> -----Original Message-----
> From: Alex Huang [mailto:[email protected]]
> Sent: 08 January 2013 22:10
> To: [email protected]
> Subject: RE: [DISCUSS] Syslog enhancements
>
> Ram and Hari,
>
> I continue to have trouble with this feature. What I'm used to seeing
> in syslogs are not the things that are being described here. They're
> usually some log level of an application. If there are system events
> that are not logged to our own logs, why not log them to our own logs
> and use the log4j syslogappender to filter them and send them to
> syslog. Why write something else?
>
> Do you have any use cases where system events should not be logged into
> CloudStack's logs?
I do not think so. I think it is just the legacy code. We need to
ensure that those events also get logged into the log files. Will take the
log4j syslogappender path then
Thanks,
Ram
>
> --Alex
>
> > -----Original Message-----
> > From: Ram Ganesh [mailto:[email protected]]
> > Sent: Tuesday, January 08, 2013 7:46 AM
> > To: [email protected]
> > Subject: RE: [DISCUSS] Syslog enhancements
> >
> > > -----Original Message-----
> > > From: Chip Childers [mailto:[email protected]]
> > > Sent: 04 January 2013 00:13
> > > To: [email protected]
> > > Subject: Re: [DISCUSS] Syslog enhancements
> > >
> > > I think that Ram and Hari are talking about CloudStack system
> "events"
> > > (call this set 1). The log4j conversation is around log messages
> being
> > > sent through the logger (call this set 2).
> > >
> > > If we assume that (2) is a superset of (1), then IMO there is no
> > > reason to do something different from the log4j syslog appender.
> On
> > > the other hand, if there is a portion of set (1) that is not
> included
> > > in set (2), then I actually think we have a logging problem to fix.
> >
> > Sorry for getting back late on this. The intent of this enhancement
> is to send
> > out system events in multiple(configured) formats. SNMP and Syslogs
> are
> > two formats. Users can choose the format of their interest based on
> their
> > existing element management infrastructure. Currently in CloudStack I
> guess
> > not all system events are logged into the log file.
> >
> >
> > >
> > > On Thu, Jan 3, 2013 at 1:36 PM, John Kinsella <[email protected]>
> wrote:
> > > > Ram - my coffee's still kicking in, but that's still not clear to
> me.
> > > Maybe you could put some sample logs in the wiki? Based off what
> you
> > > have there right now (IP, time stamp, message type, log level, log
> > > message) this comes already from the log4j appender. Sample output
> > > that I just set up by setting the syslog appender level to DEBUG
> and
> > > setting up my syslog daemon on the master to accept network traffic
> ("-
> > > r" flag in /etc/sysconfig/syslog on centos)
> > > >
> > > > Jan 3 12:33:46 localhost.localdomain DEBUG
> > > [cloud.alert.ClusterAlertAdapter] (Cluster-Notification-1:) Receive
> > > cluster alert, EventArgs:
> com.cloud.cluster.ClusterNodeJoinEventArgs
> > > >
> > > > Whether localhost.localdomain is an IP or resolved hostname is
> based
> > > on syslogd/syslog-ng settings. Happy to write up a wiki on this
> > > (probably should anyways) but still trying to figure out if your
> plan
> > > is to provide more than this...
> > > >
> > > > John
> > > >
> > > > On Jan 3, 2013, at 8:53 AM, Ram Ganesh <[email protected]>
> > wrote:
> > > >
> > > >> Alex,
> > > >>
> > > >> With this requirement CloudStack will send out events in syslog
> > > format. Apart from sending them in SNMP format(if configured
> > > accordingly) and also in email format. Hope it is clear
> > > >>
> > > >> Thanks,
> > > >> Ram
> > > >>
> > > >>> -----Original Message-----
> > > >>> From: Alex Huang [mailto:[email protected]]
> > > >>> Sent: 03 January 2013 00:14
> > > >>> To: [email protected]
> > > >>> Cc: Hari Kannan
> > > >>> Subject: RE: [DISCUSS] Syslog enhancements
> > > >>>
> > > >>> Here's some references for people who don't know log4j and
> syslog
> > > well.
> > > >>>
> > > >>> http://loggly.com/support/sending-data/logging-
> from/application-
> > > >>> logs/java/
> > > >>>
> > > >>> Maybe all we need is someone to add this information to our
> wiki or
> > > >>> maybe this is only a docs improvement?
> > > >>>
> > > >>> --Alex
> > > >>>
> > > >>>> -----Original Message-----
> > > >>>> From: Alex Huang [mailto:[email protected]]
> > > >>>> Sent: Wednesday, January 02, 2013 10:39 AM
> > > >>>> To: [email protected]
> > > >>>> Cc: Hari Kannan
> > > >>>> Subject: RE: [DISCUSS] Syslog enhancements
> > > >>>>
> > > >>>> Hari,
> > > >>>>
> > > >>>> I echo John's question here. I don't see any requirements on
> the
> > > >>> wiki that
> > > >>>> require more than a syslog appender for log4j. What this
> means is
> > > >>> that
> > > >>>> whatever is logged to our current log file will get sent to
> > > syslog.
> > > >>> That's
> > > >>>> something someone can configure today on existing releases.
> Do
> > > you
> > > >>> have
> > > >>>> more use cases? For example, is there anything that should be
> > > logged
> > > >>> to
> > > >>>> syslogs but not in our logs or vice versa?
> > > >>>>
> > > >>>> --Alex
> > > >>>>
> > > >>>>> -----Original Message-----
> > > >>>>> From: John Kinsella [mailto:[email protected]]
> > > >>>>> Sent: Wednesday, December 26, 2012 1:53 PM
> > > >>>>> To: [email protected]
> > > >>>>> Subject: Re: [DISCUSS] Syslog enhancements
> > > >>>>>
> > > >>>>> (Changed subject as noted by Alex)
> > > >>>>>
> > > >>>>> Question - is this feature something beyond using the syslog
> > > >>> appender in
> > > >>>>> log4j?
> > > >>>>>
> > > >>>>> One thing I'd like to see is logs using key-vaue pairs. The
> > > closer
> > > >>> to that we
> > > >>>> can
> > > >>>>> get, the easier it is for me to have the logs consumed by a
> > > >>> separate
> > > >>>> analytics
> > > >>>>> package.
> > > >>>>>
> > > >>>>> One nitpick - syslog can be udp or tcp.
> > > >>>>>
> > > >>>>> On Dec 26, 2012, at 11:12 AM, Hari Kannan
> > > <[email protected]>
> > > >>> wrote:
> > > >>>>>
> > > >>>>>> Hello All,
> > > >>>>>>
> > > >>>>>>
> > > >>>>>>
> > > >>>>>> I wish to propose syslog enhancements in CloudStack - I have
> > > >>> added
> > > >>>> some
> > > >>>>> details
> > > >>>>>
> > > >>>>
> > >
> > here<https://cwiki.apache.org/confluence/display/CLOUDSTACK/syslog+en
> > > >>>>> hancements> along with a JIRA ticket 772
> > > >>>>>>
> > > >>>>>
> > > >>
> > > >>
> > > >
> > > > Stratosec - Secure Infrastructure as a Service
> > > > o: 415.315.9385
> > > > @johnlkinsella
> > > >
