Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Olivier Dolbeau
April 09, 2015
Programming
1
2.8k

Logs hunting

Talk given at sfLive 2015 Paris

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
0
82
Jane & Webby
odolbeau
0
310
Translating a monolingual application
odolbeau
2
460
DX: Developer eXperience
odolbeau
0
56
DX: Developer eXperience
odolbeau
0
450
EasyAdminBundle introduction
odolbeau
0
150
REX API Platform
odolbeau
0
1.2k
Features flags at BlaBlaCar
odolbeau
4
940
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
1
430

Other Decks in Programming

See All in Programming
Hotwire or React? ~アフタートーク・本編に含めなかった話~ / Hotwire or React? after talk
harunatsujita
1
120
CSC509 Lecture 13
javiergs
PRO
0
110
광고 소재 심사 과정에 AI를 도입하여 광고 서비스 생산성 향상시키기
kakao
PRO
0
170
初めてDefinitelyTypedにPRを出した話
syumai
0
420
OSSで起業してもうすぐ10年 / Open Source Conference 2024 Shimane
furukawayasuto
0
110
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
3
700
CSC509 Lecture 12
javiergs
PRO
0
160
アジャイルを支えるテストアーキテクチャ設計/Test Architecting for Agile
goyoki
9
3.3k
Remix on Hono on Cloudflare Workers
yusukebe
1
300
subpath importsで始めるモック生活
10tera
0
320
ヤプリ新卒SREの オンボーディング
masaki12
0
130
Better Code Design in PHP
afilina
PRO
0
130

Featured

See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
110
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
Art, The Web, and Tiny UX
lynnandtonic
297
20k
Navigating Team Friction
lara
183
14k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Building an army of robots
kneath
302
43k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Gamification - CAS2011
davidbonilla
80
5k
The Invisible Side of Design
smashingmag
298
50k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting