Talk given at Paris Tech Talk MeetUp
DON’T LET YOURLOG GO AWAY@odolbeau1
View Slide
WHO AM I?Olivier Dolbeau@odolbeauWork at BlaBlaCar2
Log3
Which logsare we talking about?4
access logs5
syslogsyslog6
application logs7
Access8
SSH9
Analyze10
tailgrepcat11
This is specific to its access logsMy roommate uses this to colorise his access logs…12
13
14
15
16
17
Inputs Filters Outputs41 inputs• syslog• udp• varnishlog• gelf• …50 filters• date• geoip• i18n• urldecode• …55 outputs• elasticsearch• redis• email• graphite• …And there are also some codecs18
Kibana19
20
ELK21
22
syslogsyslog23
24
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat25
input {udp {port => 514type => syslog}}Logstash - Input26
filter {if [type] == "syslog" {grok {match => [ "message", "%{TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ]add_field => [ "received_at", "%{@timestamp}" ]add_field => [ "received_from", "%{host}" ]add_tag => [ "rsyslog" ]}}}Logstash - Filter27
output {elasticsearch_http {host => “my_es.blablacar.com”port => 9200index => "logstashv1-%{+YYYY.MM.dd}"manage_template => false}}Logstash - Output28
29
syslog30
31
32
odolbeau
speed1313
mrstsgk
usualoma
lemolatoon
hcrane
alli83
mot_techtalk
77web
star_zero
cocoeyes02
terukinakano
leichteckig
quramy
afnizarnur
geeforr
mojombo
marktimemedia
bkeepers
bryan
holman
jlugia
zenorocha
jonyablonski
colly