Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris
Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
210
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
390
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
550
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
89
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
540
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
170
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.3k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
500

Other Decks in Programming

See All in Programming
「ElixirでIoT!!」のこれまでとこれから
Avatar for takasehideki takasehideki
0
370
Bytecode Manipulation 으로 생산성 높이기
Avatar for Daekyu bigstark
2
360
deno-redisの紹介とJSRパッケージの運用について (toranoana.deno #21)
Avatar for uki00a uki00a
0
130
既存デザインを変更せずにタップ領域を広げる方法
Avatar for Tiphaine tahia910
1
240
Haskell でアルゴリズムを抽象化する / 関数型言語で競技プログラミング
Avatar for Naoya Ito naoya
17
4.8k
Go Modules: From Basics to Beyond / Go Modulesの基本とその先へ
Avatar for kuro kuro_kurorrr
0
120
Julia という言語について (FP in Julia « SIDE: F ») for 関数型まつり2025
Avatar for GOTOH Shunsuke antimon2
3
970
SODA - FACT BOOK
Avatar for SODA inc. sodainc
1
1.1k
Datadog RUM 本番導入までの道
Avatar for Shintaro Matsumoto shinter61
1
310
カクヨムAndroidアプリのリブート
Avatar for Nabe numeroanddev
0
430
AIネイティブなプロダクトをGolangで挑む取り組み
Avatar for nmatsumoto4 nmatsumoto4
0
120
Select API from Kotlin Coroutine
Avatar for Matsuda Jumpei jmatsu
1
180

Featured

See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.3k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
233
140k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
330
24k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
35
6.7k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
130
19k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
71
4.9k
Building Applications with DynamoDB
Avatar for Matt Wood mza
95
6.5k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.7k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
5.8k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting