Release 2.5.1 includes enhancements to JMX functionality, improvements to Logscape roll detection aswell as significant search performance optimisation.
2.5.1 Introduces new linking functionality. This allows you to flawlessly link your workspaces and transfer context between them providing a troubleshooting workflow for non-expert users of the Logscape system.
Developing a responsive highly available web application is a complex task with many subcomponents. In the old days , a web application used to consist of a web server, usually Apache with a few cgi scripts to provide content dynamically. As the web grew in size so did the stack, the number of subcomponents,hosts involved increased in number and complexity. A simple web application can now easily consist of a web server, a load balancer, a few databases and a web framework such as Django or Rails. In this blog post we are going to look at the different Logscape Apps needed to monitor a web farm.
MongoDB is a popular open source nosql database. It’s gain in popularity has been due to ease of use, speed and options for scalability.The MongoDB App collects health and operational metrics for MongoDB cluster or group mongo instances.
In Part 1 I built a Groovy WebSocket
Server and a Java and HTML Client. In Part 2 I’ll deploy it into AWS, fire up the Clients and add the Github link. With WebSocket Clients, I can run Logscape in the ‘wild’ and make use of the Alert-Feed WebSocket functionality to stream data to my local servers.
AWS Deployment: Before running on the AWS server I need to find the right AMI – one with Java installed. The OpenJDK is installed on most Linux flavours, and I prefer to work with Ubuntu. In the following grab you can see where I’ve fired up the AMI instance.
This is a 2 part post where in Part 1 I build the ‘spike’ using Groovy to run a WebSocketServer to stream data to HTML5-WebSocket & JavaWebSocket Clients. The HTML Client uses the elegant smoothie charts (great for streaming). In Part 2 Ill show you how to run it on Amazons AWS.
At the end we have a real-time feed plotting the data from the cloud; it looks something like the grab on the right.
To chart the data in Logscape you need a passing familiarity with the how to search using a data type.
To execute a search I would need to know which Collectd plugin I am interested in and what metrics it outputs. The table of all collectd plugins can be found here. Here’s an example which charts the load of a host svr0001
Today businesses face an array of external and internal threats to their corporate network. Protecting business operations from security threats requires vigilance, experience and excellent tools.
Recently one of our customers found that alert emails from a trade capture system where being blocked by external mail servers. Further investigation showed that all traffic from the company mail server had been blacklisted and were being marked as spam.
Fortunately the sysadmin had Logscape installed actively monitoring all Cisco router traffic.
Outbound Connection Analysis
The Composite Blocking List (CBL) keeps a list of blacklisted mail servers with suspicious traffic. Many mail servers use this list to reject suspicious mail traffic. The first step for the sysadmin was to analyse all outbound traffic coming from within the company.
The first search he built showed all outbound mail connections recorded by the Cisco router grouped by the outbound mail-servers ip address. In a search like this you would expect to see connections to a short list of company approved mail server. This wasn’t the case.
On the 10th of April there is a distinctive spike in mail traffic. The blue parts of the search results represent expected mail activity but the multi coloured spike indicates suspicious activity. Continue reading →