Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
2.9k
1

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
300
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
480
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
680
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
120
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
580
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
220
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
660

Other Decks in Programming

See All in Programming
レガシーPHP転生 〜父がドメインエキスパートだったのでDDD+Claude Codeでチート開発します〜
Avatar for panda_program panda_program
0
210
Symfonyの特性(設計思想)を手軽に活かす特性(trait)
Avatar for ICKX ickx
0
120
AWS re:Invent 2025の少し振り返り + DevOps AgentとBacklogを連携させてみた
Avatar for Satoshi Kaneyasu satoshi256kbyte
2
140
条件判定に名前、つけてますか? #phperkaigi #c
Avatar for Hiromi Hishida 77web
2
940
PHPで TLSのプロトコルを実装してみるをもう一度しゃべりたい
Avatar for higaki higaki_program
0
170
Java 21/25 Virtual Threads 소개
Avatar for Sunghyouk Bae (Debop) debop
0
320
今からFlash開発できるわけないじゃん、ムリムリ! (※ムリじゃなかった!?)
Avatar for Sora Arakawa arkw
0
180
年間50登壇、単著出版、雑誌寄稿、Podcast出演、YouTube、CM、カンファレンス主催……全部やってみたので面白さ等を比較してみよう / I’ve tried them all, so let’s compare how interesting they are.
Avatar for nrs nrslib
4
690
GoのDB アクセスにおける 「型安全」と「柔軟性」の両立 - Bob という選択肢
Avatar for tak tak848
0
310
テレメトリーシグナルが導くパフォーマンス最適化 / Performance Optimization Driven by Telemetry Signals
Avatar for shiro seike seike460
PRO
2
220
一度始めたらやめられない開発効率向上術 / Findy あなたのdotfilesを教えて!
Avatar for Takashi Kokubun k0kubun
4
2.8k
Coding at the Speed of Thought: The New Era of Symfony Docker
Avatar for Kévin Dunglas dunglas
0
4.5k

Featured

See All Featured
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
174
15k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
2
920
First, design no harm
Avatar for Per Axbom axbom
PRO
2
1.2k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
Avatar for Sophie Logan marketingsoph
0
120
New Earth Scene 8
Avatar for Sydney Stone popppiees
2
2k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
55
8.1k
HDC tutorial
Avatar for Michiel Stock michielstock
1
600
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
Avatar for Andy Polaine apolaine
0
260
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
61k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
225
10k
Reality Check: Gamification 10 Years Later
Avatar for Sebastian Deterding codingconduct
0
2.1k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting