Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris
Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
210
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
390
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
540
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
82
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
540
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
170
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.3k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
500

Other Decks in Programming

See All in Programming
ワイがおすすめする新潟の食 / 20250530phpconf-niigata-eve
Avatar for kasacchiful kasacchiful
0
190
ts-morph実践:型を利用するcodemodのテクニック
Avatar for ypresto ypresto
1
540
primeNumberでのRBS導入の現在 && RBS::Traceでinline RBSを拡充してみた
Avatar for Manami Nakamura mnmandahalf
0
250
Interface vs Types ~型推論が過多推論~
Avatar for Hiroki Omote hirokiomote
1
230
ワンバイナリWebサービスのススメ
Avatar for mackee mackee
10
7.4k
External SecretsのさくらProvider初期実装を担当しています
Avatar for logica / Takuto Nagami logica0419
0
240
コードに語らせよう――自己ドキュメント化が内包する楽しさについて / Let the Code Speak
Avatar for nrs nrslib
5
990
クラシルリワードにおける
iOSアプリ開発の取り組み
Avatar for fumito nakazawa funzin
1
810
當開發遇上包裝: AI 如何讓產品從想法變成商品
Avatar for Caesar Chi clonn
0
2.5k
Investigating Multithreaded PostgreSQL
Avatar for Thomas Munro macdice
0
150
TypeScript を活かしてデザインシステム MCP を作る / #tskaigi_after_night
Avatar for Masayuki Izumi izumin5210
4
470
Efficiency and Rock 'n’ Roll (Really!)
Avatar for Holly Cummins hollycummins
0
590

Featured

See All Featured
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
39
1.8k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
32
5.8k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
70k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
180
53k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
46
14k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
172
14k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
69
4.7k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.3k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
5
620
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
34
2.3k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting