Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Don't let your log go away

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Olivier Dolbeau Olivier Dolbeau
March 24, 2015
Programming
510
1

Don't let your log go away

Talk given at Paris Tech Talk MeetUp

Avatar for Olivier Dolbeau

Olivier Dolbeau

March 24, 2015

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
310
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
500
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
690
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
130
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
580
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
240
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
680

Other Decks in Programming

See All in Programming
Hunting Vulnerabilities in Symfony with LLMs
Avatar for Vincent Amstoutz vinceamstoutz
0
540
生成AI時代にこそ効くGo | Why Go Works in the Age of Generative AI
Avatar for mom0tomo mom0tomo
8
3.2k
jQueryをバージョンアップする前に使いたいjQuery Migrate
Avatar for Atsushi Matsuo matsuo_atsushi
0
320
AI 時代のソフトウェア設計の学び方
Avatar for 増田 亨 masuda220
PRO
29
12k
AutonomyとControlのあいだ:Graflowで記述するAIエージェント協調
Avatar for Makoto Yui myui
0
120
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
Avatar for Manfred Steyer manfredsteyer
PRO
0
110
New "Type" system on PicoRuby
Avatar for pocke pocke
1
840
コンテキストの使い捨てをやめる — ビジネスルール駆動開発と miko —
Avatar for ioki ioki
0
190
Snowflake Summitでの新機能 CoCo / CoWork / snowflake-summit-2026-overall-what-new-coco
Avatar for Tatsuhiro tatsuhiro
1
110
Spec Driven Development | AI Summit Lisbon
Avatar for Daniel Sogl danielsogl
PRO
0
180
TAKTでAI駆動開発の品質を設計する
Avatar for かとじゅん j5ik2o
6
1.2k
例外の正しい扱い方 そのエラー try-catchして大丈夫?
Avatar for Watanabe Jin jinwatanabe
0
220

Featured

See All Featured
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
240
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5.1k
WCS-LA-2024
Avatar for Leonardo Collado-Torres lcolladotor
0
630
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon Słowik szymonslowik
1
330
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
11
38k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
270
14k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
408
66k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
960
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
120k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
180
Efficient Content Optimization with Google Search Console & Apps Script
Avatar for Katarina Dahlin katarinadahlin
PRO
1
610

Transcript

  1. DON’T LET YOUR LOG GO AWAY @odolbeau 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. Log 3

  4. Which logs are we
 talking about? 4

  5. access logs 5

  6. syslog syslog 6

  7. application logs 7

  8. Access 8

  9. SSH 9

  10. Analyze 10

  11. tail grep cat 11

  12. This is specific to its access logs My roommate uses

    this to colorise his access logs… 12

  13. 13

  14. 14

  15. 15

  16. 16

  17. 17

  18. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 18

  19. Kibana 19

  20. 20

  21. ELK 21

  22. 22

  23. syslog syslog 23

  24. 24

  25. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 25

  26. input { udp { port => 514 type => syslog

    } } Logstash - Input 26

  27. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 27

  28. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 28

  29. 29

  30. syslog 30

  31. 31

  32. 32

  33. None