Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
3k
1

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
310
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
490
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
690
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
130
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
580
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
230
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
670

Other Decks in Programming

See All in Programming
柔軟なPDFレイアウトエディタを支える型システム設計 — Discriminated UnionとConditional Typeの実践
Avatar for minako-ph minako__ph
1
160
検索設計から
推論設計への重心移動と
Recall-First Retrieval
Avatar for po3rin po3rin
5
1.7k
tsserverとは何だったのか_これからどうなるのか
Avatar for Ryota Nakamura nowaki28
0
120
AWSはOSSをどのように 考えているのか?
Avatar for アキキー | Akihisa Ikeda akihisaikeda
0
120
AI時代になぜ書くのか
Avatar for Mutz mutsumix
0
420
When benchmarks go bad - what I learned from measuring performance wrong
Avatar for Holly Cummins hollycummins
0
390
1人1案件のプロダクトエンジニア時代に、"プロセス監督"としてチャレンジしたこと
Avatar for のんちゃん non0113
0
110
AI時代のエンジニアリングの原則 / Engineering Principles in the AI ​​Era
Avatar for haru860 haru860
0
1.3k
iOS26時代の新規アプリ開発
Avatar for 野瀬田 裕樹 yuukiw00w
0
140
Agent Skills を社内で育てる仕組み作り
Avatar for jackchuka jackchuka
1
2.1k
Sans tests, vos agents ne sont pas fiables
Avatar for Nathan Abondance nabondance
0
140
AI Agent と正しく分析するための環境作り
Avatar for yosh_yumyum yoshyum
2
530

Featured

See All Featured
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
390
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
57
14k
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
190
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
1
120
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1033
470k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
10k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
71k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
35k
Color Theory Basics | Prateek | Gurzu
Avatar for Gurzu gurzu
0
310
Tips & Tricks on How to Get Your First Job In Tech
Avatar for Honza Javorek honzajavorek
1
510

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting