Archive and statistics » History » Version 10
Janez Barbic, 12.12.2010 21:34
1 | 1 | Aleksander Bešir | h1. Archive and statistics |
---|---|---|---|
2 | |||
3 | 6 | Janez Barbic | WIP - trenutno se delam na dokumentu, ne se brat :) |
4 | |||
5 | 2 | Aleksander Bešir | {{toc}} |
6 | |||
7 | 5 | Janez Barbic | TBD - to be discussed |
8 | TODO - to do :) |
||
9 | Tole sem pustil zaenkrat not, da lahko hitro najdem stvari, ki jih moram se dopolnit oziroma jih moramo se predebatirat. V koncni verziji se bom teh kratic znebil in tudi tega komentarja v slovenscini :) |
||
10 | 1 | Aleksander Bešir | |
11 | 6 | Janez Barbic | h2. 1 Basic concept |
12 | 3 | Janez Barbic | |
13 | TODO Zakaj syslog |
||
14 | |||
15 | Eneraptor is designed in a way that it could communicate with any device regardless of its operating system. Syslog, system for logging program messages offers a quick and easy solutions for such communications, because it allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It could refer to syslog protocol (TODO described below), |
||
16 | |||
17 | h3. 1.1 Hardware |
||
18 | 1 | Aleksander Bešir | |
19 | 5 | Janez Barbic | p. We will be using syslog-ng (I will be referring to it as syslog from now on), which has a few advantages over conventional syslog. Syslog daemon will run on proxy server. TBD it will be listening on a certain port for incoming messages from client(s). Our main syslog client will run on FRI-SMS system. |
20 | 1 | Aleksander Bešir | |
21 | 5 | Janez Barbic | Client mode operation: |
22 | |||
23 | 1 | Aleksander Bešir | !https://lusy.fri.uni-lj.si/redmine/attachments/11/client_server_syslog.png! |
24 | |||
25 | 5 | Janez Barbic | p. In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server. Clients can also log the messages locally into files. |
26 | |||
27 | |||
28 | TODO more details on syslog-ng advantages |
||
29 | |||
30 | h3. 1.2 Syslog protocol overview |
||
31 | |||
32 | TBD TCP/IP vs UDP |
||
33 | Message structure |
||
34 | TBD How do we plan to send messages to our daemon, via client (not always possible) or do we generate them ourselves? |
||
35 | TBD Using logfiles vs logging into database |
||
36 | |||
37 | h3. 1.3 Development steps |
||
38 | |||
39 | # Installing and configuring Syslog-ng daemon on proxy |
||
40 | # Installing and configuring Syslog-ng client on FRI-SMS |
||
41 | # TBD Designing Statistical Data Analysis Software to work with data collected by syslog daemon |
||
42 | # TBD Implementing SDA software |
||
43 | 1 | Aleksander Bešir | # TBD Testing? |
44 | 6 | Janez Barbic | |
45 | |||
46 | h2. 2 Installing and configuring syslog-ng daemon on proxy |
||
47 | 7 | Janez Barbic | |
48 | p. Syslog-ng supports wide variety of Operating Systems so we aren't really restricted here. Since our proxy and FRI-SMS both run Linux 2.6 our obvious choce is syslog-ng for Linux. |
||
49 | 9 | Janez Barbic | |
50 | 1 | Aleksander Bešir | h3. 2.1 syslog-ng daemon on proxy |
51 | 9 | Janez Barbic | |
52 | 7 | Janez Barbic | Configuration file location: |
53 | /opt/syslog-ng/etc/syslog-ng.conf |
||
54 | |||
55 | 8 | Janez Barbic | Basic syslog configuration: |
56 | TODO add filters |
||
57 | 7 | Janez Barbic | <pre><code class="ruby"> |
58 | @version: 3.2 |
||
59 | #Default configuration file for syslog-ng. |
||
60 | # |
||
61 | # For a description of syslog-ng configuration file directives, please read |
||
62 | # the syslog-ng Administrator's guide at: |
||
63 | # |
||
64 | # http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html |
||
65 | # |
||
66 | 1 | Aleksander Bešir | |
67 | options { |
||
68 | 8 | Janez Barbic | time_reap(30); |
69 | mark_freq(10); |
||
70 | keep_hostname(yes); |
||
71 | }; |
||
72 | 7 | Janez Barbic | |
73 | ###### |
||
74 | # sources |
||
75 | source s_local { |
||
76 | }; |
||
77 | |||
78 | source s_net { |
||
79 | 8 | Janez Barbic | tcp(ip("SERVER_ADDRESS") port(5140) keep-alive(yes)); |
80 | 7 | Janez Barbic | }; |
81 | |||
82 | ###### |
||
83 | # destinations |
||
84 | 8 | Janez Barbic | # should be able to point syslog to a database here |
85 | 7 | Janez Barbic | destination net_messages { file("/var/log/net_messages"); }; |
86 | |||
87 | log { |
||
88 | source(s_net); |
||
89 | destination(net_messages); |
||
90 | }; |
||
91 | </code></pre> |
||
92 | 6 | Janez Barbic | |
93 | h3. 2.2 syslog-ng client on FRI-SMS |
||
94 | 9 | Janez Barbic | |
95 | Configuration file location: |
||
96 | /opt/syslog-ng/etc/syslog-ng.conf |
||
97 | |||
98 | Basic syslog client configuration: |
||
99 | TODO add filters |
||
100 | |||
101 | <pre><code class="ruby"> |
||
102 | @version: 3.2 |
||
103 | #Default configuration file for syslog-ng. |
||
104 | # |
||
105 | # For a description of syslog-ng configuration file directives, please read |
||
106 | # the syslog-ng Administrator's guide at: |
||
107 | # |
||
108 | # http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html |
||
109 | # |
||
110 | |||
111 | options { |
||
112 | }; |
||
113 | |||
114 | ###### |
||
115 | # sources |
||
116 | source s_local { |
||
117 | # TBD what triggers our messages |
||
118 | # message generated by Syslog-NG |
||
119 | internal(); |
||
120 | # standard Linux log source (this is the default place for the syslog() |
||
121 | # function to send logs to) |
||
122 | unix-stream("/dev/log"); |
||
123 | # messages from the kernel |
||
124 | file("/proc/kmsg" program_override("kernel")); |
||
125 | }; |
||
126 | |||
127 | |||
128 | ###### |
||
129 | # destinations |
||
130 | # local |
||
131 | # destination d_messages { file("/var/log/messages"); }; |
||
132 | # net |
||
133 | destination host { tcp("SERVER_ADDRESS" port(5140)); }; |
||
134 | |||
135 | # logging locally |
||
136 | # log { |
||
137 | # source(s_local); |
||
138 | # destination(d_messages); |
||
139 | #}; |
||
140 | |||
141 | # sending log messages |
||
142 | log { |
||
143 | source(s_local); |
||
144 | destination(host); |
||
145 | }; |
||
146 | </code></pre> |
||
147 | 10 | Janez Barbic | |
148 | h2. Statistical Data Analysis Software |
||
149 | |||
150 | TODO |
||
151 | |||
152 | h2. References |
||
153 | |||
154 | "Syslog protocol, RFC 5424": http://tools.ietf.org/html/rfc5424 |