Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
180
Jane & Webby
odolbeau
0
370
Translating a monolingual application
odolbeau
2
520
DX: Developer eXperience
odolbeau
1
71
DX: Developer eXperience
odolbeau
1
530
EasyAdminBundle introduction
odolbeau
0
160
REX API Platform
odolbeau
0
1.3k
Features flags at BlaBlaCar
odolbeau
5
1k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
470

Other Decks in Programming

See All in Programming
AWSで雰囲気でつくる! VRChatの写真変換ピタゴラスイッチ
anatofuz
0
110
AHC 044 混合整数計画ソルバー解法
kiri8128
0
320
英語 × の私が、生成AIの力を借りて、OSSに初コントリビュートした話
personabb
0
160
CRE Meetup!ユーザー信頼性を支えるエンジニアリング実践例の発表資料です
tmnb
0
570
アーキテクトと美学 / Architecture and Aesthetics
nrslib
12
3.2k
趣味全開のAITuber開発
kokushin
0
170
SEAL - Dive into the sea of search engines - Symfony Live Berlin 2025
alexanderschranz
1
100
PHPUnit 高速化テクニック / PHPUnit Speedup Techniques
pinkumohikan
1
1.3k
海外のアプリで見かけたかっこいいTransitionを真似てみる
shogotakasaki
1
140
Go1.24で testing.B.Loopが爆誕
kuro_kurorrr
0
170
Coding Experience Cpp vs Csharp - meetup app osaka@9
harukasao
0
610
Do Dumb Things
mitsuhiko
0
380

Featured

See All Featured
RailsConf 2023
tenderlove
29
1k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
360
The Cult of Friendly URLs
andyhume
78
6.3k
Facilitating Awesome Meetings
lara
53
6.3k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
227
22k
The Invisible Side of Design
smashingmag
299
50k
Practical Orchestrator
shlominoach
186
10k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
31
4.8k
For a Future-Friendly Web
brad_frost
176
9.6k
Documentation Writing (for coders)
carmenintech
69
4.7k
Designing Experiences People Love
moore
141
23k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting