Sven Delmas

<p><a href="https://github.com/Fudge/gltail" title="gltail">gltail</a>&nbsp;by Erlend Simonsen is a real time log viewer written in Ruby that provides an interesting live view of your log data from multiple servers. Log entries are assigned to blocks/labels which are shown on the border, and track counts/averages per entry. New log entries drop into the view from the top either as&nbsp;<strong>events</strong>&nbsp;displaying a text (for example an error message), or as&nbsp;<strong>activities</strong>&nbsp;from the side represented as differently sized circles (according to some notion of size for that activity).</p>

<p>But instead of using my poor english to describe this, here is the end result of my efforts so far, just to keep everybody interested.</p>

<p><a href="https://youtu.be/S4XWy1MgM3g" title="https://youtu.be/S4XWy1MgM3g">This is intentionally not embedded... sorry but the blog layout makes that look really ugly.</a></p>

<h2>Setup</h2>

<h3>Ruby</h3>

<p>I hope your machine already has Ruby. If not, find the respective setup instructions and follow them. I am on Mac, so I ended up installing Homebrew&nbsp;to get the latest version of Ruby (but that's a whole different article).</p>

<h3>Apache Cassandra™/Datstax Enterprise</h3>

<p>Set up a Apache Cassandra™/Datastax Enterprise ring with a few nodes and do stuff on there to fill up the logs once you have the gltail application running. You can find the instructions for DSE setup and running demos on the Datastax web site. If you already have a working ring to use, just try it with those nodes.</p>

<h3>gltail</h3>

<p>You can download gltail from&nbsp;<a href="https://github.com/Fudge/gltail" title="https://github.com/Fudge/gltail">https://github.com/Fudge/gltail</a>. Just do a</p>

<pre>
git clone https://github.com/Fudge/gltail
</pre>

<p>and you are all set. To ensure you have all the required packages, make sure you follow the instructions in&nbsp;<a href="https://github.com/Fudge/gltail/blob/master/README" title="https://github.com/Fudge/gltail/blob/master/README">https://github.com/Fudge/gltail/blob/master/README</a>.</p>

<p>I also ended up tweaking one file on my Mac (not sure whether that will be needed for you, but you may want to do it if your ruby has trouble finding files).</p>

<pre>
diff --git a/bin/gl_tail b/bin/gl_tail
index a0ffe2f..4d831ad 100755
--- a/bin/gl_tail
+++ b/bin/gl_tail
@@ -74,6 +74,8 @@ elsif !File.exist?(file)
   exit
 end
 
+$LOAD_PATH.unshift(File.dirname(__FILE__) + '/../lib')
+
 require File.dirname(__FILE__) + '/../lib/gl_tail.rb'
 
 if defined? @print
</pre>

<h2>Customizations</h2>

<p>To allow gltail to read the log files and parse them, there are a few customizations needed as described below.</p>

<h3>gl_tail.yaml</h3>

<p>The gl_tail.yaml I used is attached here. The file should be in the directory where you start bin/gl_tail from.</p>

<p>The servers section defines the list of machines to ping for log files. Each server definition starts with the server name to use, and contains the source for the log files. In this case I choose to just copy log files from the servers down for illustration purposes, but you can specify host, user, password and ssh command used to extract those files via ssh from the remote nodes. This is also where the parser for the log file is selected, as well as some additional options like colors (rgb + transparency).</p>

<p>The config section contains some application level options like window size, and bounce setting. Play with this one, false makes balls just fly off the side, with this set to true, they bounce off a wall and drop into a neat funnel.</p>

<p>For each side of the window, there is a section that defines the size of the border, and what blocks/labels are represented in which order. For each block there are a number of options, such as color, the size, whether to clear old values and some more. Plenty of stuff to play with. Most importantly this is where new blocks would be added in case the parser has additional activities or events to add.</p>

<pre>
# Only use spaces to indent, not tabs

servers:
    server1:
        source: local
        files: ./test/system1.log
        parser: cassandra
        color: 0.2, 1.0, 0.2, 1.0
    server2:
        source: local
        files: ./test/system2.log
        parser: cassandra
        color: 0.2, 1.0, 0.4, 1.0
    server3:
        source: local
        files: ./test/system3.log
        parser: cassandra
        color: 0.2, 1.0, 0.6, 1.0
    server_errors:
        source: local
        files: ./test/system4.log
        parser: cassandra
        color: 0.2, 1.0, 0.8, 1.0
config:
    dimensions: 800x600
    min_blob_size: 0.004
    max_blob_size: 0.04
    highlight_color: orange
    bounce: true
    left_column:
        size: 20
        alignment: -0.99
        blocks:
            errors:
                order: 0
                size: 10
                show: total
                color: 1.0, 0.0, 0.0, 0.0
            dropped messages:
                order: 1
                size: 5 
                show: total
                color: 1.0, 0.0, 0.0, 0.0
            warnings:
                order: 2
                size: 10
                show: total
                color: 1.0, 1.0, 0.0, 0.0
            compacted:
                order: 3
                size: 5 
                show: total
                color: 1.0, 1.0, 0.2, 0.0
            flushing:
                order: 3
                size: 5 
                show: total
                color: 1.0, 1.0, 0.2, 0.0

    right_column:
        size: 20
        alignment: 0.99
        blocks:
            dse servers:
                order: 0
                size: 20
                auto_clean: false
                show: total
            cassandra servers:
                order: 1
                size: 20
                auto_clean: false
                show: total
            loads:
                order: 2
                size: 20
                auto_clean: false
                show: total
            schemas:
                order: 2
                size: 20
                auto_clean: false
                show: total

resolver:
    reverse_ip_lookups: true
    reverse_timeout: 0.5
</pre>

<h3>lib/parsers/cassandra.py</h3>

<p>The most interesting piece is of course the parser for the log file. That file is located in the folder lib/gltail/parsers and defines what is extracted from the log file. I wrote my own little first version of this, which is included here.</p>

<pre>
# cassandra.rb - OpenGL visualization of your server traffic
# Copyright 2013 Sven Delmas 
#
# Licensed under the GNU General Public License v2 (see LICENSE)
# 

# Parser which handles cassandra/system.log (standard log setup) from Apache Cassandra(tm)
class CassandraParser  'dropped messages', :name =&gt; server.name)
      end
      if compacted
        add_activity(:block =&gt; 'compaction done', :name =&gt; server.name)
      end
      if flushing
        add_activity(:block =&gt; 'flushing', :name =&gt; server.name)
      end
      
      # Events to pop up
      if cassandra_version
        server_name = server.name + '=' + cassandra_version
        server_message = server.name + ' started version: ' + cassandra_version
        add_event(:block =&gt; 'cassandra servers', :name =&gt; server_name, :message =&gt; server_message, :update_stats =&gt; true, :color =&gt; [0.0, 1.0, 0.0, 0.0])
      end
      if dse_version
        server_name = server.name + '=' + dse_version
        server_message = server.name + ' started version: ' + dse_version
        add_event(:block =&gt; 'dse servers', :name =&gt; server_name, :message =&gt; server_message, :update_stats =&gt; true, :color =&gt; [0.0, 1.0, 0.0, 0.0])
      end
      if schema_endpoint 
        schema_name = schema_endpoint
        add_activity(:block =&gt; 'schemas', :name =&gt; schema_name)
      end
      add_event(:block =&gt; 'errors', :name =&gt; server.name, :message =&gt; message, :update_stats =&gt; true, :color =&gt; [1.0, 0.0, 0.0, 0.0]) if priority == "ERROR"
      add_event(:block =&gt; 'warnings', :name =&gt; server.name, :message =&gt; message, :update_stats =&gt; true, :color =&gt; [1.0, 1.0, 0.0, 0.0]) if priority == "WARN"
    end
  end
end
</pre>

<p>As you can see, the main purpose of this code is to define regular expressions that will detect and extract specific information. Once the information is extracted, it can easily be added to a particular block (including a newly defined block in case you are adventurous). Right now the code will extract the Datastax Enterprise and Apache Cassandra™ version, errors, warnings, schema changes, flush events, compaction events. I played with a few other log messages, but picking the right messages to extract is non trivial as the display may get overloaded quickly. There are of course more possibilities as to what to track:</p>

<ul>
	<li>DSE Auditing - With the proper setup of log4j appenders, it would be possible to track logins, queries, inserts, deletes</li>
	<li>Specific errors and warnings</li>
	<li>Endpoint load reports</li>
	<li>Adding or removal of nodes</li>
	<li>Whatever else pops up in the logs that you may need to know about</li>
</ul>

<p>You will probably not use this to do line by line analysis, this is not what gltail is made for. What I like about this display method (besides that it's just plain cool) is that with the right extraction, one can see how certain events correlate. For example there may be a lot of connection drops while a lot of compaction going on. This also can quickly alert about specific errors in a way that is visual and tracks the occurrences.</p>

<p>I hope you find this little overview interesting, or maybe even useful. It's just to show that there are a lot of fun projects out there that can be used with Apache Cassandra™.</p>


Apache Cassandra™ Log Viewing with gltail

Sven Delmas

Share

More Technology

Getting Started with DataStax Astra DB and Amazon Bedrock

Why You Can't Miss Cassandra Summit

Mitigate the OpenAI Debacle with Open Source and Cloud

Supercharge AI Assistants with Superagent and DataStax

NoSQL and Vector DB
for Generative AI,
Instantly, At Scale

Sven Delmas

Share

More Technology

Getting Started with DataStax Astra DB and Amazon Bedrock

Why You Can't Miss Cassandra Summit

Mitigate the OpenAI Debacle with Open Source and Cloud

Supercharge AI Assistants with Superagent and DataStax

NoSQL and Vector DBfor Generative AI,Instantly, At Scale

NoSQL and Vector DB
for Generative AI,
Instantly, At Scale