Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Don't let your log go away

418997665c4a3368515ecf9c3d746b95?s=47 Olivier Dolbeau
March 24, 2015
Programming
1
330

Don't let your log go away

Talk given at Paris Tech Talk MeetUp

418997665c4a3368515ecf9c3d746b95?s=128

Olivier Dolbeau

March 24, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
180
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
2
310
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
40
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
290
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
80
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
710
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
4
690
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
310
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
400

Other Decks in Programming

See All in Programming
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
0
140
Af64bc38c0ffcfcabdf430759ee491ce?s=48 lovee
4
220
249b3122eee454c0a818bfe7851418e4?s=48 fromkk
0
880
E10ba38646a905c8cd2c893c84d5c520?s=48 suzushin54
0
280
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
13
15k
37388695483b7c7d355cd9a9dc04281e?s=48 srea
1
220
B3f560d34c14a9113e5024bc34ac26a0?s=48 heyitsmohit
1
160
Ae763d151aeee101b40ae10cc13ebe63?s=48 maroon1st
0
390
7fccfb690a818ed2f3a15fc21d426d5a?s=48 texmeijin
1
110
4bcb32bcb73d1ead993a6ad55b189e9e?s=48 rluisr
1
130
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
PRO
0
110
E35f18d9e5584b48a7cf5550f905522f?s=48 zntfdr
2
330

Featured

See All Featured
A0517b08532aec8ab2aae3f65d40ad86?s=48 hannesfritz
32
1.2k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
303
40k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
342
16k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
499
110k
245cee81a9c424266e5e401d844ea881?s=48 lara
27
3.7k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.8k
A9704266587836f7e784235e5073b93e?s=48 jmmastey
21
5.3k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
14
1.2k
0fe2973fa8d27d96547e43322341183a?s=48 swwweet
212
7.3k
72a2082c6a4dd79ad68befb3db911616?s=48 mraible
PRO
8
3.9k
E9221b172e78e888355fa2fe4541b595?s=48 mclloyd
7
8k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
73
4k

Transcript

  1. DON’T LET YOUR LOG GO AWAY @odolbeau 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. Log 3

  4. Which logs are we
 talking about? 4

  5. access logs 5

  6. syslog syslog 6

  7. application logs 7

  8. Access 8

  9. SSH 9

  10. Analyze 10

  11. tail grep cat 11

  12. This is specific to its access logs My roommate uses

    this to colorise his access logs… 12

  13. 13

  14. 14

  15. 15

  16. 16

  17. 17

  18. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 18

  19. Kibana 19

  20. 20

  21. ELK 21

  22. 22

  23. syslog syslog 23

  24. 24

  25. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 25

  26. input { udp { port => 514 type => syslog

    } } Logstash - Input 26

  27. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 27

  28. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 28

  29. 29

  30. syslog 30

  31. 31

  32. 32

  33. None