Don't let your log go away

418997665c4a3368515ecf9c3d746b95?s=47 Olivier Dolbeau
March 24, 2015
Programming
1
320

Don't let your log go away

Talk given at Paris Tech Talk MeetUp

418997665c4a3368515ecf9c3d746b95?s=128

Olivier Dolbeau

March 24, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
2
270
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
28
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
230
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
52
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
570
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
4
620
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
280
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
310
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
1k

Other Decks in Programming

See All in Programming
6afbe110d33ef7e859fb8649b86bae55?s=48 mashabow
0
630
E0e036f89c14b3e59640318eedf9670b?s=48 bkuhlmann
4
220
19d7ae634445d4bd9b10c7961a462260?s=48 shu223
9
1.8k
6d64a4d4ab6201f2ce57e3befc687785?s=48 yoshi0202
0
130
249b3122eee454c0a818bfe7851418e4?s=48 fromkk
7
470
519926f648b84bb74100d160af98d974?s=48 leandrocp
0
160
0620564f0125b8b3b7f4fe40c10b8b4e?s=48 tattn
0
3.9k
953d2907b80dd5955c561d695ea9a494?s=48 kazumanagano
1
260
4ccaadf34668c439a607c8b6083ba3b2?s=48 peaceiris
0
340
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
2
370
83722380372c00bd75ac920f2089f6aa?s=48 zacky1972
1
160
0aa238a274c2397214b20d6eed58939b?s=48 moomooya
2
400

Featured

See All Featured
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
6
640
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
222
46k
245cee81a9c424266e5e401d844ea881?s=48 lara
589
60k
A0517b08532aec8ab2aae3f65d40ad86?s=48 hannesfritz
26
870
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
100
11k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
202
35k
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
113
7k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
274
31k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
5
140
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
145
12k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
70
3.5k

Transcript

  1. DON’T LET YOUR LOG GO AWAY @odolbeau 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. Log 3

  4. Which logs are we
 talking about? 4

  5. access logs 5

  6. syslog syslog 6

  7. application logs 7

  8. Access 8

  9. SSH 9

  10. Analyze 10

  11. tail grep cat 11

  12. This is specific to its access logs My roommate uses

    this to colorise his access logs… 12

  13. 13

  14. 14

  15. 15

  16. 16

  17. 17

  18. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 18

  19. Kibana 19

  20. 20

  21. ELK 21

  22. 22

  23. syslog syslog 23

  24. 24

  25. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 25

  26. input { udp { port => 514 type => syslog

    } } Logstash - Input 26

  27. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 27

  28. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 28

  29. 29

  30. syslog 30

  31. 31

  32. 32

  33. None