![]() What if a process is configured to send to the wrong one? What if there's a protocol mismatch? What if there's accidentally a new firewall rule in place? Using an intermediary doesn't allow us to know that something between the target daemon and the intermediary is broken. "How many messages have I pushed?" "How many message errors?" "How many message retries?" Whatever you need in order to keep track of things at a per-process level. In the Prometheus monitoring world, we scrape a simple http endpoint to collect simple metrics about the internal state of a process. How do I know that it's able to send push messages to the remote collector? How do I know it's operating correctly? In order to have good monitoring, you need to check the health state of each process.įor example, I know I have osqueryd installed on a host. Not totally sure though, if there’s a common export endpoint, it might be pretty small work to create a log plugin that can push data to it. While I can imagine writing queries that produced output that more closely matches prometheus, I think it’s a fairly small niche.īoth of these issues may be better solved by using an intermediary to handle the log ingest, and then export to prometheus. But osquery generates something closer to json logs. I think of prometheus as something like a straight metrics system. That creates a host of security problems. We are generally going to be very hesitant to move osquery to a listening daemon. Osquery generally follows a push model, vs prometheuses pull model. In contrast, osquery operates on a push model, and what it pushes is pretty arbitrary json.įirst, the push vs pull one. Endpoints track metrics, generally simple numbers. I think this is an interesting thing to explore, but I see some bit question to resolve first. ![]() I wanted to put a couple of thoughts down.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |