OpenTelemetry for real-time logs and metrics, SIEM log shipping and aggregation

tech-by-design / polyglot-prime

Primary monorepo for TechBD polyglot bespoke code

https://tech-by-design.github.io/polyglot-prime/

GNU Affero General Public License v3.0

2 stars 22 forks source link

OpenTelemetry for real-time logs and metrics, SIEM log shipping and aggregation #58

Open razakpm opened 4 months ago

razakpm commented 4 months ago

Add log file for hub-prime java application with monthly iteration and day-wise rollout. Ensure proper environment variable to use in different environments

razakpm commented 4 months ago

Added log file. The file name can be set using an environment variable. Implemented monthly iteration with day-wise rollout.

shah commented 4 months ago

@razakpm reopening this ticket to ensure we're rolling logs into our SIEM as well. Please close once that's done.

shah commented 4 months ago

@razakpm are logs being rolled into a SIEM? Also we need to ensure observability is possible using OpenTelemetry and tools like Jaeger.

razakpm commented 4 months ago

We are evaluating Wazuh (https://wazuh.com/) for SIEM protection. The custom solution they provided is not working for us. We have raised a ticket for it (https://github.com/wazuh/wazuh/issues/24557) and are waiting for a response.

Meanwhile, the team is trying to understand the documentation at https://documentation.wazuh.com/current/user-manual/ruleset/decoders/index.html to see if it will help resolve the issue.

rinshadka commented 4 months ago

As per the community we need to create custom decoders and rules to parse the logs and team in working on the references provided. We will update soon once we successfully parse and fetch the data.

razakpm commented 3 months ago

As wazuh not providing a proper solution for log view. Spring boot project normally using micrometer for observability. For log view Micrometer supports the below different monitoring systems

Prometheus
Graphite
New Relic
Datadog
InfluxDB
AWS CloudWatch
Google Cloud Monitoring
JMX
StatsD
Elastic (ELK) Stack
Wavefront
AppOptics
VictoriaMetrics
OpenTelemetry

As we are in AWS it seems AWS CloudWatch is better for Log Monitoring

razakpm commented 3 months ago

It seems Micrometer stopped publishing metrics after migration to Spring Boot 3 (https://stackoverflow.com/questions/76172912/micrometer-stopped-publishing-metrics-after-migration-to-spring-boot-3)

spring-cloud-starter-aws is not mainatained by the Spring team anymore. It is maintained by the community, see here: https://github.com/awspring/spring-cloud-aws

spring-cloud-starter-aws:2.2.6.RELEASE is neither supported nor compatible with Boot 3.x