Is Anyone Using LogStash for Monitoring Logs From Their Production Servers?

338 views
Skip to first unread message

Daniel Jansen

unread,
Feb 25, 2015, 7:07:36 AM2/25/15
to lu...@googlegroups.com
Title pretty much says it all: Is Anyone Using LogStash for Monitoring Logs From Their Production Servers?

I'm trying to find the best way to monitor my production environment and make it quick and easy to debug when errors occur.

Just looking for advice to whether anyone is using it and any suggestions on best practice or setup.

Thanks.

Dan

Mark Drew

unread,
Feb 25, 2015, 7:17:46 AM2/25/15
to lu...@googlegroups.com
About to start using it for some clients so will let you know how we get on.

Nando Breiter

unread,
Feb 25, 2015, 7:24:01 AM2/25/15
to lu...@googlegroups.com
I've tried https://logentries.com/ and unfortunately I found their retrieval system left log entries behind, so I couldn't rely on it.



Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland

+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/78923bd2-2458-47b8-b337-4621d0960c19%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Michael Hnat

unread,
Feb 25, 2015, 7:28:20 AM2/25/15
to lu...@googlegroups.com

Hi,

 

I'm using Elasticsearch and Kibana for searching in my database. I've written a small api wrapper if someone wants to use it.

The results with logstash (only testing here) are very impressive, I can absolutely recommend it. even as replacement/enhancement of BuglogHQ.

 

Best,

Michi

--

Chris Blackwell

unread,
Feb 25, 2015, 7:48:39 AM2/25/15
to lu...@googlegroups.com
yes we are.

we're using ELK (Elasticsearch, logstash & kibana) for monitoring logs from a lot of sources.  For our internal webapps we have it reading from a number of places.
  • our reverse proxies (apache httpd) write their logs directly in json
  • our apps run on embedded tomcat, those logs get sent to /var/log/messages and that gets read
  • the apps use logbox, and as well as a filesystem appender we use an appender that sends the logs as a json packet directly to redis 
we use mod_unique_id in apache to tie front end and backend requests together.  The logbox appenders know how to get this value.

we use a minimal logstash agent config on each of the proxy and app servers which ships the logs to a redis queue, we then have a central logstash server that reads the queue, groks and transforms the logs (like geoip-ing clients) and writes them into a small elasticsearch cluster.

if (when..;-) our apps throw an error they present the user (these apps are not public, they're just internal) with a friendly message with an error id in it.  When they contact us for support we can stick that error id into kibana and get back the log entry from the front end request and the stacktrace from the app server.

its been really useful, and well worth the few days it took to get it up and running.

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/b06e1e69-901c-4882-8727-827d5c86e935%40googlegroups.com.

Nando Breiter

unread,
Feb 25, 2015, 11:24:23 AM2/25/15
to lu...@googlegroups.com
On Wed, Feb 25, 2015 at 1:28 PM, Michael Hnat <m.h...@bluegras.de> wrote:

Hi,

 

I'm using Elasticsearch and Kibana for searching in my database. I've written a small api wrapper if someone wants to use it.


Michi, I'm interested in seeing your api wrapper if you'd like to share it. Thanks for the offer. Nando

Igal @ Lucee.org

unread,
Feb 25, 2015, 11:49:05 AM2/25/15
to lu...@googlegroups.com
+1 for ELK (or at least for E-K, LogStash is not that great on Windows so I don't use it)

I'm not sure how mod_unique_id works, but in nginx I use the standard X-Request-Id header, then it's accessible in Lucee via CGI.HTTP_X_REQUEST_ID

A better solution would be to generate the unique request id even if it isn't passed, as proposed in
https://bitbucket.org/lucee/lucee/issue/100/support-x-request-id-header

Igal Sapir
Lucee Core Developer
Lucee.org

Chris Blackwell

unread,
Feb 25, 2015, 12:23:56 PM2/25/15
to lu...@googlegroups.com

That's exactly what it does Igal, just inserts a request id into the headers, I forget the exact name - it's probably configurable.  We check for the request id on our apps, and if it's not present we do generate one, as it's passed further on down the chain in some of our internal apis

it might be a nice thing to build in, especially if we can insert the request id into lucee's logging. 

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/54EDFCEE.4060208%40lucee.org.

Igal @ Lucee.org

unread,
Feb 25, 2015, 12:33:21 PM2/25/15
to lu...@googlegroups.com
it might be a nice thing to build in, especially if we can insert the request id into lucee's logging. 
that's exactly what I have in mind ;)

between that and the Server.OS.Hostname (which is mentioned in the other ticket, and will help in clustered environments) debugging hard-to-find issues will become much easier.


Igal Sapir
Lucee Core Developer
Lucee.org

Michael Hnat

unread,
Feb 26, 2015, 3:43:40 AM2/26/15
to lu...@googlegroups.com
Sure. Let me put together some words of documentation and examples and I'll put it on github.
 
Best,
Michi
 
 
 
Von: "Nando Breiter" <na...@aria-media.com>
Gesendet: Mittwoch, 25. Februar 2015 17:25
An: "lu...@googlegroups.com" <lu...@googlegroups.com>
Betreff: Re: [Lucee] Re: Is Anyone Using LogStash for Monitoring Logs From Their Production Servers?
--

You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

mail...@gmail.com

unread,
Feb 26, 2015, 4:58:34 AM2/26/15
to lu...@googlegroups.com
we are using logstash for some other log4j based files, although we have not yet made a tomcat configuration we plan to do so soon, I find it a great way to centralize logs of all the different services, although other members of the team have other priorities and dont want to focus on this I find it a big help to have a central log repository that is well indexed and search-able.

GX

James Hooker

unread,
Feb 26, 2015, 6:43:47 AM2/26/15
to lu...@googlegroups.com
We have been using Logstash / Kibana for some time at mso in order to track, and analyse errors from various services, including ColdFusion.

During a recent sprint, I was tasked with implementing a method to send log entries from a Lucee instance to our central log server. You can find my method at the following gist.


You'll need to build the JAR, and place it into your class path, as defined in catalina.properties.

Would love some feedback - so far this appears to be working well for our Lucee instances.

Mark Drew

unread,
Feb 26, 2015, 6:51:41 AM2/26/15
to lu...@googlegroups.com
That’s a great job there! If You guys should really wrap it up into an extension! 

Talking of extensions, What is happening with the extension store?


Mark Drew


develop • deploy • deliver
http://charliemikedelta.com

--
You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/PFtguCcZgNk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.

To post to this group, send email to lu...@googlegroups.com.

James Hooker

unread,
Feb 26, 2015, 7:20:01 AM2/26/15
to lu...@googlegroups.com
Whoops - Gist is back at https://gist.github.com/Seidr/7550f685dbaebb333876 - sorry about that!

Daniel Jansen

unread,
Feb 26, 2015, 7:20:32 PM2/26/15
to lu...@googlegroups.com
Unreal feedback everyone!

I just need to make some time to setup a test environment now. Sounds like a really powerful tool to have in place.
Thanks for the resources documenting the setup - I'm sure I'll be referring to them often.

Regards,

Dan Jansen

P.S. Loving the buzz of activity of the Lucee community - there is a real sense of an active community here.

Mark Drew

unread,
Feb 26, 2015, 11:57:10 PM2/26/15
to lu...@googlegroups.com
A good way to start is to use an ELK vagrant box;


Next, this article is very enlightening on setting up Apache and Tomcat logs:

HTH
Mark Drew
- Sent by typing with my thumbs. 
--
You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/PFtguCcZgNk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages