[arch-devops] Centralized log monitoring and alerting?
Bartłomiej Piotrowski
bpiotrowski at archlinux.org
Mon Sep 10 06:30:33 UTC 2018
On 10/09/2018 02.53, Andrew Crerar wrote:
> Hi all,
>
> On 2018-07-28 there were some discussions in #archlinux-devops around setting up
> some sort of centralized logging/monitoring/alerting solution for the various
> services on Apollo (and maybe other?) server(s). I had mentioned possibly using
> the ELK[1] stack for this task. There was some back and forth about it
> potentially being a bit heavy handed for what was needed and how we would most
> likely need to repurpose/dedicate something like nymeria to handle the stack.
> There was also the suggestion of possibly using something like tenshi[2] if
> we're aiming for a low overhead solution, however, there would be much writing
> of the regexes.
>
> With that being said, the purpose of this email is to have a more formal
> discussion around what we're trying to capture from the logs, the actions we
> want to have taken with what ends up being captured, and possibly come to a
> consensus on what tool(s) we could leverage.
>
> Thoughts?
>
> Regards,
>
> Andrew
>
>
> [1] https://www.elastic.co/de/elk-stack
> [2]https://github.com/inversepath/tenshi
>
We already have centralized alerting with Zabbix. What are you trying to
solve exactly? I don't recall anyone from devops team complaining about
having to ssh to run journalctl somewhere. Each new gear added to infra
means more time spent on maintaining it, while our goal is quite the
opposite thing.
Bartłomiej
More information about the arch-devops
mailing list