Log Parsing - Near Real Time
Dennis Jacobfeuerborn
dennisml at conversis.de
Thu Aug 4 19:17:35 UTC 2011
The problem is that sFlow currently lacks practical Documentation and a
library that can be used to develop agents and collectors.
It took me a while to realize why I couldn't find a collector daemon that I
could set up to use with the sflowtool or sFlowTrend. These tools *are* the
collectors. I would have expected to find some kind of management daemon
akin to the snmp world.
sFlow looks really interesting but it is unnecessarily obscure and the
developer resources could use a face lift and present things in a way that
introduces concepts, term and methodology to new-comers.
Put out a C library with an agent and a collector API and throw the code on
github and you no doubt will see a pickup in interest from developers.
Regards,
Dennis
On 08/04/2011 06:59 PM, Neil Mckee wrote:
> Not sure what you mean about sFlow needing to be open source? Here are
> links to the relevant open-source projects:
>
> http://nginx-sflow-module.googlecode.com
> http://host-sflow.sourceforge.net
> http://www.inmon.com/technology/sflowTools.php
>
> With a more complete "developer resources" description here:
> http://blog.sflow.com/2010/01/developer-resources.html
>
> If you use sflowtool to turn sFlow-HTTP into common-log format at the
> collector, that opens up a whole ecosystem of open-source
> perl/python/bash/PHP tools for the analysis, such as AWStats.
> http://awstats.sourceforge.net/
>
> The sFlow-HTTP feed also sends performance counters every N seconds. I
> don't yet know of an open-source adaptor to feed that into something like
> Nagios, Ganglia or Graphite, but I know there are options to do that with
> the sFlow-HOST performance counters so it shouldn't be hard to add. In
> fact, Ganglia now has native support for the sFlow-HOST counters.
> http://ganglia.info/?p=430
>
> This sFlow-HOST (http://host-sflow.sourceforge.net) part is helpful because
> it provides telemetry on the underlying CPU/mem/disk/network stats in a
> light and scalable way, and supports zero-config (DNS-SD) to make sFlow
> easier to roll out on a large cluster/farm.
>
> Neil
>
>
> On Aug 1, 2011, at 6:09 PM, SplitIce wrote:
>
>> sflow would be great it it was open source and had an easily customizable
>> server (perl/python/bash or PHP)
>>
>> On Tue, Aug 2, 2011 at 5:08 AM, Harold Sinclair <haroldsinclair at gmail.com
>> <mailto:haroldsinclair at gmail.com>> wrote:
>>
>> I cobbled something like this together with open source tools and
>> have been using it on hundreds of servers.. pls contact me offline if
>> you'd like a copy :)
>>
>> -Harold
>>
>>
>> On Mon, Aug 1, 2011 at 2:57 PM, Dennis Jacobfeuerborn
>> <dennisml at conversis.de <mailto:dennisml at conversis.de>> wrote:
>>
>> An alternative is to tail -F (aka. "--follow=name --retry") the
>> log file and pipe the output into a script. This allows you to
>> parse the entries as they come in and rotate the log file as
>> often as you want independently of the parsing script.
>>
>> Regards,
>> Dennis
>>
>> On 08/01/2011 04:57 PM, Randy Parker wrote:
>>
>> My app has a request that opens the log file, fseeks to the
>> end, backs up
>> as many bytes as it takes to get to the size the log file was
>> on the last
>> similar request by that user, and runs a regex over the novel
>> part to get
>> interesting metrics before closing the file. Since this
>> happens less than
>> once per minute, I have not done anything fancy to optimize.
>>
>> - Randy
>>
>> On Mon, Aug 1, 2011 at 10:39 AM, Reinis Rozitis <r at roze.lv
>> <mailto:r at roze.lv>
>> <mailto:r at roze.lv <mailto:r at roze.lv>>> wrote:
>>
>> I'm looking for a near real-time script to parse log files and
>> insert interesting data into a db.
>> Does anyone know of an existing script to do this?
>>
>>
>> You can check/try http://www.splunk.com <http://www.splunk.com/>
>>
>> rr
>>
>>
>> ___________________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> <mailto:nginx at nginx.org <mailto:nginx at nginx.org>>
>> http://mailman.nginx.org/____mailman/listinfo/nginx
>> <http://mailman.nginx.org/__mailman/listinfo/nginx>
>> <http://mailman.nginx.org/__mailman/listinfo/nginx
>> <http://mailman.nginx.org/mailman/listinfo/nginx>>
>>
>>
>>
>>
>> --
>> http://mobiledyne.com <http://mobiledyne.com/>
>>
>>
>> _________________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> http://mailman.nginx.org/__mailman/listinfo/nginx
>> <http://mailman.nginx.org/mailman/listinfo/nginx>
>>
>>
>> _________________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> http://mailman.nginx.org/__mailman/listinfo/nginx
>> <http://mailman.nginx.org/mailman/listinfo/nginx>
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>>
>> --
>> Warez Scene <http://thewarezscene.org/> Free Rapidshare Downloads
>> <http://www.nexusddl.com/>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org <mailto:nginx at nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list