Project

General

Profile

Archive and statistics » History » Version 10

Janez Barbic, 12.12.2010 21:34

1 1 Aleksander Bešir
h1. Archive and statistics
2
3 6 Janez Barbic
WIP - trenutno se delam na dokumentu, ne se brat :)
4
5 2 Aleksander Bešir
{{toc}}
6
7 5 Janez Barbic
TBD - to be discussed
8
TODO - to do :)
9
Tole sem pustil zaenkrat not, da lahko hitro najdem stvari, ki jih moram se dopolnit oziroma jih moramo se predebatirat. V koncni verziji se bom teh kratic znebil in tudi tega komentarja v slovenscini :)
10 1 Aleksander Bešir
11 6 Janez Barbic
h2. 1 Basic concept
12 3 Janez Barbic
13
TODO Zakaj syslog
14
15
Eneraptor is designed in a way that it could communicate with any device regardless of its operating system. Syslog, system for logging program messages offers a quick and easy solutions for such communications, because it allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It could refer to syslog protocol (TODO described below), 
16
17
h3. 1.1 Hardware
18 1 Aleksander Bešir
19 5 Janez Barbic
p. We will be using syslog-ng (I will be referring to it as syslog from now on), which has a few advantages over conventional syslog. Syslog daemon will run on proxy server. TBD it will be listening on a certain port for incoming messages from client(s). Our main syslog client will run on FRI-SMS system.
20 1 Aleksander Bešir
21 5 Janez Barbic
Client mode operation:
22
23 1 Aleksander Bešir
!https://lusy.fri.uni-lj.si/redmine/attachments/11/client_server_syslog.png!
24
25 5 Janez Barbic
p. In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server. Clients can also log the messages locally into files.
26
27
28
TODO more details on syslog-ng advantages
29
30
h3. 1.2 Syslog protocol overview
31
32
TBD TCP/IP vs UDP
33
Message structure
34
TBD How do we plan to send messages to our daemon, via client (not always possible) or do we generate them ourselves?
35
TBD Using logfiles vs logging into database
36
37
h3. 1.3 Development steps
38
39
# Installing and configuring Syslog-ng daemon on proxy
40
# Installing and configuring Syslog-ng client on FRI-SMS
41
# TBD Designing Statistical Data Analysis Software to work with data collected by syslog daemon
42
# TBD Implementing SDA software
43 1 Aleksander Bešir
# TBD Testing?
44 6 Janez Barbic
45
46
h2. 2 Installing and configuring syslog-ng daemon on proxy
47 7 Janez Barbic
48
p. Syslog-ng supports wide variety of Operating Systems so we aren't really restricted here. Since our proxy and FRI-SMS both run Linux 2.6 our obvious choce is syslog-ng for Linux.
49 9 Janez Barbic
50 1 Aleksander Bešir
h3. 2.1 syslog-ng daemon on proxy
51 9 Janez Barbic
52 7 Janez Barbic
Configuration file location:
53
/opt/syslog-ng/etc/syslog-ng.conf
54
55 8 Janez Barbic
Basic syslog configuration:
56
TODO add filters
57 7 Janez Barbic
<pre><code class="ruby">
58
@version: 3.2
59
#Default configuration file for syslog-ng.
60
#
61
# For a description of syslog-ng configuration file directives, please read
62
# the syslog-ng Administrator's guide at:
63
#
64
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
65
#
66 1 Aleksander Bešir
67
options {
68 8 Janez Barbic
   time_reap(30);
69
   mark_freq(10);
70
   keep_hostname(yes);
71
};
72 7 Janez Barbic
73
######
74
# sources
75
source s_local {
76
};
77
78
source s_net {
79 8 Janez Barbic
   tcp(ip("SERVER_ADDRESS") port(5140) keep-alive(yes)); 
80 7 Janez Barbic
};
81
82
######
83
# destinations
84 8 Janez Barbic
# should be able to point syslog to a database here
85 7 Janez Barbic
destination net_messages { file("/var/log/net_messages"); };
86
87
log {
88
source(s_net);
89
destination(net_messages);
90
};
91
</code></pre>
92 6 Janez Barbic
93
h3. 2.2 syslog-ng client on FRI-SMS
94 9 Janez Barbic
95
Configuration file location:
96
/opt/syslog-ng/etc/syslog-ng.conf
97
98
Basic syslog client configuration:
99
TODO add filters
100
101
<pre><code class="ruby">
102
@version: 3.2
103
#Default configuration file for syslog-ng.
104
#
105
# For a description of syslog-ng configuration file directives, please read
106
# the syslog-ng Administrator's guide at:
107
#
108
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html
109
#
110
111
options {
112
};
113
114
######
115
# sources
116
source s_local {
117
   # TBD what triggers our messages
118
   # message generated by Syslog-NG
119
   internal();
120
   # standard Linux log source (this is the default place for the syslog()
121
   # function to send logs to)
122
   unix-stream("/dev/log");
123
   # messages from the kernel
124
   file("/proc/kmsg" program_override("kernel"));
125
};
126
127
128
######
129
# destinations
130
# local
131
# destination d_messages { file("/var/log/messages"); };
132
# net
133
destination host { tcp("SERVER_ADDRESS" port(5140)); };
134
135
# logging locally
136
# log {
137
#   source(s_local);
138
#   destination(d_messages);
139
#};
140
141
# sending log messages
142
log {
143
   source(s_local);
144
   destination(host);
145
};
146
</code></pre>
147 10 Janez Barbic
148
h2. Statistical Data Analysis Software
149
150
TODO
151
152
h2. References
153
154
"Syslog protocol, RFC 5424": http://tools.ietf.org/html/rfc5424