
• BDs: Elasticsearch, MongoDB, PostgreSQL
• Brokers: RabbitMQ, Redis
• Arquivos, S3
![Page 24: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/24.jpg)
Visualização
• Depende dos outros itens
• Elasticsearch: Kibana
• Graylog/Splunk: painéis próprios
![Page 25: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/25.jpg)
Como fica
![Page 26: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/26.jpg)
![Page 27: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/27.jpg)
Combine as ferramentas
![Page 28: Domando os logs](https://reader030.vdocuments.site/reader030/viewer/2022021502/587eec481a28ab17388b6fe7/html5/thumbnails/28.jpg)
Crie ambientes paralelos