Log Operation -今あるログと向き合う- / phpconfuk2019

ࠓ͋Δϩάͱ޲͖߹͏
খࢁ݈Ұ࿠(.01FQBCP *OD
1)1ΧϯϑΝϨϯε෱Ԭ
-PH0QFSBUJPO

View Slide

IUUQTHJUIVCDPNL-P8
ϓϦϯγύϧΤϯδχΞ
খࢁ݈Ұ࿠!L-P8
ϗεςΟϯάࣄۀ෦ϗεςΟϯάάϧʔϓϚωʔδυΫϥ΢υνʔϜ

View Slide

w UCMTJTB$*'SJFOEMZUPPMGPSEPDVNFOU
BEBUBCBTF XSJUUFOJO(P
w σʔλϕʔεʹ઀ଓͯ͠υΩϡϝϯτΛੜ
੒ͯ͘͠ΕΔίϚϯυϥΠϯπʔϧ
w 1PTUHSF42-.Z42-42-JUF42-
4FSWFS#JH2VFSZ"NB[PO3FETIJGU
w IUUQTHJUIVCDPNL-P8UCMT

View Slide

View Slide

wϨϯλϧαʔόͷΑ͏ʹߏஙɾӡ༻͕Ϛωʔδυͳ
wΦʔτεέʔϧػೳ΋͋Δ
wΩϟογϡػೳ΋͋Δ
wϗεςΟϯάαʔϏε
ͲΜͳαʔϏε

View Slide

IUUQTTQFBLFSEFDLDPNLMPXMPMJQPQNBOBHFEDMPVEJTOPUGBBT
ٕज़తͳ͓࿩͸ͪ͜Β

View Slide

View Slide

ϩά

View Slide

σʔλϩάཤྺɺ৘ใΛه࿥ʹ
࢒͢͜ͱɻ·ͨɺͦͷه࿥ࣗମΛ
ࢦ͢ɻ
8JLJQFEJB

View Slide

w 1)1ΞϓϦέʔγϣϯ
w 8FC%#ͷγϯϓϧͳߏ੒
w -".1-"11
w "84
w ϏδωεϩδοΫ෦෼͕ൺֱత೉͠Ί
w ҙࣝΛूத͢Δ΂͖Օॴ
ࠓ·Ͱ

View Slide

w ϕΞϝλϧɺ0QFO4UBDLɺ,VCFSOFUFTΫϥελ/&8
w Ϣʔβ͕ૢ࡞͢ΔμογϡϘʔυ
w /VYU1PTUHSF42- )"

w ϢʔβͷαΠτΛϗετ͢ΔϗεςΟϯάྖҬ
w OHY@NSVCZ(P1PTUHSF42- )"

w Ϣʔβʹఏڙ͢Δ.Z42-
w ͦͷଞɺΩϟογϡαʔόɺϩʔυόϥϯαɺϦόʔεϓϩΩγɺόο
ναʔόɺ"$.&δϣϒΩϡʔγεςϜɺετϨʔδδϣϒΩϡʔγ
εςϜ
w $POTVM)BTIJ$PSQ7BVMU
w FUDFUDFUD
w
ϚωʔδυΫϥ΢υ

View Slide

w αʔϏεΛߏ੒͢Δཁૉʢαʔό΍ϛυϧ΢ΣΞʣͷछྨ͕૿͑ͨ
w 8FCΞϓϦέʔγϣϯͱ%#ͱ8FCαʔόछྨͮͭɺͰ͸ͳ͘ෳ
਺
w αʔϏεΛߏ੒͢Δཁૉͷ਺͕૿͑ͨ
w ୯७ʹ਺͕૿͑ͨ
w αʔϏεΛར༻͢ΔϢʔβ͕૿͑ͨ
w αʔϏεͱͯ͠ͷఏڙ
શ͘ҟͳΔಛੑͷγεςϜʹରͯ͠ɺࠓ·Ͱͱಉ͡Α͏ͳϩάͱͷ޲
͖߹͍ํΛͨ݁͠Ռɺ·ͬͨ͘໾ʹཱͨͳ͍ঢ়گ͕ൃੜ
Կ͕ҧ͏ͷ͔

View Slide

τϥϒϧγϡʔτͱϩά

View Slide

ো֐ʹؔ܎ͷ͋Γͦ͏ͳϩάΛݟ͚ͭΔɾूΊΔ
ϩά͔Βো֐ͷݪҼΛಡΈղ͘
͜ͷ͚ͭͩ
αʔϏεʹো֐͕ൃੜͨ͠Β

View Slide

͜ͷ͚ͭͩɺ͔͠͠೉͍͠

View Slide

w Ͳ͜ʹϩά͕͋Δͷ͔
w ͦ΋ͦ΋ͲͷαʔόͰԿ͕ಈ͍͍ͯͯͲΜͳϩάΛు͍͍ͯΔͷ͔ɺ
γεςϜͷߏ੒Λ೺Ѳ͓ͯ͘͠ඞཁ͕͋Δ
w ౰વͱ͍͑͹౰વ
w ϩʔϧͱͯ͠΋Λ௒͓͑ͯΓɺDPOTVMED΋ෳ਺ɺDPOTVM
NFNCFST֬ೝ͢Δͱۙ͘ͷαʔόʢΠϯελϯεʣ͕͋Δ
w ͞Βʹ֤ϩʔϧ্Ͱϛυϧ΢ΣΞ΍ΞϓϦͱ͍ͬͨίϯϙʔωϯ
τ͕Ҏ্Քಇ͍ͯ͠Δ
w શͯͷ׬શʹ೺Ѳ͓ͯ͘͠ͷ͕೉͍͠
ϩάΛݟ͚ͭΔ೉͠͞

View Slide

w γεςϜ͸ͭͷαʔόͰಈ͍͍ͯΔΘ͚Ͱ͸ͳ͍ɻͦΕͧΕ͕࿈ܞ
͍ͯ͠Δɻ
w ඞཁͳϩά͸Ͳͷϩʔϧ·Ͱ
w ৑௕ߏ੒ͷ৔߹ɺඞཁͳϩά͸Ͳ͜ʹ͋Δͷ͔
w .BTUFS4MBWFߏ੒ͩͱࠓͲ͕ͬͪ.BTUFS
w ෳ਺୆ʹϩʔυόϥϯγϯά͞Ε͍ͯΔߏ੒ͩͱɺશͯͷϩάΛ
ू໿͢Δඞཁ͕͋Δ
w ୆ʹϩʔυόϥϯγϯά͞ΕͯΕ͹ɺͭͷϖʔδΛදࣔ͢Δ
ҝͷϦΫΤετ͸୆ʹ෼ࢄ
ϩάΛूΊΔ೉͠͞

View Slide

w ༷ʑͳϑΥʔϚοτͰग़ྗ͞Ε͍ͯΔ
w */'0΋8"3/΋&33΋ಉ͡ϩάϑΝΠϧʹ͋Δ͜ͱ΋͋Δ͠෼͔Ε
͍ͯΔ͜ͱ΋͋Δ
w ௨ৗΛ஌Βͳ͍ͱҟৗ͕Θ͔Βͳ͍
w αʔϏεΛߏ੒͢Δίϯϙʔωϯτͷछྨͷ෼͚ͩ͋Δ
ϩάΛಡΈղ͘೉͠͞

View Slide

Ͳ͏ཱͪ޲͔͏ͷ͔

View Slide

ٕܳ

View Slide

w ·ͣΞϥʔτͷ͋ͬͨαʔόΛΈΔɻΞϥʔτͷͳ͍ো֐ͷ৔߹͸
ͦͷಛੑ͔Βؔ܎͕͋Γͦ͏ͳαʔόΛΈΔ
w Ξϥʔτ࣌ࠁ෇ۙɺো֐ൃੜ࣌ࠁ෇ۙͷWBSMPHTZTMPH͔ΒΈΔ
w TZTUFNEͰ؅ཧ͞Ε͍ͯΔϓϩηεͷTUEPVUTUEJO͸େ఍TZTMPH
ʹू໿͞Ε͍ͯΔ͔Β
w 4UBOEBSE0VUQVUTZTMPH4UBOEBSE&SSPSTZTMPH
w TZTMPH
͕͋Δ͔Βྺ࢙తʹTZTMPHʹूத͢Δʁ
w ͋ͱ͸ͦͷͱ͖ͷঢ়گͰҧ͏͠ɺਓͦΕͧΕελΠϧ͕ҧ͏
۩ମతʹʢνʔϜϝϯόʔʹฉ͍ͯΈ·ͨ͠ʣ

View Slide

ਓͦΕͧΕͰελΠϧ͕ҧ͏

View Slide

΢ΣϒΦϖϨʔγϣϯ͸ٕܳͰ͋ΓɺՊֶͰ͸ͳ͍ɻਖ਼نͷֶߍڭҭɾ
ࢿ֨ɾඪ४͸ গͳ͘ͱ΋ࠓ͸·ͩ
ͳ͍ɻզʑͷ΍͍ͬͯΔ͜ͱ͸ɺֶ
शʹ΋शಘʹ΋͕͔͔࣌ؒΓɺͦͷޙ΋ࣗ෼ࣗ਎ͷελΠϧΛ໛ࡧ͠ͳ
͚Ε͹ͳΒͳ͍୅෺Ͱ͋Δɻʮਖ਼͍͠ํ๏ʯ͸Ͳ͜ʹ΋ଘࡏ͠ͳ͍ɻͦ
͜ʹ͋Δͷ͸ɺ ͱΓ͋͑ͣࠓ͸
͏·͍͘͘ͱ͍͏ࣄ࣮ͱɺ࣍͸΋ͬͱ
ྑ͘͢Δͱ͍͏֮ޛ͚ͩͩɻ
l΢ΣϒΦϖϨʔγϣϯαΠτӡ༻؅ཧͷ࣮ફςΫχοΫz·͕͖͑ΑΓ

View Slide

ٕܳ͸ඞཁ
͔ٕ͚ܳͩ͠͠Ͱ͸πϥ͍
े෼ͳٕܳͷशಘ·Ͱπϥ͍

View Slide

ٕܳΛίʔυͰϘτϜΞοϓ

View Slide

ϩάΛݟ͚ͭΔɾूΊΔ

View Slide

IUUQTTQFBLFSEFDLDPNQZBNBBOGBMTF[IPOHEFKJOLBGLBHBXBORVBOOJSFJ
େ౷Ұϩάج൫ʢ,BGLB(SBZMPHʣ

View Slide

w εΩʔϚΛఆ͓ٛͯ͘͜͠ͱͰɺαʔό΁ͷࣄલΠϯετʔϧͳ͠
ʹɺෳ਺ͷαʔόͷϩάΛͭʹू໿͠ɺ࣌ܥྻʹอଘͨ͠ΓɺϦΞ
ϧλΠϜʹUBJMͨ͠Γ͢Δπʔϧ
w 44)ϩʔΧϧϑΝΠϧ,VCFSOFUFTͷϩάΛಁաతʹू໿Մೳ
w IUUQTHJUIVCDPNL-P8IBSWFTU
)BSWFTU

View Slide

ϩάΛಡΈղ͘

View Slide

IUUQTTQFBLFSEFDLDPNQZBNBXB[VIXPMJZPOHTJUBEBUPOHTBCBKJBODIBKJQBO
8B[VI

View Slide

w ֤αʔόͷओཁͳϩάΛ-PHDPMMFDUPS͕ऩू͠ɺBHFOUܦ༝Ͱ8B[VITFSWFS
ʹసૹ
w 8B[VITFSWFS͕ύλʔϯϚονʹΑΓϩάΛࣗಈͰಡΈղ͖ɺϨϕϧʹԠͯ͡
௨஌
w ීஈಡΜͰ͍ͳ͍ϩάΛ୅ΘΓʹಡΜͰҟৗΛڭ͑ͯ͘ΕΔ
w ྫ͑͹TZTUFNEͰ؅ཧ͞Εͨ3FTUBSUPOGBJMVSFͳϓϩηεͷ࠶ىಈͳͲ
w BVEJUMPH΍BVUIMPHͳͲॏཁ͚ͩΕͲ΋Θ͔Γʹ͍͘ϩά΋ಡΈղ͍ͯ͘Ε
Δ
w ಠࣗͷϧʔϧ΋؆୯ʹઃఆՄೳ
w IUUQTHJUIVCDPNXB[VIXB[VISVMFTFU
-PHDPMMFDUPS

View Slide

ϝτϦΫεͱͯ͠ͷϩά

View Slide

w ੜͷϩά͔ΒϝτϦΫεɺ͍ΘΏΔ਺஋ͷ৘ใΛऔಘ͢Δͱ͍͏Ξ
ϓϩʔν
ϝτϦΫεͱͯ͠ͷϩά
k1low@webproxy:~# cat /var/log/nginx/access-443.log | awk
'{ i=substr($4, 6, 14);arr[i]++ }END{for(z in arr){ print z,":
",arr[z] } }' | sort
19/Jan/2019:00 : 14957
19/Jan/2019:01 : 58690
19/Jan/2019:02 : 109914
19/Jan/2019:03 : 133299
19/Jan/2019:04 : 156445
19/Jan/2019:05 : 6126
19/Jan/2019:06 : 8578
19/Jan/2019:07 : 13158
19/Jan/2019:08 : 20153
19/Jan/2019:15 : 27856
19/Jan/2019:16 : 27041
19/Jan/2019:17 : 29583

View Slide

w UBJM͍ͯ͠ΔϩάͳͲΛඪ४ೖྗܦ༝ͰϦΞϧλΠϜʹ୯Ґ࣌ؒ୯Ґ
ߦͰूܭͳͲ͕Ͱ͖ΔίϚϯυ
w ྫ͑͹ඵ͝ͱͷΞΫηε਺
w IUUQTHJUIVCDPNL-P8FWSZ
FWSZ
# tail -F /var/log/nginx/access-443.log | evry -s 10 -- wc -l

View Slide

w ೚ҙͷϩάΛUBJMͭͭ͠ɺઃఆ͞Εͨ%4-ʹैͬͯϩάΛύʔεͯ͠
ूܭɺϝτϦΫεΛੜ੒͢Δπʔϧ
w IUUQTHJUIVCDPNHPPHMFNUBJM
w 1SPNFUIFVTͷ&YQPSUFSͱͯ͠΋ػೳ͢Δ
w ϚωʔδυΫϥ΢υͰ͸/(*/9ͷϩά͔Β֤ϗετͷϦΫΤετ਺
΍ϦΫΤεταΠζͷऔಘͳͲʹར༻
NUBJM

View Slide

ϩάΛ࡞Δ

View Slide

w 5$1ύέοτΛղੳͯ͠ߏ଄ԽϩάͰμϯϓ͢Δπʔϧ
w 1PTUHSF42-.Z42-ʹରԠʢ3%#.4ઐ༻ͷͭ΋Γ͸ͳ͍ʣ
w IUUQTHJUIVCDPNL-P8UDQEQ
w ΞϓϦέʔγϣϯͱ3%#.4ͷؒͷ5$1ύέοτΛΩϟϓνϟͯ͠Ϋ
ΤϦΛߏ଄Խϩάͱͯ͠औಘ͢Δ͜ͱ͕Մೳ
w ύέοτΛΩϟϓνϟ͢Δ͚ͩͳͷͰɺಋೖ΋ఫڈ΋༰қ
w ࢲ͸׳Ε͍ͯͳ͍03.ͷΫΤϦϩά͸UDQEQͰݟͨΓ͠·͢
w ߏ଄Խϩάʢ+40/-547ʣͰͷग़ྗΛ͢ΔͷͰػցతʹ࢖͍΍͍͢
UDQEQ

View Slide

w Կ͔࡞ۀΛ࣮ࢪ͢Δͱ͖ɺ4MBDL΍(JU)VC*TTVFʹϩάΛ࢒͢จԽ
͕͋Δ
w ࣮ߦͨ͠ίϚϯυͱͦͷ݁Ռ
w ͦͷͱ͖ߟ͑ͨ͜ͱ
w ࡞ۀͷྲྀΕ΍ίϚϯυ͸ܦݧ΍ٕܳͷܧঝʹͭͳ͕͍ͬͯΔ
w ߟ͑ͨ͜ͱ͕ॻ͍ͯ͋ΔͱपΓͷΤϯδχΞ͕ඇಉظʹΞυόΠε͠
΍͍͢
w ূ੻ͱͳΔ
w ͜Ε͸ͲΕ͘Β͍Ұൠతʁ✋
ΦϖϨʔγϣϯͷϩάΛ࢒͢

View Slide

ϩά͔ΒίʔυΛಡΉ

View Slide

w 8B[VIBHFOU͕z"HFOUFWFOURVFVFJTqPPEFEzͱΤϥʔϩ
άΛग़͍ͯͨ͠
w BHFOU͕8B[VITFSWFSʹૹΔΠϕϯτͷྔ͕૿͍͑ͯΔͷ͸Θ͔ͬ
͕ͨԿͷΠϕϯτͳͷ͔͸શ͘Θ͔Βͳ͔ͬͨ
w ݪҼͷΠϕϯτΛಛఆ͢ΔͨΊʹɺΤϥʔϩάग़ྗ࣌ࠁ෇ۙͰԿͷϓ
ϩηε͕ಈ͍͍ͯΔ͔֬ೝͯ͠ΈͨΓɺଞͷϩάͱͷ૬ؔΛௐ΂ͯ
ΈͨΓͨ͠
ಛఆͰ్͖ͣํʹ͘Ε͍ͯͨʜ
ϩά͚ͩͩͱݫ͍͠

View Slide

8B[VIBHFOUࣗલͰϏϧυͯ͠
σόοάίʔυࠩ͠ࠐΊ͹
͍͍Μ͡Όͳ͍͔͢Ͷ
!QZBNB

View Slide

View Slide

8B[VI͸044

View Slide

IUUQTHJUIVCDPNXB[VIXB[VIͰ͓΋ΉΖʹz"HFOUFWFOU
RVFVFJTqPPEFEzͰݕࡧ
'-00%&%@#6''&3Ͱఆٛ͞Ε͍ͯͨͷͰࠓ౓
͸z'-00%&%@#6''&3zͰݕࡧ
ಛఆͷؔ਺ʹͨͲΓண͘ɻ$͸ॻ͚ͳ͍͕ϓϩάϥϚͳͷͰɺงғ
ؾͰॲཧΛ௥͏ɻ
ΠϕϯτΛड͚औΔؔ਺ͱϩάΛग़ྗ͍ͯ͠Δؔ਺͕Θ͔ͬͨͷ
ͰɺงғؾͰશͯͷΠϕϯτΛϩάʹग़ྗ͢ΔΑ͏ʹߦ௥Ճͯ͠
ΈΔ
Ϗϧυ
όΠφϦΛஔ͖׵͑ɻ࣮ߦɻ
ϩάͷ৘ใΛى఺ʹίʔυΛಡΉ

View Slide

ݪҼ͕Θ͔ͬͨͧ

View Slide

w Α͘ߟ͑ΔͱݪҼͷղܾํ๏͸ͨͩͷQSJOUσόοά
w 1)1ΞϓϦέʔγϣϯͳΒઈର΍͍ͬͯͨͷʹͳͥͦͷ
ࢥߟʹ͍ͨΒͳ͔ͬͨͷ͔ʁ
w ར༻͍ͯ͠Δ044ΛʮΦʔϓϯͳιϑτ΢ΣΞ 0T4
ʯ
ͱΈΔ͔ʮΦʔϓϯͳιʔείʔυ 04T
ʯͱΈΔ͔
w ࢹ࠲ͷҧ͍
w ͍͍ܦݧʹͳͬͨ
044Λ0T4ͱΈΔ͔04TͱΈΔ͔

View Slide

·ͱΊ

View Slide

wϩάʹ·ͭΘΔ༷ʑͳΞϓϩʔνΛ঺հͨ͠
wϩά͔ΒޮՌతʹ৘ใΛऔಘ͢Δ͜ͱͰɺ೔ʑ
ͷΦϖϨʔγϣϯʹඞཁͳ৘ใྔ͸૿͑Δ
wϩάΛى఺ʹ
w·ͣ͸ࠓ͋ΔϩάΛಡΉͱ͜Ζ͔Β
·ͱΊ

View Slide

5IBOLZPV
࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU

View Slide

Log Operation -今あるログと向き合う- / phpconfuk2019

Log Operation -今あるログと向き合う- / phpconfuk2019

Ken’ichiro Oyama

More Decks by Ken’ichiro Oyama

Other Decks in Technology

Featured

Transcript