Ram and Hari, I continue to have trouble with this feature. What I'm used to seeing in syslogs are not the things that are being described here. They're usually some log level of an application. If there are system events that are not logged to our own logs, why not log them to our own logs and use the log4j syslogappender to filter them and send them to syslog. Why write something else?
Do you have any use cases where system events should not be logged into CloudStack's logs? --Alex > -----Original Message----- > From: Ram Ganesh [mailto:[email protected]] > Sent: Tuesday, January 08, 2013 7:46 AM > To: [email protected] > Subject: RE: [DISCUSS] Syslog enhancements > > > -----Original Message----- > > From: Chip Childers [mailto:[email protected]] > > Sent: 04 January 2013 00:13 > > To: [email protected] > > Subject: Re: [DISCUSS] Syslog enhancements > > > > I think that Ram and Hari are talking about CloudStack system "events" > > (call this set 1). The log4j conversation is around log messages being > > sent through the logger (call this set 2). > > > > If we assume that (2) is a superset of (1), then IMO there is no > > reason to do something different from the log4j syslog appender. On > > the other hand, if there is a portion of set (1) that is not included > > in set (2), then I actually think we have a logging problem to fix. > > Sorry for getting back late on this. The intent of this enhancement is to send > out system events in multiple(configured) formats. SNMP and Syslogs are > two formats. Users can choose the format of their interest based on their > existing element management infrastructure. Currently in CloudStack I guess > not all system events are logged into the log file. > > > > > > On Thu, Jan 3, 2013 at 1:36 PM, John Kinsella <[email protected]> wrote: > > > Ram - my coffee's still kicking in, but that's still not clear to me. > > Maybe you could put some sample logs in the wiki? Based off what you > > have there right now (IP, time stamp, message type, log level, log > > message) this comes already from the log4j appender. Sample output > > that I just set up by setting the syslog appender level to DEBUG and > > setting up my syslog daemon on the master to accept network traffic ("- > > r" flag in /etc/sysconfig/syslog on centos) > > > > > > Jan 3 12:33:46 localhost.localdomain DEBUG > > [cloud.alert.ClusterAlertAdapter] (Cluster-Notification-1:) Receive > > cluster alert, EventArgs: com.cloud.cluster.ClusterNodeJoinEventArgs > > > > > > Whether localhost.localdomain is an IP or resolved hostname is based > > on syslogd/syslog-ng settings. Happy to write up a wiki on this > > (probably should anyways) but still trying to figure out if your plan > > is to provide more than this... > > > > > > John > > > > > > On Jan 3, 2013, at 8:53 AM, Ram Ganesh <[email protected]> > wrote: > > > > > >> Alex, > > >> > > >> With this requirement CloudStack will send out events in syslog > > format. Apart from sending them in SNMP format(if configured > > accordingly) and also in email format. Hope it is clear > > >> > > >> Thanks, > > >> Ram > > >> > > >>> -----Original Message----- > > >>> From: Alex Huang [mailto:[email protected]] > > >>> Sent: 03 January 2013 00:14 > > >>> To: [email protected] > > >>> Cc: Hari Kannan > > >>> Subject: RE: [DISCUSS] Syslog enhancements > > >>> > > >>> Here's some references for people who don't know log4j and syslog > > well. > > >>> > > >>> http://loggly.com/support/sending-data/logging-from/application- > > >>> logs/java/ > > >>> > > >>> Maybe all we need is someone to add this information to our wiki or > > >>> maybe this is only a docs improvement? > > >>> > > >>> --Alex > > >>> > > >>>> -----Original Message----- > > >>>> From: Alex Huang [mailto:[email protected]] > > >>>> Sent: Wednesday, January 02, 2013 10:39 AM > > >>>> To: [email protected] > > >>>> Cc: Hari Kannan > > >>>> Subject: RE: [DISCUSS] Syslog enhancements > > >>>> > > >>>> Hari, > > >>>> > > >>>> I echo John's question here. I don't see any requirements on the > > >>> wiki that > > >>>> require more than a syslog appender for log4j. What this means is > > >>> that > > >>>> whatever is logged to our current log file will get sent to > > syslog. > > >>> That's > > >>>> something someone can configure today on existing releases. Do > > you > > >>> have > > >>>> more use cases? For example, is there anything that should be > > logged > > >>> to > > >>>> syslogs but not in our logs or vice versa? > > >>>> > > >>>> --Alex > > >>>> > > >>>>> -----Original Message----- > > >>>>> From: John Kinsella [mailto:[email protected]] > > >>>>> Sent: Wednesday, December 26, 2012 1:53 PM > > >>>>> To: [email protected] > > >>>>> Subject: Re: [DISCUSS] Syslog enhancements > > >>>>> > > >>>>> (Changed subject as noted by Alex) > > >>>>> > > >>>>> Question - is this feature something beyond using the syslog > > >>> appender in > > >>>>> log4j? > > >>>>> > > >>>>> One thing I'd like to see is logs using key-vaue pairs. The > > closer > > >>> to that we > > >>>> can > > >>>>> get, the easier it is for me to have the logs consumed by a > > >>> separate > > >>>> analytics > > >>>>> package. > > >>>>> > > >>>>> One nitpick - syslog can be udp or tcp. > > >>>>> > > >>>>> On Dec 26, 2012, at 11:12 AM, Hari Kannan > > <[email protected]> > > >>> wrote: > > >>>>> > > >>>>>> Hello All, > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> I wish to propose syslog enhancements in CloudStack - I have > > >>> added > > >>>> some > > >>>>> details > > >>>>> > > >>>> > > > here<https://cwiki.apache.org/confluence/display/CLOUDSTACK/syslog+en > > >>>>> hancements> along with a JIRA ticket 772 > > >>>>>> > > >>>>> > > >> > > >> > > > > > > Stratosec - Secure Infrastructure as a Service > > > o: 415.315.9385 > > > @johnlkinsella > > >
