SlideShare une entreprise Scribd logo

Developing Highly Instrumented Applications with Minimal Effort

Télécharger en tant que PPTX, PDF
Tim Hobson
Tim Hobson

Presentation from Silicon Valley Code Camp 2013. Related code on github: * https://github.com/hoserdude/mvcmusicstore-instrumented * https://github.com/hoserdude/spring-petclinic-instrumented * https://github.com/hoserdude/nodecellar-instrumented

Technologie
1  sur  30
Developing highly instrumented applications with minimal effort Tim Hobson Principal Engineer, Chief Caffeine Officer - Intuit
About Me 2
Agenda Concepts • Quality Data • Application Instrumentation • Application Logging Theory • Patterns • Supporting Frameworks • Supporting Components Practice • .Net Example • Java Example • Node.js Example GOAL: You should be able to apply this to your application today 3
Concepts
If You Do Nothing… OR 5
There’s No Free Lunch Garbage In, Garbage Out Insight! 6
Quality In, Insight Out Most apps start with only the framework or app server logging (or nothing!) None of the above is interesting to the business or the developer. You can’t get if you don’t give – there are many ways to give, and many classes of data to provide. 7
Classes of System Output System Instrumentation • JMX/WMI/SNMP monitoring • Apache/IIS/nginx access logs App Logging App Instrumentation • • • • • • • • Intentional Business Transactions Overtly triggers alerts Source of business metrics • Aids in troubleshooting failures, bugs Cross-cutting (free) App Activity Passively triggers alerts Source of performance data • Source of usage data 8
Theory and Best Practices
Best Practices (© splunk>) Create human readable events Clearly timestamp events Use key-value pairs Be aware of multi-value fields Log unique identifiers 10
Best Practices (© Tim) Global timestamps (UTC – 2013-08-21 22:43:31,990) Context setting (who/what/where/when/how) Categories/taxonomy (what tier, what component) Timing (time everything!) Security (never log sensitive data: password=***) Consistency in naming – (action=purchase; sale=oct13; productId=123123) – (action=buy; promo=oct13; sku=123123) 11
Example Output Context 2013-08-21 22:55:36,504; LogLevel=INFO; sid=q3prv41kt511vzojytnx1d42; rid=6500583; userLogin=(null); ipAddress=0.0.0.0; thread=249; category=Web.Controllers.BaseWebController; msg=RequestInfo; server=ws001prod; url=https://myapp.com/account/logon; method=GET; languages=en-US,en;q=0.8; referrer=https://myapp.com/members/dashboard; userAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36; userId=123456; controller=Account; action=Logon; Metrics 2013-08-21 22:55:36,519; LogLevel=INFO; sid=q3prv41kt511vzojytnx1d42; rid=6500583; userLogin=(null); ipAddress=0.0.0.0; thread=249; category=TraceInterceptor; timeTracing=Service.Users.GetUser, time=3; 12
Patterns Pipeline – Filter – Interceptor Dependency injection – Proxy Pointcuts/aspects 13
HTTP Pipelines var app = express(); app.use(func1); app.use(func2); app.use(func3); app.use(func4); app.use(func5); app.use(func6); app.use(func7); app.use(func8); app.listen(8080); Java (from Oracle Docs) ASP.Net (from MSFT Docs) 14 express.js
Dependency Injection • Enforces interface-based programming • Forbids circular references • Lends itself to testability • Flexibility in changing implementations • For our purposes: cross-cutting capabilities 15
Intercepting Calls With Dynamic Proxies Interceptor Dependency A Implementation DI Container 16 Interceptor Interceptor Proxy Interceptor Interceptor Interceptor Caller Interceptor Proxy Interceptor Interceptor Proxy Dependency B
Supporting Frameworks The Front Door The Inner Sanctum Annotations & Attributes • ASP.Net Modules/ActionFi lters • Java Servlet Filters/Spring Interceptors • Node.js interceptors • Unity Dynamic Proxies • Spring @AspectJ Pointcuts • JavaScript Mixins • @Instrumentable • [Instrumentable] 17
Supporting Components .Net • Log4Net • NLog Java node.js • LogBack • SLF4J • Log4J 18 • SenchaLabs Connect • Winston
Intervention!
Sample App Intervention 3 Platforms 3 Sample Apps 20 3 Interventions
Goals Leverage an HTTP pipeline for context Leverage aspects for interception Apply best practices Minimize impact on existing code 21
MVC Music Store Intervention (Demo) Missing dependency injection/interception framework: Unity Missing logging library: Log4Net, Buche 1. 2. 3. 4. 5. 6. 7. 8. Add DI framework (Unity) Configure aspects (Interception) Configure controller factory, container locator Set up logger (Log4Net) Configure log pattern and targets (Log4Net.xml) Wire up logging interceptor Wire up LogActionFilter and BaseLoggingController Deploy! 22
Spring Pet Clinic Intervention (Demo) 1. Set up logger a. Configure log pattern (to support context data) b. Configure targets (rotating file) 2. Create LogAspect.java and @Instrumentable attribute a. Capture calling context b. Start/stop timing 3. Create LogInterceptor.java a. Capture request metadata b. Set MDC c. Start/stop timing 4. Configure aspect bean 1. Configure interceptor bean 1. Annotate the methods we care about 23
NodeCellar Intervention (Demo) Missing Interception Framework: Scarlet Missing Logging Library: Winston 1. 2. 3. 4. 5. 6. Set up Scarlet Configure log pattern Configure method interception Create logging interceptor Create LoggingFilter Deploy! 24
Closing Thoughts
Got Log? Now Get Intimate With Your App Ops Dashboards Business Dashboards Quality Assurance Pro-Active Service Degradation Alerting SLA Tracking Security Alerting 2 6 Customer Support Performance Metrics Pre-Release Sanity Testing
Key Takeaways • It is YOUR responsibility as a developer to provide useful operational and business data. • It is not hard, and most of it is for free once you have the patterns in place. • The same patterns and practices can be applied to practically any platform, and any type of application or service. • When you provide consistent and predictable data others can build on your greatness 27
Get the Code @hoserdude Spring Pet Clinic Intervention: https://github.com/hoserdude/spring-petclinic-instrumented MVC Music Store Intervention: https://github.com/hoserdude/mvcmusicstore-instrumented NodeCellar Intervention: https://github.com/hoserdude/nodecellar-instrumented 28
Intuit Speakers @ Silicon Code Camp 2013: SATURDAY 9:45 a.m. - Ramakrishna Kollipara – “Complete Automation of Performance Testing” 1:45 p.m. - Joe Wells - “QBO: Journey From legacy Java app to a Client-side HTML5 app” 3:30 p.m. - Naga Addagadde & Sangeeta Narang – “Intuit APIs for Financial Transaction Aggregation” 5:00 p.m. Ted Drake –“Hitting the Accessibility High Notes with ARIA” SUNDAY 9:15 a.m. - Eugene Krivopaltsev –“Building Native Mobile Apps with Custom Views” 1:15 p.m. - Tim Hobson – “Developing Highly Instrumental Applications with Minimal Effort” For more information about joining our organization visit our booth or connect with our onsite recruiter: Chriscox_recruiter@intuit.com You don't want to miss out on a chance to win this cool headset. Stop by our booth to enter!
THANK YOU Want to talk more? I’ll be at the Intuit booth today 3-5 PM. 30

Recommandé

App Assessments Reloaded
App Assessments ReloadedApp Assessments Reloaded
App Assessments Reloaded
Ernest Mueller
 
AppSec Pipeline - Velcocity NY 2015
AppSec Pipeline - Velcocity NY 2015AppSec Pipeline - Velcocity NY 2015
AppSec Pipeline - Velcocity NY 2015
Matt Tesauro
 
Making security-agile matt-tesauro
Making security-agile matt-tesauroMaking security-agile matt-tesauro
Making security-agile matt-tesauro
Matt Tesauro
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API Security
Matt Tesauro
 
Monitoring your API
Monitoring your APIMonitoring your API
Monitoring your API
Andrés F Vargas
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
Splunk
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development
3scale
 
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Matt Tesauro
 

Recommandé

App Assessments Reloaded
App Assessments ReloadedApp Assessments Reloaded
App Assessments Reloaded
Ernest Mueller
 
AppSec Pipeline - Velcocity NY 2015
AppSec Pipeline - Velcocity NY 2015AppSec Pipeline - Velcocity NY 2015
AppSec Pipeline - Velcocity NY 2015
Matt Tesauro
 
Making security-agile matt-tesauro
Making security-agile matt-tesauroMaking security-agile matt-tesauro
Making security-agile matt-tesauro
Matt Tesauro
 
Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API Security
Matt Tesauro
 
Monitoring your API
Monitoring your APIMonitoring your API
Monitoring your API
Andrés F Vargas
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
Splunk
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development
3scale
 
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Making Continuous Security a Reality with OWASP’s AppSec Pipeline - Matt Tesa...
Matt Tesauro
 
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
Gene Kim
 
Test driven development
Test driven developmentTest driven development
Test driven development
Dennis Ahaus
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP Switzerland
Matt Tesauro
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Matt Tesauro
 
MLconf NYC Josh Wills
MLconf NYC Josh WillsMLconf NYC Josh Wills
MLconf NYC Josh Wills
MLconf
 
Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...
Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...
Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...
Matt Tesauro
 
DevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone AgileDevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone Agile
Matt Tesauro
 
Build Your Open Source Performance Testing Platform in the Cloud
Build Your Open Source Performance Testing Platform in the CloudBuild Your Open Source Performance Testing Platform in the Cloud
Build Your Open Source Performance Testing Platform in the Cloud
TechWell
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.
Matt Tesauro
 
OWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security SanityOWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security Sanity
Matt Tesauro
 
Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec Perspective
Abhay Bhargav
 
Quality Built In @ Spotify
Quality Built In @ SpotifyQuality Built In @ Spotify
Quality Built In @ Spotify
Andrii Dzynia
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Matt Tesauro
 
Dan Cuellar
Dan CuellarDan Cuellar
Dan Cuellar
CodeFest
 
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Matt Tesauro
 
Security with the Speed of Continuous Delivery
Security with the Speed of Continuous DeliverySecurity with the Speed of Continuous Delivery
Security with the Speed of Continuous Delivery
Tapabrata Pal
 
Building a Secure DevOps Pipeline - for your AppSec Program
Building a Secure DevOps Pipeline - for your AppSec Program Building a Secure DevOps Pipeline - for your AppSec Program
Building a Secure DevOps Pipeline - for your AppSec Program
Matt Tesauro
 
DockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is DeadDockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is Dead
Kevin Crawley
 
DevOps Unicorns
DevOps UnicornsDevOps Unicorns
DevOps Unicorns
Matt O'Keefe
 
Building an Open Source AppSec Pipeline
Building an Open Source AppSec PipelineBuilding an Open Source AppSec Pipeline
Building an Open Source AppSec Pipeline
Matt Tesauro
 
A Data Viz Makeover: Approaches for Improving your Visualizations
A Data Viz Makeover: Approaches for Improving your VisualizationsA Data Viz Makeover: Approaches for Improving your Visualizations
A Data Viz Makeover: Approaches for Improving your Visualizations
Amanda Makulec
 
Les enfants intellectuellement précoces - Isabelle Louati
Les enfants intellectuellement précoces - Isabelle LouatiLes enfants intellectuellement précoces - Isabelle Louati
Les enfants intellectuellement précoces - Isabelle Louati
ortie
 

Contenu connexe

Tendances

Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP Switzerland
Matt Tesauro
 
MLconf NYC Josh Wills
MLconf NYC Josh WillsMLconf NYC Josh Wills
MLconf NYC Josh Wills
MLconf
 
Build Your Open Source Performance Testing Platform in the Cloud
Build Your Open Source Performance Testing Platform in the CloudBuild Your Open Source Performance Testing Platform in the Cloud
Build Your Open Source Performance Testing Platform in the Cloud
TechWell
 
Quality Built In @ Spotify
Quality Built In @ SpotifyQuality Built In @ Spotify
Quality Built In @ Spotify
Andrii Dzynia
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Matt Tesauro
 

Tendances (20)

DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOpsDOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
DOES SFO 2016 - Scott Willson - Top 10 Ways to Fail at DevOps
 
Test driven development
Test driven developmentTest driven development
Test driven development
 
Intro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP SwitzerlandIntro to DefectDojo at OWASP Switzerland
Intro to DefectDojo at OWASP Switzerland
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
 
MLconf NYC Josh Wills
MLconf NYC Josh WillsMLconf NYC Josh Wills
MLconf NYC Josh Wills
 
Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...
Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...
Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...
 
DevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone AgileDevOps, CLI, APIs, Oh My! Security Gone Agile
DevOps, CLI, APIs, Oh My! Security Gone Agile
 
Build Your Open Source Performance Testing Platform in the Cloud
Build Your Open Source Performance Testing Platform in the CloudBuild Your Open Source Performance Testing Platform in the Cloud
Build Your Open Source Performance Testing Platform in the Cloud
 
DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.DevSecOps Fundamentals and the Scars to Prove it.
DevSecOps Fundamentals and the Scars to Prove it.
 
OWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security SanityOWASP DefectDojo - Open Source Security Sanity
OWASP DefectDojo - Open Source Security Sanity
 
Merging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec PerspectiveMerging Security with DevOps - An AppSec Perspective
Merging Security with DevOps - An AppSec Perspective
 
Quality Built In @ Spotify
Quality Built In @ SpotifyQuality Built In @ Spotify
Quality Built In @ Spotify
 
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things BetterTaking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
Taking AppSec to 11: AppSec Pipeline, DevOps and Making Things Better
 
Dan Cuellar
Dan CuellarDan Cuellar
Dan Cuellar
 
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
 
Security with the Speed of Continuous Delivery
Security with the Speed of Continuous DeliverySecurity with the Speed of Continuous Delivery
Security with the Speed of Continuous Delivery
 
Building a Secure DevOps Pipeline - for your AppSec Program
Building a Secure DevOps Pipeline - for your AppSec Program Building a Secure DevOps Pipeline - for your AppSec Program
Building a Secure DevOps Pipeline - for your AppSec Program
 
DockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is DeadDockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is Dead
 
DevOps Unicorns
DevOps UnicornsDevOps Unicorns
DevOps Unicorns
 
Building an Open Source AppSec Pipeline
Building an Open Source AppSec PipelineBuilding an Open Source AppSec Pipeline
Building an Open Source AppSec Pipeline
 

En vedette

En vedette (9)

A Data Viz Makeover: Approaches for Improving your Visualizations
A Data Viz Makeover: Approaches for Improving your VisualizationsA Data Viz Makeover: Approaches for Improving your Visualizations
A Data Viz Makeover: Approaches for Improving your Visualizations
 
Les enfants intellectuellement précoces - Isabelle Louati
Les enfants intellectuellement précoces - Isabelle LouatiLes enfants intellectuellement précoces - Isabelle Louati
Les enfants intellectuellement précoces - Isabelle Louati
 
Creative sport
Creative sportCreative sport
Creative sport
 
User Credential handling in Web Applications done right
User Credential handling in Web Applications done rightUser Credential handling in Web Applications done right
User Credential handling in Web Applications done right
 
Principles of Data Visualization
Principles of Data VisualizationPrinciples of Data Visualization
Principles of Data Visualization
 
Cuadernillo de estimulos Wisc-IV Nº 01
Cuadernillo de estimulos Wisc-IV Nº 01Cuadernillo de estimulos Wisc-IV Nº 01
Cuadernillo de estimulos Wisc-IV Nº 01
 
Aplicación, Wisc-IV
Aplicación, Wisc-IVAplicación, Wisc-IV
Aplicación, Wisc-IV
 
WISC IV
WISC IVWISC IV
WISC IV
 
Data Visualization Resource Guide (September 2014)
Data Visualization Resource Guide (September 2014)Data Visualization Resource Guide (September 2014)
Data Visualization Resource Guide (September 2014)
 

Similaire à Developing Highly Instrumented Applications with Minimal Effort

Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
AppDynamics
 
Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...
Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...
Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...
confluent
 
5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test Automation5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test Automation
Sauce Labs
 

Similaire à Developing Highly Instrumented Applications with Minimal Effort (20)

Operating a High Velocity Large Organization with Spring Cloud Microservices
Operating a High Velocity Large Organization with Spring Cloud MicroservicesOperating a High Velocity Large Organization with Spring Cloud Microservices
Operating a High Velocity Large Organization with Spring Cloud Microservices
 
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16
 
Ml based detection of users anomaly activities (20th OWASP Night Tokyo, English)
Ml based detection of users anomaly activities (20th OWASP Night Tokyo, English)Ml based detection of users anomaly activities (20th OWASP Night Tokyo, English)
Ml based detection of users anomaly activities (20th OWASP Night Tokyo, English)
 
Twelve Factor - Designing for Change
Twelve Factor - Designing for ChangeTwelve Factor - Designing for Change
Twelve Factor - Designing for Change
 
Innovate Better Through Machine data Analytics
Innovate Better Through Machine data AnalyticsInnovate Better Through Machine data Analytics
Innovate Better Through Machine data Analytics
 
No Devops Without Continuous Testing
No Devops Without Continuous TestingNo Devops Without Continuous Testing
No Devops Without Continuous Testing
 
Testing for Logic App Solutions | Integration Monday
Testing for Logic App Solutions | Integration MondayTesting for Logic App Solutions | Integration Monday
Testing for Logic App Solutions | Integration Monday
 
Generative AI Application Development using LangChain and LangFlow
Generative AI Application Development using LangChain and LangFlowGenerative AI Application Development using LangChain and LangFlow
Generative AI Application Development using LangChain and LangFlow
 
Elastic-Engineering
Elastic-EngineeringElastic-Engineering
Elastic-Engineering
 
AgileDC15 I'm Using Chef So I'm DevOps Right?
AgileDC15 I'm Using Chef So I'm DevOps Right?AgileDC15 I'm Using Chef So I'm DevOps Right?
AgileDC15 I'm Using Chef So I'm DevOps Right?
 
Listen to Your Machines: DevOps Analytics for Better Feedback Loops
Listen to Your Machines: DevOps Analytics for Better Feedback LoopsListen to Your Machines: DevOps Analytics for Better Feedback Loops
Listen to Your Machines: DevOps Analytics for Better Feedback Loops
 
Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...
Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...
Using Machine Learning to Understand Kafka Runtime Behavior (Shivanath Babu, ...
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
 
Keeping up with PHP
Keeping up with PHPKeeping up with PHP
Keeping up with PHP
 
5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test Automation5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test Automation
 
IW14 Session: webMethods World
IW14 Session: webMethods WorldIW14 Session: webMethods World
IW14 Session: webMethods World
 
DevOps Powered by Splunk
DevOps Powered by SplunkDevOps Powered by Splunk
DevOps Powered by Splunk
 
Devops Powered by Splunk
Devops Powered by SplunkDevops Powered by Splunk
Devops Powered by Splunk
 
DevOps-as-a-Service: Towards Automating the Automation
DevOps-as-a-Service: Towards Automating the AutomationDevOps-as-a-Service: Towards Automating the Automation
DevOps-as-a-Service: Towards Automating the Automation
 
Pivotal korea transformation_strategy_seminar_enterprise_dev_ops_20160630_v1.0
Pivotal korea transformation_strategy_seminar_enterprise_dev_ops_20160630_v1.0Pivotal korea transformation_strategy_seminar_enterprise_dev_ops_20160630_v1.0
Pivotal korea transformation_strategy_seminar_enterprise_dev_ops_20160630_v1.0
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Dernier (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Developing Highly Instrumented Applications with Minimal Effort

  • 1. Developing highly instrumented applications with minimal effort Tim Hobson Principal Engineer, Chief Caffeine Officer - Intuit
  • 3. Agenda Concepts • Quality Data • Application Instrumentation • Application Logging Theory • Patterns • Supporting Frameworks • Supporting Components Practice • .Net Example • Java Example • Node.js Example GOAL: You should be able to apply this to your application today 3
  • 5. If You Do Nothing… OR 5
  • 6. There’s No Free Lunch Garbage In, Garbage Out Insight! 6
  • 7. Quality In, Insight Out Most apps start with only the framework or app server logging (or nothing!) None of the above is interesting to the business or the developer. You can’t get if you don’t give – there are many ways to give, and many classes of data to provide. 7
  • 8. Classes of System Output System Instrumentation • JMX/WMI/SNMP monitoring • Apache/IIS/nginx access logs App Logging App Instrumentation • • • • • • • • Intentional Business Transactions Overtly triggers alerts Source of business metrics • Aids in troubleshooting failures, bugs Cross-cutting (free) App Activity Passively triggers alerts Source of performance data • Source of usage data 8
  • 10. Best Practices (© splunk>) Create human readable events Clearly timestamp events Use key-value pairs Be aware of multi-value fields Log unique identifiers 10
  • 11. Best Practices (© Tim) Global timestamps (UTC – 2013-08-21 22:43:31,990) Context setting (who/what/where/when/how) Categories/taxonomy (what tier, what component) Timing (time everything!) Security (never log sensitive data: password=***) Consistency in naming – (action=purchase; sale=oct13; productId=123123) – (action=buy; promo=oct13; sku=123123) 11
  • 12. Example Output Context 2013-08-21 22:55:36,504; LogLevel=INFO; sid=q3prv41kt511vzojytnx1d42; rid=6500583; userLogin=(null); ipAddress=0.0.0.0; thread=249; category=Web.Controllers.BaseWebController; msg=RequestInfo; server=ws001prod; url=https://myapp.com/account/logon; method=GET; languages=en-US,en;q=0.8; referrer=https://myapp.com/members/dashboard; userAgent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36; userId=123456; controller=Account; action=Logon; Metrics 2013-08-21 22:55:36,519; LogLevel=INFO; sid=q3prv41kt511vzojytnx1d42; rid=6500583; userLogin=(null); ipAddress=0.0.0.0; thread=249; category=TraceInterceptor; timeTracing=Service.Users.GetUser, time=3; 12
  • 13. Patterns Pipeline – Filter – Interceptor Dependency injection – Proxy Pointcuts/aspects 13
  • 14. HTTP Pipelines var app = express(); app.use(func1); app.use(func2); app.use(func3); app.use(func4); app.use(func5); app.use(func6); app.use(func7); app.use(func8); app.listen(8080); Java (from Oracle Docs) ASP.Net (from MSFT Docs) 14 express.js
  • 15. Dependency Injection • Enforces interface-based programming • Forbids circular references • Lends itself to testability • Flexibility in changing implementations • For our purposes: cross-cutting capabilities 15
  • 16. Intercepting Calls With Dynamic Proxies Interceptor Dependency A Implementation DI Container 16 Interceptor Interceptor Proxy Interceptor Interceptor Interceptor Caller Interceptor Proxy Interceptor Interceptor Proxy Dependency B
  • 17. Supporting Frameworks The Front Door The Inner Sanctum Annotations & Attributes • ASP.Net Modules/ActionFi lters • Java Servlet Filters/Spring Interceptors • Node.js interceptors • Unity Dynamic Proxies • Spring @AspectJ Pointcuts • JavaScript Mixins • @Instrumentable • [Instrumentable] 17
  • 18. Supporting Components .Net • Log4Net • NLog Java node.js • LogBack • SLF4J • Log4J 18 • SenchaLabs Connect • Winston
  • 20. Sample App Intervention 3 Platforms 3 Sample Apps 20 3 Interventions
  • 21. Goals Leverage an HTTP pipeline for context Leverage aspects for interception Apply best practices Minimize impact on existing code 21
  • 22. MVC Music Store Intervention (Demo) Missing dependency injection/interception framework: Unity Missing logging library: Log4Net, Buche 1. 2. 3. 4. 5. 6. 7. 8. Add DI framework (Unity) Configure aspects (Interception) Configure controller factory, container locator Set up logger (Log4Net) Configure log pattern and targets (Log4Net.xml) Wire up logging interceptor Wire up LogActionFilter and BaseLoggingController Deploy! 22
  • 23. Spring Pet Clinic Intervention (Demo) 1. Set up logger a. Configure log pattern (to support context data) b. Configure targets (rotating file) 2. Create LogAspect.java and @Instrumentable attribute a. Capture calling context b. Start/stop timing 3. Create LogInterceptor.java a. Capture request metadata b. Set MDC c. Start/stop timing 4. Configure aspect bean 1. Configure interceptor bean 1. Annotate the methods we care about 23
  • 24. NodeCellar Intervention (Demo) Missing Interception Framework: Scarlet Missing Logging Library: Winston 1. 2. 3. 4. 5. 6. Set up Scarlet Configure log pattern Configure method interception Create logging interceptor Create LoggingFilter Deploy! 24
  • 26. Got Log? Now Get Intimate With Your App Ops Dashboards Business Dashboards Quality Assurance Pro-Active Service Degradation Alerting SLA Tracking Security Alerting 2 6 Customer Support Performance Metrics Pre-Release Sanity Testing
  • 27. Key Takeaways • It is YOUR responsibility as a developer to provide useful operational and business data. • It is not hard, and most of it is for free once you have the patterns in place. • The same patterns and practices can be applied to practically any platform, and any type of application or service. • When you provide consistent and predictable data others can build on your greatness 27
  • 28. Get the Code @hoserdude Spring Pet Clinic Intervention: https://github.com/hoserdude/spring-petclinic-instrumented MVC Music Store Intervention: https://github.com/hoserdude/mvcmusicstore-instrumented NodeCellar Intervention: https://github.com/hoserdude/nodecellar-instrumented 28
  • 29. Intuit Speakers @ Silicon Code Camp 2013: SATURDAY 9:45 a.m. - Ramakrishna Kollipara – “Complete Automation of Performance Testing” 1:45 p.m. - Joe Wells - “QBO: Journey From legacy Java app to a Client-side HTML5 app” 3:30 p.m. - Naga Addagadde & Sangeeta Narang – “Intuit APIs for Financial Transaction Aggregation” 5:00 p.m. Ted Drake –“Hitting the Accessibility High Notes with ARIA” SUNDAY 9:15 a.m. - Eugene Krivopaltsev –“Building Native Mobile Apps with Custom Views” 1:15 p.m. - Tim Hobson – “Developing Highly Instrumental Applications with Minimal Effort” For more information about joining our organization visit our booth or connect with our onsite recruiter: Chriscox_recruiter@intuit.com You don't want to miss out on a chance to win this cool headset. Stop by our booth to enter!
  • 30. THANK YOU Want to talk more? I’ll be at the Intuit booth today 3-5 PM. 30

Notes de l'éditeur

  1. Many products promise to provide insights and value from whatever data you throw at them. There’s no doubt they can provide something, but you can’t escape the law of GIGO.
  2. As a result, it’s on you as a developer, product manager and business to care about the data you are creating. This presentation will demonstrate some best practices on how to go about this, regardless of your platform.
  3. Now for some definitions. There is a lot of stuff generated by the system – let’s classify the stuff broadly and narrow on what I am going to be talking about.
  4. Quick review of patterns we’ll use. Interception is the secret sauce here. We want to be able to get in front of every call to every object or component in our system. That lets us see what data is being passed around, who is doing it, and how long it took.
  5. Indent the bullets