Don't let your log go away

418997665c4a3368515ecf9c3d746b95?s=47 Olivier Dolbeau
March 24, 2015
Programming
1
320

Don't let your log go away

Talk given at Paris Tech Talk MeetUp

418997665c4a3368515ecf9c3d746b95?s=128

Olivier Dolbeau

March 24, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
110
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
2
280
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
29
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
250
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
54
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
590
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
4
630
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
290
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
310

Other Decks in Programming

See All in Programming
35761e3936deba2f8189c2d20982c771?s=48 getify
1
550
774a937b74096e82576b37678d00aeca?s=48 kishino
1
110
7c9b8b368924556d8642bdaed3ded1f5?s=48 danilop
1
240
275e91e7de0d6321f3759c2d0789c6d2?s=48 amaltson
2
240
9178046d79f7b01ec590297c019fdd56?s=48 nagworld
1
220
62340514ee3033d54d79c9e7a3db68d5?s=48 kazutomo
0
830
15217910de00471b472fecae440c6daf?s=48 ditn
2
410
4578d99b560b2a470e05288ef6766ac2?s=48 paulk
0
650
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
1
130
7f68f5f85f4a39df7d8d3c81cbbfb788?s=48 p1ass
0
120
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
0
110
Eb44761e0fb3a5ec8e23ec28048dd7a5?s=48 stoitsev
1
120

Featured

See All Featured
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
114
7k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
436
28k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
195
15k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
494
110k
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
12
4k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
585
200k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
87
3.2k
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
251
11k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
186
14k
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
56
6.2k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
651
110k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
12
900

Transcript

  1. DON’T LET YOUR LOG GO AWAY @odolbeau 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. Log 3

  4. Which logs are we
 talking about? 4

  5. access logs 5

  6. syslog syslog 6

  7. application logs 7

  8. Access 8

  9. SSH 9

  10. Analyze 10

  11. tail grep cat 11

  12. This is specific to its access logs My roommate uses

    this to colorise his access logs… 12

  13. 13

  14. 14

  15. 15

  16. 16

  17. 17

  18. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 18

  19. Kibana 19

  20. 20

  21. ELK 21

  22. 22

  23. syslog syslog 23

  24. 24

  25. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 25

  26. input { udp { port => 514 type => syslog

    } } Logstash - Input 26

  27. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 27

  28. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 28

  29. 29

  30. syslog 30

  31. 31

  32. 32

  33. None