Software systems produce events but often do so in non-uniform ways. A system may log information to a file in a grammar that requires comprehension to extract meaning from the output. A system may also send events to other systems in a structured manner such as REST. Other systems may output events directly into a database for storage or pass them to a queue for distribution to interested consumers.
In highly diverse, clustered environments like those seen in many OpenStack deployments, the system event landscape can become complex, difficult to manage and over time become opaque to the point where events generated no longer provide value. The information in many of these events have definite business value, whether it be to meter a tenant or to communicate that a portion of the cluster has been damaged or degraded. Therefore, it’s imperative, despite the complexity of the event ecosystem, to capture this information in a standardized and scalable manner.
Once configured, logging events may make it in to the logging system via a relay using one of two methodologies:
While expensive, efficient encryption prevents many malicious attack vectors that messages in transit may be subject to. Two standards are recommended for securing messages in transport: the Syslog TCP TLS specification and SSL via HTTPS.
Compression may be enabled for more efficient utilization of network bandwidth. Rsyslog supports on the wire zlib compression which may be utilized. Many HTTP implementation also compression such as gzip or deflate.
Utilization of these standards may be enabled by the tenant or by relays communicating to one another.