Monitoring System 0.1.0
System resource monitoring with pluggable collectors and alerting
Loading...
Searching...
No Matches
logger_system_collector.h
Go to the documentation of this file.
1// BSD 3-Clause License
2// Copyright (c) 2021-2025, 🍀☀🌕🌥 🌊
3// See the LICENSE file in the project root for full license information.
4
12#pragma once
13
14#include <algorithm>
15#include <atomic>
16#include <chrono>
17#include <deque>
18#include <functional>
19#include <map>
20#include <memory>
21#include <mutex>
22#include <numeric>
23#include <optional>
24#include <string>
25#include <unordered_map>
26#include <utility>
27#include <vector>
28
29#include "../adapters/logger_adapters.h"
30#include "../core/event_bus.h"
31#include "../core/event_types.h"
32#include "../plugins/collector_plugin.h"
33
34namespace kcenon { namespace monitoring {
35
39enum class log_level {
40 trace,
41 debug,
42 info,
43 warning,
44 error,
45 critical,
46 fatal
47};
48
52struct logging_stats {
53 // Log volume metrics
54 size_t total_log_count{0};
55 size_t logs_per_second{0};
56 std::unordered_map<log_level, size_t> logs_by_level;
57
58 // Buffer metrics
59 size_t buffer_size_bytes{0};
60 size_t buffer_capacity_bytes{0};
61 double buffer_usage_percent{0.0};
62 size_t dropped_logs{0};
63
64 // Performance metrics
65 double average_log_latency_us{0.0};
66 double max_log_latency_us{0.0};
67 double min_log_latency_us{0.0};
68
69 // File I/O metrics
70 size_t files_open{0};
71 size_t total_bytes_written{0};
72 size_t write_operations{0};
73 double average_write_size_bytes{0.0};
74
75 // Error metrics
76 size_t write_errors{0};
77 size_t format_errors{0};
78 size_t rotation_errors{0};
79
80 // Log rotation metrics
81 size_t rotations_performed{0};
82 size_t archived_files{0};
83 size_t total_archive_size_bytes{0};
84};
85
89struct log_pattern_analysis {
90 struct pattern {
91 std::string regex;
92 size_t occurrences{0};
93 double frequency_per_minute{0.0};
94 log_level most_common_level{log_level::info};
95 std::vector<std::string> sample_messages;
96 };
97
98 std::vector<pattern> detected_patterns;
99 std::unordered_map<std::string, size_t> error_categories;
100 std::unordered_map<std::string, size_t> component_frequencies;
101 std::chrono::steady_clock::time_point analysis_time;
102};
103
108class logger_system_collector : public collector_plugin {
109 public:
110 logger_system_collector();
111 ~logger_system_collector() override;
112
113 // collector_plugin implementation
114 auto name() const -> std::string_view override { return "logger_system"; }
115 auto collect() -> std::vector<metric> override;
116 auto interval() const -> std::chrono::milliseconds override { return std::chrono::seconds(10); }
117 auto is_available() const -> bool override { return true; }
118 auto get_metric_types() const -> std::vector<std::string> override;
119
120 auto get_metadata() const -> plugin_metadata override {
121 return plugin_metadata{
122 .name = name(),
123 .description = "Logger system metrics and log pattern analysis",
124 .category = plugin_category::system,
125 .version = "1.0.0",
126 .dependencies = {},
127 .requires_platform_support = false
128 };
129 }
130
131 auto initialize(const config_map& config) -> bool override;
132 void shutdown() override {}
133 auto get_statistics() const -> stats_map override;
134
139 void set_logger_system_adapter(std::shared_ptr<logger_system_adapter> adapter);
140
146 void register_log_source(const std::string& source_name,
147 std::function<logging_stats()> stats_provider);
148
153 void unregister_log_source(const std::string& source_name);
154
160 std::optional<logging_stats> get_source_stats(const std::string& source_name) const;
161
167 void set_pattern_analysis(bool enable, size_t sample_size = 1000);
168
173 std::optional<log_pattern_analysis> get_pattern_analysis() const;
174
179 void set_level_distribution_tracking(bool enable);
180
186 std::unordered_map<log_level, size_t> get_level_distribution(size_t window_seconds = 60) const;
187
188 private:
189 // Logger system integration
190 std::shared_ptr<logger_system_adapter> logger_adapter_;
191 std::shared_ptr<event_bus> event_bus_;
192
193 // Log source monitoring
194 mutable std::mutex sources_mutex_;
195 std::unordered_map<std::string, std::function<logging_stats()>> source_providers_;
196 std::unordered_map<std::string, logging_stats> last_source_stats_;
197
198 // Configuration
199 bool enable_pattern_analysis_{false};
200 size_t pattern_sample_size_{1000};
201 bool track_level_distribution_{true};
202 bool use_event_bus_{true};
203
204 // Pattern analysis
205 mutable std::mutex pattern_mutex_;
206 log_pattern_analysis last_pattern_analysis_;
207 std::chrono::steady_clock::time_point last_analysis_time_;
208
209 // Level distribution tracking
210 struct level_entry {
211 log_level level;
212 std::chrono::steady_clock::time_point timestamp;
213 };
214 mutable std::mutex distribution_mutex_;
215 std::deque<level_entry> level_history_;
216 const size_t max_history_size_{10000};
217
218 // Statistics tracking
219 mutable std::mutex stats_mutex_;
220 std::atomic<size_t> collection_count_{0};
221 std::atomic<size_t> collection_errors_{0};
222 std::atomic<bool> is_healthy_{true};
223 std::chrono::steady_clock::time_point init_time_;
224
225 // Performance tracking
226 struct throughput_tracker {
227 std::chrono::steady_clock::time_point window_start;
228 size_t logs_in_window{0};
229 double current_throughput{0.0};
230 };
231 std::unordered_map<std::string, throughput_tracker> throughput_trackers_;
232
233 // Helper methods
234 std::vector<metric> collect_from_adapter();
235 std::vector<metric> collect_from_sources();
236 void add_source_metrics(std::vector<metric>& metrics, const std::string& source_name,
237 const logging_stats& stats);
238 void perform_pattern_analysis();
239 void update_level_distribution(const logging_stats& stats);
240 void update_throughput_tracking(const std::string& source_name, const logging_stats& stats);
241 metric create_metric(const std::string& name, double value, const std::string& source_name,
242 const std::string& unit = "") const;
243 void subscribe_to_events();
244 void handle_logging_event(const logging_metric_event& event);
245};
246
251class log_anomaly_detector {
252 public:
253 enum class anomaly_type {
254 volume_spike,
255 volume_drop,
256 error_spike,
257 new_error_pattern,
258 unusual_pattern,
259 performance_degradation
260 };
261
262 struct anomaly {
263 anomaly_type type;
264 std::string description;
265 double severity_score{0.0}; // 0.0 to 1.0
266 std::unordered_map<std::string, std::string> details;
267 std::chrono::steady_clock::time_point detected_at;
268 };
269
270 struct detection_config {
271 // Volume thresholds
272 double volume_spike_threshold{2.0}; // 2x normal volume
273 double volume_drop_threshold{0.1}; // 10% of normal volume
274 size_t volume_window_seconds{300}; // 5 minute window
275
276 // Error thresholds
277 double error_spike_threshold{3.0}; // 3x normal error rate
278 size_t error_window_seconds{60}; // 1 minute window
279
280 // Pattern detection
281 bool enable_pattern_detection{true};
282 double pattern_confidence_threshold{0.8};
283
284 // Performance thresholds
285 double latency_spike_threshold{2.0}; // 2x normal latency
286 };
287
288 explicit log_anomaly_detector(const detection_config& config = {});
289
296 std::vector<anomaly> detect_anomalies(const logging_stats& stats, const std::string& source_name);
297
303 void train(const logging_stats& stats, const std::string& source_name);
304
309 void update_config(const detection_config& config);
310
315 detection_config get_config() const;
316
323 std::vector<anomaly> get_anomaly_history(const std::optional<std::string>& source_name = std::nullopt,
324 size_t max_count = 100) const;
325
329 void reset();
330
331 private:
332 mutable std::mutex config_mutex_;
333 detection_config config_;
334
335 // Training data
336 struct baseline_stats {
337 double average_volume{0.0};
338 double volume_std_dev{0.0};
339 double average_error_rate{0.0};
340 double error_rate_std_dev{0.0};
341 double average_latency{0.0};
342 double latency_std_dev{0.0};
343 size_t sample_count{0};
344 };
345 mutable std::mutex baseline_mutex_;
346 std::unordered_map<std::string, baseline_stats> baselines_;
347
348 // Historical data for trend analysis
349 struct historical_point {
350 logging_stats stats;
351 std::chrono::steady_clock::time_point timestamp;
352 };
353 mutable std::mutex history_mutex_;
354 std::unordered_map<std::string, std::deque<historical_point>> source_histories_;
355 const size_t max_history_points_{1000};
356
357 // Anomaly history
358 std::vector<anomaly> anomaly_history_;
359 const size_t max_anomaly_history_{1000};
360
361 // Detection methods
362 void detect_volume_anomalies(std::vector<anomaly>& anomalies, const logging_stats& stats,
363 const std::string& source_name);
364 void detect_error_anomalies(std::vector<anomaly>& anomalies, const logging_stats& stats,
365 const std::string& source_name);
366 void detect_performance_anomalies(std::vector<anomaly>& anomalies, const logging_stats& stats,
367 const std::string& source_name);
368 void update_baseline(baseline_stats& baseline, const logging_stats& stats);
369 double calculate_zscore(double value, double mean, double std_dev) const;
370};
371
376class log_storage_optimizer {
377 public:
378 struct storage_config {
379 // Retention policies
380 std::unordered_map<log_level, std::chrono::hours> retention_by_level{
381 {log_level::trace, std::chrono::hours(1)},
382 {log_level::debug, std::chrono::hours(24)},
383 {log_level::info, std::chrono::hours(24 * 7)},
384 {log_level::warning, std::chrono::hours(24 * 30)},
385 {log_level::error, std::chrono::hours(24 * 90)},
386 {log_level::critical, std::chrono::hours(24 * 365)},
387 {log_level::fatal, std::chrono::hours(24 * 365)}
388 };
389
390 // Compression settings
391 bool enable_compression{true};
392 size_t compression_threshold_bytes{1024 * 1024}; // 1MB
393 std::string compression_algorithm{"gzip"};
394
395 // Archival settings
396 bool enable_archival{true};
397 std::chrono::hours archive_after_hours{24};
398 std::string archive_location{"/var/log/archive"};
399
400 // Storage limits
401 size_t max_storage_bytes{1024 * 1024 * 1024}; // 1GB
402 double storage_warn_threshold{0.8}; // 80% full
403 };
404
405 struct optimization_recommendation {
406 std::string action;
407 std::string reason;
408 double expected_savings_bytes{0.0};
409 double priority_score{0.0}; // 0.0 to 1.0
410 };
411
412 explicit log_storage_optimizer(const storage_config& config = {});
413
419 std::vector<optimization_recommendation> analyze_storage(const logging_stats& stats);
420
427 std::unordered_map<log_level, std::chrono::hours> calculate_optimal_retention(
428 const std::unordered_map<log_level, size_t>& level_distribution,
429 size_t available_storage);
430
437 size_t estimate_storage_requirements(const logging_stats& stats, size_t forecast_days);
438
443 void update_config(const storage_config& config);
444
449 storage_config get_config() const;
450
451 private:
452 mutable std::mutex config_mutex_;
453 storage_config config_;
454
455 double calculate_compression_ratio(const logging_stats& stats) const;
456 size_t calculate_retention_size(log_level level, size_t daily_volume, std::chrono::hours retention) const;
457 double calculate_priority_score(size_t savings_bytes, double urgency) const;
458};
459
460} // namespace monitoring_system
collector_plugin.h
Plugin interface for metric collectors.
event_bus.h
Lightweight event bus implementation for monitoring system.
event_types.h
Common event type definitions for monitoring system.
logger_adapters.h
Consolidated logger system adapters for monitoring_system.
kcenon::monitoring::compression_algorithm
compression_algorithm
Compression algorithms.
Definition storage_backends.h:46
kcenon::monitoring::alert_severity::warning
@ warning
Warning condition, may require attention.
kcenon::monitoring::alert_severity::info
@ info
Informational, no action required.