Glenn Davis, profile picture
Uploaded byGlenn Davis
212 views

Distributed Logging Architecture in the Container Era

The document discusses the challenges and strategies for implementing distributed logging architectures in microservices, particularly in container environments. It highlights the difficulties of log collection and storage, emphasizes the importance of aggregating and processing logs from various sources, and presents case studies using tools like Fluentd with Docker. The need for flexibility and scalability in logging solutions is underscored, along with the value of open-source software in creating adaptable logging infrastructures.

Embed presentation

Download to read offline
Distributed Logging Architecture in Container Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi "Moris" Tagomori (@tagomoris)
Satoshi "Moris" Tagomori (@tagomoris) Fluentd, MessagePack-Ruby, Norikra, ... Treasure Data, Inc.
http://www.linuxfoundation.org/news-media/announcements/2016/06/chaosuan-crunchy-data-qbox-storageos-and-treasure-data-join-cloud
Topics • Microservices and logging in various industries • Difficulties of logging with containers • Distributed logging architecture • Patterns of distributed logging architecture • Case Study: Docker and Fluentd
Logging
Logging in Various Industries • Web access logs • Views/visitors on media • Views/clicks on Ads • Commercial transactions (EC, Game, ...) • Data from devices • Operation logs on Apps of phones • Various sensor data
Microservices and Logging • Monolithic service • a service produces all data about an user's behavior • Microservices • many services produce data about an user's access • it's needed to collect logs from many services to know what is happening Users Service (Application) Logs Users Logs
Logging and Containers
Containers: "a must" for microservices • Dividing a service into services • a service requires less computing resources
 (VM -> containers) • Making services independent from each other • but it is very difficult :( • some dependency must be solved even in development environment
 (containers on desktop)
Redesign Logging: Why? • No permanent storages • No fixed physical/network address • No fixed mapping between servers and roles • We should parse/label logs at the source, ship these logs by pushing to destination ASAP
Containers: immutable & disposable • No permanent storages • Where to write logs? • files in the container
 → gone w/ container instance 😞 • directories shared from hosts
 → hosts are shared by many containers/services ☹ • TODO: ship logs from container to anywhere ASAP
Containers: unfixed addresses • No fixed physical / network address • Where should we go to fetch logs? • Service discovery (e.g., consul)
 → one more component 😞 • rsync? ssh+tail? or ..? Is it installed in containers?
 → one more tool to depend on ☹ • TODO: push logs to anywhere from containers
Containers: instances per roles • No fixed mapping between servers and roles • How can we parse / store these logs? • Central repository about log syntax
 → very hard to maintain 😞 • Label logs by source address
 → many containers/roles in a host ☹ • TODO: label & parse logs at source of logs
Distributed Logging Architecture
Core Architecture • Collector nodes • Aggregator nodes • Destinations Collector nodes (Docker containers + agent) Destinations
 (Storage, Database, ...) Aggregator nodes
• Parse/Label (collector) • Raw logs are not good for processing • Convert logs to structured data (key-value pairs) • Split/Sort (aggregator) • Mixed logs are not good for searching • Split whole data stream into streams per services • Store (destination) • Format logs(records) as destination expects Collecting and Storing Data
Scaling Logging • Network traffic • CPU load to parse / format • Parse logs on each collector (distributed) • Format logs on aggregator (to be distributed) • Capability • Make aggregators redundant • Controlling delay • to make sure when we can know what's happening in our systems
Patterns
source aggregation NO source aggregation YES destination aggregation NO destination aggregation YES Aggregation Patterns
Source Side Aggregation Patterns w/o source aggregation w/ source aggregation collector aggregator / destination aggregate container
Without Source Aggregation • Pros: • Simple configuration • Cons: • fixed aggregator (endpoint) address • many network connections • high load in aggregator collector aggregator
With Source Aggregation • Pros: • less connections • lower load in aggregator • less configuration in containers
 (by specifying localhost) • highly flexible configuration
 (by deployment only of aggregate containers) • Cons: • a bit much resource (+1 container per host) aggregate container aggregator
Destination Side Aggregation Patterns w/o destination aggregation w/ destination aggregation aggregator collector destination
Without Destination Aggregation • Pros: • Less nodes • Simpler configuration • Cons: • Storage side change affects collector side • Worse performance: many small write requests on storage
With Destination Aggregation • Pros: • Collector side configuration is
 free from storage side changes • Better performance with fine tune
 on destination side aggregator • Cons: • More nodes • A bit complex configuration aggregator
Scaling Patterns Scaling Up Endpoints HTTP/TCP load balancer Huge queue + workers Scaling Out Endpoints Round-robin clients Load balancer Backend nodes Collector nodes Aggregator nodes
Scaling Up Endpoints • Pros: • Simple configuration
 in collector nodes • Cons: • Limits about scaling up Load balancer Backend nodes
Scaling Out Endpoints • Pros: • Unlimited scaling
 by adding aggregator nodes • Cons: • Complex configuration • Client features for round-robin
Without
 Destination Aggregation With
 Destination Aggregation Scaling Up Endpoints Systems in early stages Collecting logs over Internet or Using queues Scaling Out Endpoints Impossible :( Collector nodes must know all endpoints ↓ Uncontrollable Collecting logs in datacenter
Case Studies
Case Study: Docker+Fluentd • Destination aggregation + scaling up • Fluent logger + Fluentd • Source aggregation + scaling up • Docker json logger + Fluentd + Elasticsearch • Docker fluentd logger + Fluentd + Kafka • Source/Destination aggregation + scaling out • Docker fluentd logger + Fluentd
Why Fluentd? • Docker Fluentd logging driver • Docker containers can send logs to Fluentd directly - less overhead • Pluggable architecture • Various destination systems • Small memory footprint • Source aggregation requires +1 container per host • Less additional resource usage ( < 100MB )
Destination aggregation + scaling up • Sending logs directly over TCP by Fluentd logger library in application code • Same with patterns of New Relic • Easy to implement
 - good for startups Application code
Source aggregation + scaling up • Kubernetes: Json logger + Fluentd + Elasticsearch • Applications write logs to STDOUT • Docker writes logs as JSON in files • Fluentd
 reads logs from file
 parse JSON objects
 writes logs to Elasticsearch • EFK stack (like ELK stack) http://kubernetes.io/docs/getting-started-guides/logging-elasticsearch/ Elasticsearch Application code Files (JSON)
Source aggregation + scaling up/out • Docker fluentd logging driver + Fluentd + Kafka • Applications write logs to STDOUT • Docker sends logs
 to localhost Fluentd • Fluentd
 gets logs over TCP
 pushes logs into Kafka • Highly scalable & less overhead
 - very good for huge deployment Kafka Application code
Application code Source/Destination aggregation + scaling out • Docker fluentd logging driver + Fluentd • Applications write logs to STDOUT • Docker sends logs
 to localhost Fluentd • Fluentd
 gets logs over TCP
 sends logs into Aggregator Fluentd
 w/ round-robin load balance • Highly flexible
 - good for complex data processing
 requirements Any other storages
What's the Best? • Writing logs from containers: Some way to do it • Docker logging driver • Write logs on files + read/parse it • Send logs from apps directly • Make the platform scalable! • Source aggregation: Fluentd on localhost • Scalable storage: (Kafka, external services, ...) • No destination aggregation + Scaling up • Non-scalable storage: (Filesystems, RDBMSs, ...) • Destination aggregation + Scaling out
Why OSS Are Important For Logging?
Why OSS? • Logging layer is interface • transparency • interoperability • Keep the platform scalable • number of nodes • number of types of source/destination
Use OSS, Make Logging Scalable Thank you!

More Related Content

PDF
Docker and Fluentd (revised)
bySATOSHI TAGOMORI
 
PDF
Good Things and Hard Things of SaaS Development/Operations
bySATOSHI TAGOMORI
 
PDF
Fluentd and Distributed Logging at Kubecon
byN Masahiro
 
PDF
Fluentd Project Intro at Kubecon 2019 EU
byN Masahiro
 
PDF
How Mapbox Scales over 9 AWS Regions
byJohan
 
PDF
Norikra Recent Updates
bySATOSHI TAGOMORI
 
PDF
Containers and Logging
byEduardo Silva Pereira
 
PDF
The Patterns of Distributed Logging and Containers
bySATOSHI TAGOMORI
 
Docker and Fluentd (revised)
bySATOSHI TAGOMORI
 
Good Things and Hard Things of SaaS Development/Operations
bySATOSHI TAGOMORI
 
Fluentd and Distributed Logging at Kubecon
byN Masahiro
 
Fluentd Project Intro at Kubecon 2019 EU
byN Masahiro
 
How Mapbox Scales over 9 AWS Regions
byJohan
 
Norikra Recent Updates
bySATOSHI TAGOMORI
 
Containers and Logging
byEduardo Silva Pereira
 
The Patterns of Distributed Logging and Containers
bySATOSHI TAGOMORI
 

What's hot

PDF
Fluentd 101
bySATOSHI TAGOMORI
 
PDF
InfluxDB Internals
byInfluxData
 
PPTX
FluentD for end to end monitoring
byPhil Wilkins
 
PDF
Logging for Containers
byEduardo Silva Pereira
 
PDF
InfluxDB IOx Tech Talks: Replication, Durability and Subscriptions in InfluxD...
byInfluxData
 
PDF
Fluent Bit: Log Forwarding at Scale
byEduardo Silva Pereira
 
PDF
Docker and Fluentd
byN Masahiro
 
PPTX
Kafka website activity architecture
byOmid Vahdaty
 
PDF
Building realtime data pipeline with Apache Kafka
byNagarajan Selvaraj
 
PDF
Fluentd v1.0 in a nutshell
byN Masahiro
 
PDF
Mapbox.com: Serving maps from 8 regions
byJohan
 
PPTX
Data Security Governanace and Consumer Cloud Storage
byDaniel Rohan
 
PPTX
Oleksandr Nitavskyi "Kafka deployment at Scale"
byFwdays
 
PDF
EVCache: Lowering Costs for a Low Latency Cache with RocksDB
byScott Mansfield
 
PDF
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
byPROIDEA
 
PDF
HBaseCon2017 Apache HBase at Didi
byHBaseCon
 
PPTX
How Criteo is managing one of the largest Kafka Infrastructure in Europe
byRicardo Paiva
 
PDF
Why You Definitely Don’t Want to Build Your Own Time Series Database
byInfluxData
 
PDF
Kafka Summit SF 2017 - MultiCluster, MultiTenant and Hierarchical Kafka Messa...
byconfluent
 
PPTX
How is Kafka so Fast?
byRicardo Paiva
 
Fluentd 101
bySATOSHI TAGOMORI
 
InfluxDB Internals
byInfluxData
 
FluentD for end to end monitoring
byPhil Wilkins
 
Logging for Containers
byEduardo Silva Pereira
 
InfluxDB IOx Tech Talks: Replication, Durability and Subscriptions in InfluxD...
byInfluxData
 
Fluent Bit: Log Forwarding at Scale
byEduardo Silva Pereira
 
Docker and Fluentd
byN Masahiro
 
Kafka website activity architecture
byOmid Vahdaty
 
Building realtime data pipeline with Apache Kafka
byNagarajan Selvaraj
 
Fluentd v1.0 in a nutshell
byN Masahiro
 
Mapbox.com: Serving maps from 8 regions
byJohan
 
Data Security Governanace and Consumer Cloud Storage
byDaniel Rohan
 
Oleksandr Nitavskyi "Kafka deployment at Scale"
byFwdays
 
EVCache: Lowering Costs for a Low Latency Cache with RocksDB
byScott Mansfield
 
Atmosphere 2014: Centralized log management based on Logstash and Kibana - ca...
byPROIDEA
 
HBaseCon2017 Apache HBase at Didi
byHBaseCon
 
How Criteo is managing one of the largest Kafka Infrastructure in Europe
byRicardo Paiva
 
Why You Definitely Don’t Want to Build Your Own Time Series Database
byInfluxData
 
Kafka Summit SF 2017 - MultiCluster, MultiTenant and Hierarchical Kafka Messa...
byconfluent
 
How is Kafka so Fast?
byRicardo Paiva
 

Similar to Distributed Logging Architecture in the Container Era

PDF
Logging for Production Systems in The Container Era
bySadayuki Furuhashi
 
PDF
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
PDF
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
PDF
Fluentd at Bay Area Kubernetes Meetup
bySadayuki Furuhashi
 
PDF
Fluentd Overview, Now and Then
bySATOSHI TAGOMORI
 
PDF
Fluentd meetup logging infrastructure in paa s
byRakuten Group, Inc.
 
PDF
Collect distributed application logging using fluentd (EFK stack)
byMarco Pas
 
PDF
Unifying Events and Logs into the Cloud
byTreasure Data, Inc.
 
PDF
Unifying Events and Logs into the Cloud
byEduardo Silva Pereira
 
PDF
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
byLee Myring
 
PDF
Fluentd and Docker - running fluentd within a docker container
byTreasure Data, Inc.
 
ODP
The journey to container adoption in enterprise
byIgor Moochnick
 
PDF
Fluentd and docker monitoring
byVinay Krishna
 
PDF
Monitoring&Logging - Stanislav Kolenkin
byKuberton
 
PDF
6 Months Sailing with Docker in Production
byHung Lin
 
PDF
[scala.by] Launching new application fast
byDenis Karpenko
 
PDF
Fluentd Intro for OpenShift Commons Briefing
byEduardo Silva Pereira
 
PDF
Common primitives in Docker environments
byalexandru giurgiu
 
PPTX
CSE3069 - FLUENTD real time analytics.pptx
bydummyuseage1
 
PPTX
Building a Unified Logging Layer with Fluentd, Elasticsearch and Kibana
byMushfekur Rahman
 
Logging for Production Systems in The Container Era
bySadayuki Furuhashi
 
Docker Logging and analysing with Elastic Stack
byJakub Hajek
 
Docker Logging and analysing with Elastic Stack - Jakub Hajek
byPROIDEA
 
Fluentd at Bay Area Kubernetes Meetup
bySadayuki Furuhashi
 
Fluentd Overview, Now and Then
bySATOSHI TAGOMORI
 
Fluentd meetup logging infrastructure in paa s
byRakuten Group, Inc.
 
Collect distributed application logging using fluentd (EFK stack)
byMarco Pas
 
Unifying Events and Logs into the Cloud
byTreasure Data, Inc.
 
Unifying Events and Logs into the Cloud
byEduardo Silva Pereira
 
Log aggregation: using Elasticsearch, Fluentd/Fluentbit and Kibana (EFK)
byLee Myring
 
Fluentd and Docker - running fluentd within a docker container
byTreasure Data, Inc.
 
The journey to container adoption in enterprise
byIgor Moochnick
 
Fluentd and docker monitoring
byVinay Krishna
 
Monitoring&Logging - Stanislav Kolenkin
byKuberton
 
6 Months Sailing with Docker in Production
byHung Lin
 
[scala.by] Launching new application fast
byDenis Karpenko
 
Fluentd Intro for OpenShift Commons Briefing
byEduardo Silva Pereira
 
Common primitives in Docker environments
byalexandru giurgiu
 
CSE3069 - FLUENTD real time analytics.pptx
bydummyuseage1
 
Building a Unified Logging Layer with Fluentd, Elasticsearch and Kibana
byMushfekur Rahman
 

Recently uploaded

PPTX
[DSC Europe 25] Debmalya Biswas - Agentification: the art of transforming man...
byDataScienceConferenc1
 
PDF
OWASP-Top-10-for-Large-Language-Models-2023.pdf
byReynir Orn Bachmann Gudmundsson
 
PPTX
[DSC Europe 25] Ivan Peric - Intelligence Swarm Logic and Techno-Functional M...
byDataScienceConferenc1
 
PDF
McCrindle 2026 Trends of the Year
byMark McCrindle
 
PPTX
Online Hospital Appointment Management System
byahsanalishigre
 
PPTX
7 Cardiovascular emergencies (Chapter 22) (1).pptx
bysultanlove20044
 
PDF
Terminals into Throughways: Amtrak Through Service to Long Island
bykrv2009
 
PPTX
TCP IP and Routing Protocols, Information systems
byryanjamescampos789
 
PDF
[DSC Europe 25] Dusan Nesic - Securing Tomorrow’s Infrastructure: Why Cyber-P...
byDataScienceConferenc1
 
PPT
Fundamentals OF TUBERCULOSIS AND SIGNS.ppt
bymedsjpalomo
 
PDF
Introducing Cohesity NetBackup (2).pdf
byNestorNavarro20
 
PPTX
Talk on Artificial Intelligence_AI Usap Tayo.pptx
byPatrick655831
 
PDF
ICT Prep2 Lesson1-2 SM_251002_074210.pdf
bymhalexeg82
 
PPTX
[DSC Europe 25] Hans Kleinsman - The Compliance Gearbox: How Tax Tech Mediate...
byDataScienceConferenc1
 
PPTX
cloud computing ppt useful for studestns
byNagarajuJajam
 
PPTX
IT231_Presenation-Template oftentimes-1.pptx
bygoneweldon026
 
PDF
[DSC Europe 25] Danica Soc - The Science Behind Marketing: Experimentation me...
byDataScienceConferenc1
 
PPTX
Data analysis 2 presentation at ipmc.pptx
byabdualimohammed960
 
PPTX
powerpoint presentation for an ai that helps you invest in funds and do marke...
byfarzaanfk2002
 
PPTX
Security information presentation and its importance
bybilalkingqwq
 
[DSC Europe 25] Debmalya Biswas - Agentification: the art of transforming man...
byDataScienceConferenc1
 
OWASP-Top-10-for-Large-Language-Models-2023.pdf
byReynir Orn Bachmann Gudmundsson
 
[DSC Europe 25] Ivan Peric - Intelligence Swarm Logic and Techno-Functional M...
byDataScienceConferenc1
 
McCrindle 2026 Trends of the Year
byMark McCrindle
 
Online Hospital Appointment Management System
byahsanalishigre
 
7 Cardiovascular emergencies (Chapter 22) (1).pptx
bysultanlove20044
 
Terminals into Throughways: Amtrak Through Service to Long Island
bykrv2009
 
TCP IP and Routing Protocols, Information systems
byryanjamescampos789
 
[DSC Europe 25] Dusan Nesic - Securing Tomorrow’s Infrastructure: Why Cyber-P...
byDataScienceConferenc1
 
Fundamentals OF TUBERCULOSIS AND SIGNS.ppt
bymedsjpalomo
 
Introducing Cohesity NetBackup (2).pdf
byNestorNavarro20
 
Talk on Artificial Intelligence_AI Usap Tayo.pptx
byPatrick655831
 
ICT Prep2 Lesson1-2 SM_251002_074210.pdf
bymhalexeg82
 
[DSC Europe 25] Hans Kleinsman - The Compliance Gearbox: How Tax Tech Mediate...
byDataScienceConferenc1
 
cloud computing ppt useful for studestns
byNagarajuJajam
 
IT231_Presenation-Template oftentimes-1.pptx
bygoneweldon026
 
[DSC Europe 25] Danica Soc - The Science Behind Marketing: Experimentation me...
byDataScienceConferenc1
 
Data analysis 2 presentation at ipmc.pptx
byabdualimohammed960
 
powerpoint presentation for an ai that helps you invest in funds and do marke...
byfarzaanfk2002
 
Security information presentation and its importance
bybilalkingqwq
 

Distributed Logging Architecture in the Container Era

  • 1.
    Distributed Logging Architecture inContainer Era LinuxCon Japan 2016 at Jun 13 2016 Satoshi "Moris" Tagomori (@tagomoris)
  • 2.
    Satoshi "Moris" Tagomori (@tagomoris) Fluentd,MessagePack-Ruby, Norikra, ... Treasure Data, Inc.
  • 4.
  • 5.
    Topics • Microservices andlogging in various industries • Difficulties of logging with containers • Distributed logging architecture • Patterns of distributed logging architecture • Case Study: Docker and Fluentd
  • 6.
  • 7.
    Logging in VariousIndustries • Web access logs • Views/visitors on media • Views/clicks on Ads • Commercial transactions (EC, Game, ...) • Data from devices • Operation logs on Apps of phones • Various sensor data
  • 8.
    Microservices and Logging •Monolithic service • a service produces all data about an user's behavior • Microservices • many services produce data about an user's access • it's needed to collect logs from many services to know what is happening Users Service (Application) Logs Users Logs
  • 9.
  • 10.
    Containers: "a must" formicroservices • Dividing a service into services • a service requires less computing resources
 (VM -> containers) • Making services independent from each other • but it is very difficult :( • some dependency must be solved even in development environment
 (containers on desktop)
  • 11.
    Redesign Logging: Why? •No permanent storages • No fixed physical/network address • No fixed mapping between servers and roles • We should parse/label logs at the source, ship these logs by pushing to destination ASAP
  • 12.
    Containers: immutable & disposable •No permanent storages • Where to write logs? • files in the container
 → gone w/ container instance 😞 • directories shared from hosts
 → hosts are shared by many containers/services ☹ • TODO: ship logs from container to anywhere ASAP
  • 13.
    Containers: unfixed addresses • Nofixed physical / network address • Where should we go to fetch logs? • Service discovery (e.g., consul)
 → one more component 😞 • rsync? ssh+tail? or ..? Is it installed in containers?
 → one more tool to depend on ☹ • TODO: push logs to anywhere from containers
  • 14.
    Containers: instances per roles •No fixed mapping between servers and roles • How can we parse / store these logs? • Central repository about log syntax
 → very hard to maintain 😞 • Label logs by source address
 → many containers/roles in a host ☹ • TODO: label & parse logs at source of logs
  • 15.
  • 16.
    Core Architecture • Collectornodes • Aggregator nodes • Destinations Collector nodes (Docker containers + agent) Destinations
 (Storage, Database, ...) Aggregator nodes
  • 17.
    • Parse/Label (collector) •Raw logs are not good for processing • Convert logs to structured data (key-value pairs) • Split/Sort (aggregator) • Mixed logs are not good for searching • Split whole data stream into streams per services • Store (destination) • Format logs(records) as destination expects Collecting and Storing Data
  • 18.
    Scaling Logging • Networktraffic • CPU load to parse / format • Parse logs on each collector (distributed) • Format logs on aggregator (to be distributed) • Capability • Make aggregators redundant • Controlling delay • to make sure when we can know what's happening in our systems
  • 19.
  • 20.
  • 21.
    Source Side AggregationPatterns w/o source aggregation w/ source aggregation collector aggregator / destination aggregate container
  • 22.
    Without Source Aggregation •Pros: • Simple configuration • Cons: • fixed aggregator (endpoint) address • many network connections • high load in aggregator collector aggregator
  • 23.
    With Source Aggregation •Pros: • less connections • lower load in aggregator • less configuration in containers
 (by specifying localhost) • highly flexible configuration
 (by deployment only of aggregate containers) • Cons: • a bit much resource (+1 container per host) aggregate container aggregator
  • 24.
    Destination Side AggregationPatterns w/o destination aggregation w/ destination aggregation aggregator collector destination
  • 25.
    Without Destination Aggregation •Pros: • Less nodes • Simpler configuration • Cons: • Storage side change affects collector side • Worse performance: many small write requests on storage
  • 26.
    With Destination Aggregation •Pros: • Collector side configuration is
 free from storage side changes • Better performance with fine tune
 on destination side aggregator • Cons: • More nodes • A bit complex configuration aggregator
  • 27.
    Scaling Patterns Scaling UpEndpoints HTTP/TCP load balancer Huge queue + workers Scaling Out Endpoints Round-robin clients Load balancer Backend nodes Collector nodes Aggregator nodes
  • 28.
    Scaling Up Endpoints •Pros: • Simple configuration
 in collector nodes • Cons: • Limits about scaling up Load balancer Backend nodes
  • 29.
    Scaling Out Endpoints •Pros: • Unlimited scaling
 by adding aggregator nodes • Cons: • Complex configuration • Client features for round-robin
  • 30.
    Without
 Destination Aggregation With
 Destination Aggregation ScalingUp Endpoints Systems in early stages Collecting logs over Internet or Using queues Scaling Out Endpoints Impossible :( Collector nodes must know all endpoints ↓ Uncontrollable Collecting logs in datacenter
  • 31.
  • 32.
    Case Study: Docker+Fluentd •Destination aggregation + scaling up • Fluent logger + Fluentd • Source aggregation + scaling up • Docker json logger + Fluentd + Elasticsearch • Docker fluentd logger + Fluentd + Kafka • Source/Destination aggregation + scaling out • Docker fluentd logger + Fluentd
  • 33.
    Why Fluentd? • DockerFluentd logging driver • Docker containers can send logs to Fluentd directly - less overhead • Pluggable architecture • Various destination systems • Small memory footprint • Source aggregation requires +1 container per host • Less additional resource usage ( < 100MB )
  • 34.
    Destination aggregation +scaling up • Sending logs directly over TCP by Fluentd logger library in application code • Same with patterns of New Relic • Easy to implement
 - good for startups Application code
  • 35.
    Source aggregation +scaling up • Kubernetes: Json logger + Fluentd + Elasticsearch • Applications write logs to STDOUT • Docker writes logs as JSON in files • Fluentd
 reads logs from file
 parse JSON objects
 writes logs to Elasticsearch • EFK stack (like ELK stack) http://kubernetes.io/docs/getting-started-guides/logging-elasticsearch/ Elasticsearch Application code Files (JSON)
  • 36.
    Source aggregation +scaling up/out • Docker fluentd logging driver + Fluentd + Kafka • Applications write logs to STDOUT • Docker sends logs
 to localhost Fluentd • Fluentd
 gets logs over TCP
 pushes logs into Kafka • Highly scalable & less overhead
 - very good for huge deployment Kafka Application code
  • 37.
    Application code Source/Destination aggregation+ scaling out • Docker fluentd logging driver + Fluentd • Applications write logs to STDOUT • Docker sends logs
 to localhost Fluentd • Fluentd
 gets logs over TCP
 sends logs into Aggregator Fluentd
 w/ round-robin load balance • Highly flexible
 - good for complex data processing
 requirements Any other storages
  • 38.
    What's the Best? •Writing logs from containers: Some way to do it • Docker logging driver • Write logs on files + read/parse it • Send logs from apps directly • Make the platform scalable! • Source aggregation: Fluentd on localhost • Scalable storage: (Kafka, external services, ...) • No destination aggregation + Scaling up • Non-scalable storage: (Filesystems, RDBMSs, ...) • Destination aggregation + Scaling out
  • 39.
    Why OSS AreImportant For Logging?
  • 40.
    Why OSS? • Logginglayer is interface • transparency • interoperability • Keep the platform scalable • number of nodes • number of types of source/destination
  • 41.
    Use OSS, Make LoggingScalable Thank you!