Distributed Hayabusa: Scalable Syslog Search Engine Optimized for Time-Dimensional Search

Proceedings of the 15th Asian Internet Engineering Conference Pub Date : 2019-08-07 DOI:10.1145/3340422.3343636

Hiroshi Abe, K. Shima, Daisuke Miyamoto, Y. Sekiya, Tomohiro Ishihara, Kazuya Okada, Ryo Nakamura, S. Matsuura

{"title":"Distributed Hayabusa: Scalable Syslog Search Engine Optimized for Time-Dimensional Search","authors":"Hiroshi Abe, K. Shima, Daisuke Miyamoto, Y. Sekiya, Tomohiro Ishihara, Kazuya Okada, Ryo Nakamura, S. Matsuura","doi":"10.1145/3340422.3343636","DOIUrl":null,"url":null,"abstract":"Network administrators usually collect and store logs generated by servers, networks, and security appliances so that when network trouble and/or security incidents occur, they can identify the source of the problem by investigating the contents of the logs. The size of the system needed to store and search the log messages tends to increase as the size of the managed network becomes large. A fast log storage and search system called Hayabusa was previously proposed that optimizes a time-dimensional search operation. In this paper, we propose a simple distributed system that adds scalability to the existing Hayabusa system. The evaluation results show that the Distributed Hayabusa system consisting of 10 servers (with multiple worker processes on each server) is 36 times faster than a standalone Hayabusa system. The time required to perform a full-text search over 14.4 billion data records is only about 7 s, which is sufficiently low for the daily operations of administrators managing a very-large-scale network.","PeriodicalId":206077,"journal":{"name":"Proceedings of the 15th Asian Internet Engineering Conference","volume":"397 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th Asian Internet Engineering Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3340422.3343636","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Network administrators usually collect and store logs generated by servers, networks, and security appliances so that when network trouble and/or security incidents occur, they can identify the source of the problem by investigating the contents of the logs. The size of the system needed to store and search the log messages tends to increase as the size of the managed network becomes large. A fast log storage and search system called Hayabusa was previously proposed that optimizes a time-dimensional search operation. In this paper, we propose a simple distributed system that adds scalability to the existing Hayabusa system. The evaluation results show that the Distributed Hayabusa system consisting of 10 servers (with multiple worker processes on each server) is 36 times faster than a standalone Hayabusa system. The time required to perform a full-text search over 14.4 billion data records is only about 7 s, which is sufficiently low for the daily operations of administrators managing a very-large-scale network.

查看原文本刊更多论文

分布式隼鸟:可扩展的Syslog搜索引擎优化的时间维搜索

网络管理员通常收集和存储服务器、网络和安全设备生成的日志，以便在发生网络故障和/或安全事件时，通过调查日志内容来确定问题的根源。存储和搜索日志消息所需的系统大小往往会随着所管理网络的规模变大而增加。一种名为隼鸟的快速日志存储和搜索系统先前被提出，它优化了时间维度的搜索操作。在本文中，我们提出了一个简单的分布式系统，为现有的Hayabusa系统增加了可扩展性。评估结果表明，由10个服务器组成的分布式隼鸟系统(每个服务器上有多个工作进程)比单独的隼鸟系统快36倍。对144亿条数据记录进行全文搜索所需的时间仅为7秒左右，这对于管理超大规模网络的管理员的日常操作来说已经足够低了。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 15th Asian Internet Engineering Conference

自引率

0.00%

发文量