Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
3k
1

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
300
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
490
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
680
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
130
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
580
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
220
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
660

Other Decks in Programming

See All in Programming
VueエンジニアがReactを触って感じた_設計の違い
Avatar for kouki.miura koukimiura
0
180
アーキテクチャモダナイゼーションとは何か
Avatar for nwiizo nwiizo
19
5.4k
tRPCの概要と少しだけパフォーマンス
Avatar for Keigo Ebihara misoton665
2
220
事業会社でのセキュリティ長期インターンについて
Avatar for inlet-back masachikaura
0
260
書籍「ユーザーストーリーマッピング」が私のバイブル
Avatar for asumikam asumikam
4
400
属人化しないコード品質の作り方_2026.04.07.pdf
Avatar for Masaki Murano muraaano
0
230
AIを導入する前にやるべきこと
Avatar for Negima negima
2
120
PCOVから学ぶコードカバレッジ #phpcon_odawara
Avatar for hideki kinjyo o0h
PRO
0
280
iOS機能開発のAI環境と起きた変化
Avatar for Ryu-nakayama ryunakayama
0
190
「話せることがない」を乗り越える 〜日常業務から登壇テーマをつくる思考法〜
Avatar for ShoheiMitani shoheimitani
4
850
Surviving Black Friday: 329 billion requests with Falcon!
Avatar for Samuel Williams ioquatix
0
740
Claude CodeでETLジョブ実行テストを自動化してみた
Avatar for yoshiki kasama yoshikikasama
0
630

Featured

See All Featured
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Navigating Team Friction
Avatar for Lara Hogan lara
192
16k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
160
The Director’s Chair: Orchestrating AI for Truly Effective Learning
Avatar for Mike Taylor tmiket
1
150
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
1
3.1M
AI in Enterprises - Java and Open Source to the Rescue
Avatar for ivargrimstad ivargrimstad
0
1.2k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
Avatar for David Carrasco davidcarrasco
0
120
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
250
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
1
100
Leadership Guide Workshop - DevTernity 2021
Avatar for David Neal reverentgeek
1
270
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
31
3.2k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting