OCI Logging : Ingest, Analyze, and Manage Your Logs

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

OCI Logging : Ingest, Analyze, and Manage Your Logs

  • Oracle Learning Channel  

 https://www.youtube.com/channel/UCpcndhe5IebWrJrdLRGRsvw

      

  • ingest OCI Service logs in Logging Analytics using Service Connectors

https://www.youtube.com/watch?v=zbVMBxvJTnQ


Youtube : https://www.youtube.com/watch?v=ED2AbHESD5k


-------OUR TASK ------------------------------------------------------------------------------------

Ingest Logs  :

https://docs.oracle.com/en-us/iaas/logging-analytics/doc/ingest-logs.html

Ingest Logs from Other OCI Services Using Service Connector

https://docs.oracle.com/en-us/iaas/logging-analytics/doc/ingest-logs-other-oci-services-using-service-connector.html#GUID-09B91C93-30C2-454E-87AF-FA8C39207FB4

how the Service Connector Hub works


Ingest Logs to OCI Logging Analytics Using Fluentd

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

You can go to oracle.com/manageability or oracle.com/devops

Go to Oracle Infrastructure Portal to Learn More : https://cloud.oracle.com/iaas


1 ---  https://www.youtube.com/watch?v=MMDKR1YGpA8

2 ---  https://www.youtube.com/watch?v=ED2AbHESD5k


To find out about more about logging and related services there : You can go to oracle.com/manageability or oracle.com/devops

Brand new OCI logging service 


Big Picture Overview : Lets see how OCI logging fits in the Big Picture 

Generally when you are running workloads on cloud there are two key things that you want to observer .

  1. First you want to Observer resources in OCI Resources , for example you have Virtual Cloud Networking , Object Storage , Load Balancers all of these things are Managed OCI resources - that I mean critical thing that you want to observe .
  2. Customer Applications  : Or things that you control your self for example , there is going to be an application on top of Oracle OCI. an application running on On-Premise or an application running in another cloud . But at the same time these things also emit things that you want to observe. 


Whether is it is something coming up from an OCI service or something coming in from an application . There are four key data type . There are four key types of things that you naturally want to observe. 

DATA-TYPES

1. Audit : Every single resource when it is created , when it is deleted , when it is edited - it emits an audit event . This Audit record gathers a clear record of who made the change . What change did they attempt to make, who changed it , and what was the effect of it before and after - This is enabled for you automatically for free for all of your resources So this is one Key Datatype - a one key thing that you want to observe . 

2. Cloud Events :  Any time a resource comes up or comes down it emits this ephemeral data that hey I have changed state . something thing like "Hey I have been rebooted" .  or you can have a bucket that says I am deleted - You can subscribe to these events and you can observe them and you can take action on them as well . 

3. Logs : The third type of data that you want to observe is logs , obviously for your infrastructure for instance for your VCN that can create flow logs , you applications can also emit their performance and diagnostic logs but regardless of something on OCI or in your application , they both emit logs that you want to observe and most likely you want to observer and search them in the same spot. 

4. Metrics : You can have your compute hosts have their own individual metrics , how memory and CPUs behaving as well as your own application can have instrumented metrics for example , latency and availability and things relevant to your specific scenario . 

And OCI basically provides you with  a tool set that basically lets you collect, monitor and analyze all of these key datasets . For example

  1. Audit Service :  that exists this a free service which is already live today .
  2. OCI Events : That allows you to subscribe to the cloud events that I was talking about and allows you to take action on them 
  3. Logging : Today we will be talking about how does it bring in all of those logs from your resources and applications 
  4. Monitoring :  Finally there is monitoring which bring in your metrics 

The cool thing about all of these tools is they all interact and work together . OCI logging is bring in a lot of the feature that existed in Audits and the feature that existed in Events That means with OCI logging you can come in view your audit logs and you can go ahead and set approvals on top of events. 

But generally when you go about - act,  move or transport this key Data-Types we have one common product that lets you do this called the "Service Connector Hub" . 

Service Connector Hub :  lets you go invoke a function , or emit a notification or go on and write those things to a string, But regardless if this is an audit , an event or logging there is one common interface where you can move all these . 

>  Logging Deep Dive :

Previous we discussed where OCI logging fits into the Big Picture, now lets do a deep dive into OCI logging. -- on what the OCI logging can actually do for you .


> What is OCI Logging ?

OCI logging is your official entry point to anything related to logs inside of OCI that means that it give you a Centralize Log Management Platform

OCI logging is build on Open standards what that means is any time when a log line is ingested from your applications it is actually leveraging Fluentd  which enable to have all of the open community plugins that exists .

And whenever any log line that comes in the system , something from your audit logs , infrastructure applications we automatically normalize it into CNCF Cloudevents 1.0 format .  What it gives you a common way and an Open way to ingesting your logs as well as store your logs in a open format that can be consumed by other cloud native tools as well as cloud providers . 

 > What can OCI Logging can actual do ?

You can break it into three key value propositions 

  1. Collect & Manage :  We want to give you the ability to collect and manage everything that has to do collecting logs in OCI in one view . 
  2. Search & Analyze : Once the logs are into the system we want to make sure you are able to search and analyze them . That means that you go about performing all the investigations that you want to perform on logs . 
  3. Take Action : Must be easily exportable and take action

We are going to take a deep dive into each of these in a more detail .


Collect & Manage : 


  • In the past when we say logs that can come from shared services 
  • logs that can come from your own customer generated applications
one of the key thing that customer love and create is to have all of these things come in one spot. It is a pain for DevOps teams or for any one to touch the logs . it has to jump run to a different audit product , different network logging product , application logging product . We want to give you a central spot for all of these logs to come in . 

That means anything that comes out of a OCI resource , you should be able to turn on the logging with one easy click. So we will give you an common or an easy way to turn on logging on a load balancer or a storage bucket . As well as to install an agent and get log from it from an OCI instance .

All of the actual application logs that are just in the system are actually leveraging "fluentd" behind the scene . So what that means is you get support for all of the open source plugins and the ability to pre-process, enrich and classify and tag it however you want . If there is a plugin that you don't see exists you can actually goahead and build yourself as well 

All of the log lines that are ingested into the system that is coming from OCI resource and application are all secured by OCI IAM , that means , there is a clean way to understand who get access to which logs . Who get access to ingest a log and all of this comes together with log groups 

 > What is a Log Group ?


So another thing is that you have all of the logs in one system . 


The next thing that you want to do is search and analyze them so OCI logging gives you a query language - A Brand New query language that help you to slice and dice your logs and this is really power by cloud events open format . Now what that allows you have all of the logs in a consistent & Coherent way such that you can go an slice the log by the source of the event , the type of the event . It gives you a common way to describe those things in your log lines and that's done for you out of the box. So you can go ahead and search for one log , multiple log or all logs in an entire region . 

You can do a whole bunch of dice and slicing function for instance filtering , aggregations , loopups , scalar functions , you name it , all the things that you are used to and your log language .

And it also allows you to save your search and also share those queries with your team members 

> Take Action :

The ability to easy take action so what do we mean by that .


A lot of times when you have logs coming into your system and your doing investigation , there is usually another step that you want to do to close the DevOps loop . And automate the entire life cycle of the investigation . So we provide you with an intuitive - " if this , then that kind of rules to it " . It allows you to define these rules that take in for example, lets says, you say - Any time you see any error in my Application log - then do something , for example I can go-ahead and emit a Notification with Oracle Notification Service,  I can page my on-call , Integrate with JIRA Pager Duty , I can maintain a log based metrics and integrate with all of the dashboards and alarms

I can go invoke a function .

I can also easily move the data to another destination as well - I can archive to object storage or I can push it to Oracle Stream , where it can be connected with Kafka connect with other third party tools such as Splunk , Logarithm etc . But really what this rules engine allows you to do is , It allows you to take control and close the loop on your actual log investigations. So if you see a repro ,  you no longer want to go undetected , what you can do is you can actually go setup a rule to automatically trigger a function to remediate it or you can go and create metric based on the log line that kind of fease into broader metrics landscape . 

or you can go ahead and take all of your flow logs and all of your audit logs and archive them for long time retention for compliance or you can push them into an external sim that you are using today . All of these are done for you very easily and done out of the box with "Service Connector Hub" .  

Service Connector Hub  is service which is a sister product of OCI logging , that is launched around the same time . this is free service that allows you to do all these things . 

Those are the key propositions of logging. 

Now that we have covered all of these things , I want to see all of these things in action. 

  • What do you mean by enabling a log
  • What do you mean to actually search a log
  • What you mean by actually export a log. 

Demo :

You can find the OCI logging on the left hand side under the "Solutions & Platform" 


You can see there are 6 pages here under the logging  .  And we are going to go into each of these in teh high level and help you know what you can expect from day one. 

So the very fist thing that you will see is the search page . 

This is your home page for searching 


This is your home for searching , analyzing , visualizing all of your logs  in one single page


That means that it bring in all of your infrastructure logs, audit logs and application logs as well as logs for database all in one spy

> Logs

The second Page that we have is the log management Page : Click Logs on the left. 


Here you will see all the logs that exist in your compartments and log groups . As well as you have the ability to create new logs for your applications as well enable logs on your existing resources such as "Load Balancers" and "VCN"

> Log Groups 

Log groups are just logical container that allows you to organize and manage your logs in a coherent way . In this page you can see all log groups in the given compartments as well as create and manage existing ones . 


> Agent Configurations 

Agent align to define in a clear way which hosts you want to collect logs from . And what specific logs you want to collect from this hosts. For example i can go ahead and say I want to collect all of my error logs from my front end application log fleet. 

Here you can see the existing Agent configuration in the given compartment 


> Service Connectors :

Service connectors allow you to move and take action on the real time . Audit logs and all of my flow logs and write them to stream and here you can see all of the one existing in my compartments . As well as the ability to create a new one. 


> Audit : 

And finally we have the audit page which gives you a clean view to all of the actual audit events that are occurring in your given compartment .


We are going to go into each of these in the later videos. 

> DEMO : 2 : Enabling your first log on an OCI Resource 

How easy it is to enable a log in a given resource and how it actually integrates into the rest of the system . OCI logging makes it very easy to enable logs on existing OCI resources . So you can do this in two spots .

You can do this on Central Log Management page or you can do this or you can do this directly on the resource itself . 

Log Management Page :


Click on Enable Service Logs

The first thing that it will prompt you to enter is the resource name that you want to implement the logs on. 



I am going to select the service for example Object Storage 


In this case I am selecting the actual resource it self. Every single resource might have different kinds of logs emitted for 

And the last one is the log category is for example this bucket can emit read access logs and write access logs.


Different resources have different log categories . In this we are selecting Read Access Events. And finally we are going to give a name " MyBucket_ReadLogs " .



Just like that your log has been created for you .


The second place that you can do this is directly on the resource it self

I am only resource page of MyBucket 



And you can see this "Logs" tab in the bottom . when you click this you can see the logs that we enabled before and all the kinds of logs that you can enable. 


As well as all the kinds of logs that you can actually enable. Just like that we have enabled two logs in my bucket .


> Demo 3 : Ingesting Logs from Applications : 

Sometimes you have logs coming in from the applications and this could be coming from a whole bunch of hosts that can be inside or outside of OCI .  

Agent Configuration inside of OCI logging gives you a simple way to define and of the log collection for an entire fleet . It gives you a simple three step process which hosts you want to collect logs from . After you selected that , then you can select which exact logs you want to collect from those hosts .  And from there you define where you want your logs to go .


Click on Agent Configuration .



One of the Key pre-requisite is that we need to have before you create your Agent Config is - Make sure your entire fleet or hosts are already assigned to a dynamic group - We have documents that shows us how to do that . 

  1. On a high level Dynamic Groups is a Identity concept they allows you to say for example - all host with a specific tag belong to this group or all hosts in this specific compartment belong in that group. It is very simple concept but it very powerful to ringle the selection of your fleet
  2. Second step is that you need to make sure you have the Agent installed on your hosts

So for hosts running inside OCI most often this is not automatically enabled for you and to do this you need to go to the instance itself during Creation or Post Creation . And simple toggle - "I want Monitoring Plugin" .

We also have document stating how to do that in more detail and also how to do it for NON-OCI hosts as well. 

But those are the to key pre-requisites but once you have it is very simple to configure logging across your entire fleet. 


Below we are choosing a dynamic host where we already have our fleet.


You can select more than one group as well , 

Now you can specify what are the log inputs that you want to collect from that fleets or from those hosts. So there are two kinds of log inputs that you can select .


once you click create all of the logs from this entire fleet will flow over to this one common log object .  . 

DEMO 4  > Searching and Analyzing Logs : 

Whenever you ingest logs into OCI logging from your application or logs from your actual resources all of these logs are stored in a central spot where they are normalized into a common format and make it searchable for you . What that means is that this centralized page helps me filter, slice and dice and visualize all of the logs coming from my applications , database and audit 


You see the Compartments , Log Groups , and individual logs


DEMO 5 : Exporting & Taking Action on Logs : 

OCI Logging and service connector makes it easy for us to move , export and take action on all of my logs . That includes logs from my audit. Infrastructure as well as logs from application and database 

I am going to export all of my load balancer access logs to a stream .


Click on Create a Connector




Just like that we are getting all the load balancer access logs. 


























Comments

Post a Comment

Popular posts from this blog

Create OCI Infrastructure : Using Ansible

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Credits to creator of this blog Link below https://www.martinberger.com/2019/03/how-to-build-oci-infrastructure-environments-with-ansible/ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Create a User and SSH Keys # groupadd oci # useradd oci -g oci # passwd oci Add this line in /etc/sudoers. oci ALL=(ALL) ALL   Install the Oracle Cloud Infrastructure Python SDK $ sudo yum-config-manager --enable ol7_developer ol7_developer_epel $ sudo yum -y install python-oci-sdk python-oci-cli   -- did this Install the Ansible OCI Modules in one of two ways: https://docs.ansible.com/ansible/latest/scenario_guides/guide_oracle.html $ git clone https://github.com/oracle/oci-ansible-modules.git /etc/ansible/modules/oci-ansible-modules
Read more

Oracle -OCI : Foundations

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ OCI  https://education.oracle.com/oracle-cloud-infrastructure-2021-architect-associate/pexam_1Z0-1072-21 https://mylearn.oracle.com/course/oracle-cloud-infrastructure-foundations/35644/96915 https://mylearn.oracle.com/story/35644/ Oracle MyLearn +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ OCI Introduction : To make things simple lets break it down into 7 different categories . We have building blocks on top of this global footprint. The 7 categories that we mentioned . At the very bottom we have the core primitives . Compute -- Storage and Networking Compute service cover Bare Metal Servers , Containers , Managed Kubernetes Service and a Managed VMWare service.  These services are primarily for Performing Calculations , Executing Logic  and running applications  Cloud Storage includes disks attached to Virtual Machines. File Storage , Network Storage...
Read more

OCI -- Compute Instance Creation : VCN :Subnet

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Creating a Compute Instance over an existing VCN and Subnet Created a VCN and Subnet over OCI and wrote terraform code to launch the compute instance over the same VCN and subnet +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   ComputeInstance.tf   # resource "oci_core_vcn" "test_vcn" { #     #Required #     compartment_id = var.compartment_id # #    #Optional # #    byoipv6cidr_details { # #        #Required # #        byoipv6range_id = oci_core_byoipv6range.test_byoipv6range.id # #        ipv6cidr_block = var.vcn_byoipv6cidr_details_ipv6cidr_block # #    }     # cidr_block = var.vcn_cidr_block     #cidr_blocks = var.vcn_cidr_blocks     #defined_tags = {"Operations.CostCenter"= "Testing"}     #display_name = var.v...
Read more