7.7. hdfs: Storing messages on the Hadoop Distributed File System (HDFS)
Starting with version 3.7, syslog-ng OSE can send plain-text log files to the Hadoop Distributed File System (HDFS), allowing you to store your log data on a distributed, scalable file system. This is especially useful if you have huge amounts of log messages that would be difficult to store otherwise, or if you want to process your messages using Hadoop tools (for example, Apache Pig).
For more information about the benefits of using syslog-ng as a data collection, processing, and filtering tool in a Hadoop environment, see the blog post Filling your data lake with log messages: the syslog-ng Hadoop (HDFS) destination.
Note the following limitations when using the syslog-ng OSE
This destination is only supported on the Linux platform.
Since syslog-ng OSE uses the official Java HDFS client, the
hdfsdestination has significant memory usage (about 400MB).
You cannot set when log messages are flushed. Hadoop performs this action automatically, depending on its configured block size, and the amount of data received. There is no way for the syslog-ng OSE application to influence when the messages are actually written to disk. This means that syslog-ng OSE cannot guarantee that a message sent to HDFS is actually written to disk. When using flow-control, syslog-ng OSE acknowledges a message as written to disk when it passes the message to the HDFS client. This method is as reliable as your HDFS environment.
The log messages of the underlying client libraries are available in the
internal()source of syslog-ng OSE.
@module mod-java @include "scl.conf" hdfs( client-lib-dir("/opt/syslog-ng/lib/syslog-ng/java-modules/:<path-to-preinstalled-hadoop-libraries>") hdfs-uri("hdfs://NameNode:8020") hdfs-file("<path-to-logfile>") );
To install the software required for the
hdfsdestination, see Procedure 7.7.1, Prerequisites.
For details on how the
hdfsdestination works, see Procedure 7.7.2, How syslog-ng OSE interacts with HDFS.
For details on using MapR-FS, see Procedure 7.7.3, Storing messages with MapR-FS.
For details on using Kerberos authentication, see Section 7.7.4, Kerberos authentication with syslog-ng hdfs() destination.
For the list of options, see Section 7.7.5, HDFS destination options.
hdfs() driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of syslog-ng OSE. For details on using or writing such configuration snippets, see Section 5.6.2, Reusing configuration blocks. You can find the source of the hdfs configuration snippet on GitHub. For details on extending syslog-ng OSE in Java, see the Getting started with syslog-ng development guide.