Hi Jacek,
On last Friday, I've talk with CC-IN2P3 monitoring expert, here's a summary:
- Standard de facto is ELK (ElasticSearch, Logstash, Kibana), which is a
splunk-like open-source software. But in2p3 sysadmin recommends to use
syslog-ng instead of LogStash, because it is ten times faster and it can
support high load.
- Good practive is to produce structured log (i.e. JSON format for
example). This allows not to write/maintain fragile and complex log
parsing ruels (which may break each time a developer change a log
message). JSON key are not normalized yet, but splunk format can be
used: http://docs.splunk.com/Documentation/CIM/latest/User/Overview
Task to do:
- add a JSON appender to Qserv(/xrootd?) logger
- install/configure a virtual machine ccqserv-mon with ElasticSearch and
Kibana,
- install/configure syslog-ng on all cc-in2p3 Qserv cluster
Shall we create new tickets in epic DM-1823 (Design and implement
monitoring tool for Qserv)?
Cheers,
Fabrice
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the QSERV-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=QSERV-L&A=1
|