堆栈内存溢出
  简体   繁体   English

要从应用服务器运送日志,该使用哪个服务器使用Logstash转发器,FLume或Fluentd?

[英]For shipping logs from app server, which to use Logstash forwarder, FLume or Fluentd?

 原文  2015-09-10 09:50:09       apache/ logging/ flume-ng/ fluentd/ logstash-forwarder

问题描述

  1. Logstash forwarder is light, but from logstash forwarder to logstash , there is latency over the network. Logstash转发器很轻巧,但是从Logstash转发器到Logstash,网络上存在延迟。 [ if i am using Logstash forwarder on one machine and sending logs to Logstash which is on other machine ] [如果我在一台计算机上使用Logstash转发器并将日志发送到另一台计算机上的Logstash,则为[

  2. Flume /Flume-ng : CPU utilisation is high for same amount of data (for example for 2 MB ,its like 20 percent ) Flume / Flume-ng:相同数据量(例如2 MB,大约20%)的CPU使用率很高

  3. Fluentd : doestn't use java, its based on CRuby , but its CPU utilisation is also at peak time 30 percent, . Fluentd:不使用基于CRuby的Java,但在高峰时期的CPU使用率也达到了30%。

As per our use case we do not want to add significant load on my production boxes to just forward the log and if i use logstash i will be introducing new single point of failure so i am pretty confused to choose one among them. 根据我们的用例,我们不想在生产盒上增加大量的负载来转发日志,如果我使用logstash,我将引入新的单点故障,因此我很困惑地在其中选择一个。

1 个解决方案

解决方案1
 0  2015-09-14 12:07:54

Interesting performance statistics. 有趣的效果统计。

From my experience, logstash-forwarder is fairly light weight and encryption/compression is very helpful. 根据我的经验,logstash-forwarder的重量很轻,并且加密/压缩非常有帮助。 This indeed might cause some latency. 这确实可能导致一些延迟。 Is that an important factor for you? 这对您来说是重要因素吗? I guess latency is smaller than 2-3 seconds. 我想延迟小于2-3秒。 I think that in many log management use cases, real-time is not a strong requirement. 我认为在许多日志管理用例中,对实时性的要求不高。

At the end of the day, all these agents need to collect data from apps/files, package them and ship them over the network. 最终,所有这些代理都需要从应用程序/文件中收集数据,打包并通过网络发送。 This takes some cycles but in most cases, these are 2%-4% of the resources a normal server would have. 这需要一些周期,但是在大多数情况下,这些周期是普通服务器将拥有的资源的2%-4%。

Have a look at rsyslog which has many configurations on how often it piggy backs logs. 看一下rsyslog,它有很多配置,可以记录日志的频率。 You can run it in a docker and limit resources more strictly on rsyslog or on any of the other agents ( https://hub.docker.com/r/logzio/logzio-rsyslog-shipper/ ) 您可以在docker中运行它,并更严格地限制rsyslog或任何其他代理( https://hub.docker.com/r/logzio/logzio-rsyslog-shipper/ )上的资源

Another option would be to post logs directly from your app server with bulk HTTP post by writing your own code. 另一种选择是通过编写自己的代码直接从您的应用服务器通过批量HTTP发布发布日志。 It's something most open source like ELK can ingest and it something we recommend using at http://logz.io 这是像ELK这样的大多数开放源代码都可以摄取的东西,我们建议在http://logz.io上使用它

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 未将httpd虚拟主机的流利日志转发到日志记录服务器 - fluentd logs for httpd vhosts not being forwarded to logging server 我是否可以创建一个Logstash管道,该管道将Apache Web日志和来自Mysql数据库(基于日志)的查询作为输入? - Can I create a Logstash pipeline which takes both Apache web logs and queries from a Mysql database (based on the logs) as input? 无法将数据从水槽接收到hdfs hadoop以获取日志 - Unable to ingest data from flume to hdfs hadoop for logs Logstash不将过滤器应用于Apache日志 - Logstash not applying filter to Apache logs 它将使用哪个Apache服务器? - which Apache server will it use? 无法使用Flume从Windows读取日志文件(服务器运行日志) - Unable to read an log file(server running log) from windows using flume 文件流利的日志收集器 - Fluentd log collector from file 服务器日志上来自同一 ip 的多个请求 - multiple request from same ip on Server logs Apache Flume在哪里记录错误消息? - where does Apache Flume logs its error messages? 使用Grok for Logstash解析Apache2错误日志 - Parse Apache2 Error logs with Grok for Logstash
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM