Page MenuHomePhabricator
Create Task
Maniphest T86969

Send scap log directly to logstash via syslog input
Closed, ResolvedPublic
Actions

Description

Logging directly to logstash via the syslog input is more robust and matches current MediaWiki practice. Scap is one of 3 remaining udp2log input channels.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
log: add @cee: token for structured loggingmediawiki/tools/scapmaster+4 -1
Support for logging json to syslogmediawiki/tools/scapmaster+13 -0
deployment_server: ship logs through logging pipelineoperations/puppetproduction+3 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Jan 15 2015, 9:13 PM
bd808 raised the priority of this task from to Needs Triage.
bd808 updated the task description. (Show Details)
bd808 added a project: Deployments.
bd808 subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 15 2015, 9:13 PM
greg triaged this task as High priority.Jan 15 2015, 9:29 PM
greg lowered the priority of this task from High to Medium.
greg moved this task from To Triage to Backlog (Tech) on the Deployments board.
bd808 added a comment.EditedJan 15 2015, 10:26 PM

Scap already formats its messages for logstash so the change needed is to mimic the Monolog RedisHandler and rpush the log events on to the "logstash" list in redis on any of the logstash servers. The prod MW config randomly selects a redis host for each web request from the 3 possible. In beta there is only a single host to choose.

Config should allow choosing udp2log and/or redis as output and getting a list of redis servers based on the existing cascading config system. When redis is configured, the list of servers should be shuffled and the first or last one picked.

bd808 renamed this task from [scap] Log directly to logstash via redis input to [scap] Log directly to logstash via syslog input.May 14 2015, 2:51 AM
bd808 updated the task description. (Show Details)
bd808 set Security to None.
greg edited projects, added scap2; removed Deployments.Feb 9 2016, 11:34 PM
mmodell edited projects, added Scap; removed scap2.Feb 10 2017, 6:22 PM
bd808 added a comment.Feb 10 2017, 6:33 PM

The notes about redis input are horribly out of date. The redis input queue was killed fairly soon after being deployed.

Syslog is the transport used by MediaWiki these days, but there are several others possible. There are two raw json inputs: json codec over UDP on port 11514, and json_lines codec over TCP on port 11514 might be the easiest to use with a Python app like Scap. The python-logstash library or custom code should be pretty easy to use with either.

mmodell moved this task from Needs triage to Debt on the Scap board.Feb 1 2018, 12:18 AM
herron added a parent task: T198756: Audit log producers across the infrastructure and plan their transition to centralized logging..Jul 5 2018, 5:22 PM
fgiunchedi mentioned this in T198754: Logstash/Kibana architecture review.Jul 13 2018, 9:08 AM
fgiunchedi edited parent tasks, added: T205856: Retire udp2log: onboard its producers and consumers to the logging pipeline; removed: T198756: Audit log producers across the infrastructure and plan their transition to centralized logging..Oct 1 2018, 1:07 PM
fgiunchedi added a parent task: T213157: Increase utilization of application logging pipeline (FY2018-2019 Q3 TEC6).Jan 16 2019, 11:15 AM
fgiunchedi subscribed.Feb 7 2019, 11:10 AM

Update on udp2log deprecation: we've deployed the new logging infrastructure now, IOW the recommended way is to use the system's syslog daemon (unix socket on /dev/log that is) and opt-in programs to have their syslog ingested into logstash via kafka. For json logging the syslog payload should be prefixed with @cee: to signal structured/json logging. I'm happy to provide further guidance too!

fgiunchedi removed a parent task: T213157: Increase utilization of application logging pipeline (FY2018-2019 Q3 TEC6).Feb 7 2019, 11:26 AM
greg renamed this task from [scap] Log directly to logstash via syslog input to Log directly to logstash via syslog input.Feb 12 2019, 11:29 PM
gerritbot subscribed.Feb 27 2019, 2:19 PM

Change 493232 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] deployment_server: ship logs through logging pipeline

https://gerrit.wikimedia.org/r/493232

gerritbot added a project: Patch-For-Review.Feb 27 2019, 2:19 PM
gerritbot added a comment.Feb 28 2019, 9:57 AM

Change 493232 merged by Filippo Giunchedi:
[operations/puppet@production] deployment_server: ship logs through logging pipeline

https://gerrit.wikimedia.org/r/493232

fgiunchedi renamed this task from Log directly to logstash via syslog input to Send scap log directly to logstash via syslog input.Jul 2 2019, 12:42 PM
gerritbot added a comment.Jan 10 2020, 3:16 PM

Change 563468 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[mediawiki/tools/scap@master] Support for logging json to syslog

https://gerrit.wikimedia.org/r/563468

gerritbot added a comment.Feb 12 2020, 6:22 PM

Change 563468 merged by jenkins-bot:
[mediawiki/tools/scap@master] Support for logging json to syslog

https://gerrit.wikimedia.org/r/563468

fgiunchedi added a comment.Mar 2 2020, 10:51 AM

Patch has been deployed, however I overlooked adding @cee and will followup with a fix

fgiunchedi added a project: User-fgiunchedi.Apr 2 2020, 9:25 AM
gerritbot added a comment.Sep 23 2020, 10:28 AM

Change 629342 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[mediawiki/tools/scap@master] log: add @cee: token for structured logging

https://gerrit.wikimedia.org/r/629342

fgiunchedi moved this task from Backlog to Doing on the User-fgiunchedi board.Sep 23 2020, 12:20 PM
gerritbot added a comment.Sep 23 2020, 2:30 PM

Change 629342 merged by jenkins-bot:
[mediawiki/tools/scap@master] log: add @cee: token for structured logging

https://gerrit.wikimedia.org/r/629342

fgiunchedi added a subscriber: LarsWirzenius.Oct 16 2020, 9:34 AM

@LarsWirzenius re: the next scap release to get this change included, is there a timeline ? thanks!

LarsWirzenius added a comment.Oct 19 2020, 9:25 AM

ASAP, I'm sorting out things so I can start process soon.

fgiunchedi closed this task as Resolved.Jan 25 2021, 11:28 AM
fgiunchedi claimed this task.

Scap now logs through the logging pipeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits