Cloud Log Service (CLS) is a platform service integrating log collection, log storage and log search analysis. CLS centralizes logs for storage management and search analysis. It can also collect data and ship it to COS and other cloud products for further analysis.
To get you started, instructions to the following CLS features are described in this document:
First, you need to request to activate CLS on Tencent Cloud.
LogListener is a client that collects log data and sends it to CLS in a fast and non-intrusive way. The detailed installation procedures are as follows.
To install LogListener, the source server network and CLS network must be able to access each other. Tencent Cloud Virtual Machine (CVM) accesses CLS via the private network by default.
You can run the following command to check the network connectivity, where
<region> is the abbreviation for the CLS region. For more information about regions, please see Available Regions.
telnet <region abbreviation>.cls.tencentyun.com 80
Log in to CAM console with your Tencent Cloud account, view (or create) a key pair, and make sure that the key is enabled.
In this example, the CLS service runs in the CVM CentOS 7.2 (64-bit) environment. To download and install LogListener, see LogListener Installation Guide.
CLS service is differentiated by region. To lower network latency, try to create log resources in a CLS region closest to your business region. For supported regions, see Available Regions. Log resource management involves the management of logsets and log topics. A logset represents a project, while a log topic represents a type of service. A single logset may contain multiple log topics.
CLS uses a machine group to manage a list of log source machines.
Log in to the CLS console(https://console.cloud.tencent.com/cls), and click Machine Group on the left sidebar to open the machine group management page. Select the appropriate region at the top of the page, and click Create Machine Group. A machine group can contain multiple machine IP addresses (one IP address per line). For CVM, enter the private IP address directly. For more information, see Machine Group Management.
After a machine group is created, click View in the machine group list to check the connection between the LogListener client and servers. If the status is normal, the LogListener client is successfully connected to CLS. Otherwise, please see Machine Group Exception for troubleshooting.
Log in to the CLS console and click Logset on the left sidebar. Click the logset name/ID, then click the log topic ID/name to go to the log topic management page. Go to the Collection Configuration tab, and click Add Configurations to specify a collection path, a parsing mode and a server group to bind for your log topic. Here, we only describe how to use LogListener to collect logs. For more information, see Collection Methods.
The collection path needs to match the absolute path of the log file on the server. You are required to enter two parameters: the directory prefix and the file name in the format of [directory prefix expression]//**//[file name expression]. LogListener matches all paths with common prefixes that satisfy the [directory prefix expression], and monitors all log files under these directories (including subdirectories) that satisfy the [file name expression]. The parameters are described as follows:
|Directory Prefix||Directory prefix for log files, which supports only the wildcard characters
|/**/||Current directory and all its subdirectories.|
|File Name||Log file name, which supports only the wildcard characters
For example, if the absolute path of the file to be collected is
/cls/logs/access.log, then the directory prefix entered for the collection path should be
/cls/logs, and the file name
access.log, as shown below:
Select an existing machine group, and associate it with the current log topic. Then, LogListener will monitor the log files in this machine group according to the rules you set. You may bind a log topic to multiple machine groups, but a log file will only be collected into one log topic.
CLS supports various log parsing modes such as full text in a single line, separator, JSON, and full regex. The following log sample uses the separator mode (for more information, please see Separator Format).
Tue Jan 22 14:49:45 2019;download;success;194;a31f28ad59434528660c9076517dc23b
Separatorfor the Extraction Mode, and
Semicolonfor the log separator.
Tue Jan 22 14:49:45 2019,
a31f28ad59434528660c9076517dc23b. The keys defined for these 5 fields are
hashcoderespectively. LogListener will then use this defined structure to collect data.
CLS offers a log search and analysis feature based on segment indexing. We currently offer two index types: full-text index and key-value index. They can be managed on the index configuration tab on the log topic management page. Both index types can be enabled at the same time.
|Full-Text||Breaks a full log into segments by delimiter, and executes keyword query based on the segments.|
|Key-Value||Breaks a full log into key-value pairs according to the specifications, and executes field query based on the key-value pairs.|
Here we use key-value indexes as an example to describe how to configure indexes. On the log topic management page, go to the Index Configuration tab, click Edit, and toggle the key to enable index status. Toggle on Key-Value Index. Click Add to add keys. Select a field type for each key. Currently,
text are supported. The
text type allows you to specify delimiters, which separate a character string into segments. Continuing the above example, enter
hashcode as key-value indexes, and set the field type of
Once the index rule is enabled, indexes will be created for new input data accordingly, and stored over a specified period of time depending on your configured storage cycle. Only logs for which indexes have been created can be queried for analysis. Therefore, modifying an index rule or disabling an index only affects new input data. Unexpired legacy data will still be searchable.
Log in to the CLS console, and click Log Search on the left sidebar to enter the log search page.
Select the time range and log topic before using the search box. The search syntax supports searching by keyword, fuzzy match, and scope. For more information, see Syntax and Rules. Now, click Search Analysis to begin searching for logs.
Sample 1: Querying failure logs
Sample 2: Querying logs of downloaded files over 300 KB
action:download and size>300
CLS can ship logs to Cloud Object Storage (COS) for long-term storage at a low cost. This also enables you to perform big data analysis offline.
To enable log shipping, you need to first create a COS bucket. Next, log in to the CLS console and navigate through the logset management page. Go to the Shipping Configuration tab and click Add Shipping Task to create a shipping task.
Currently, CLS supports shipping in CSV format and JSON format. Once you create a shipping task, CLS asynchronously ships data to the destination bucket. You can view the shipping status by clicking Shipping Task on the left sidebar of the console.