Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Don't let your log go away

418997665c4a3368515ecf9c3d746b95?s=47 Olivier Dolbeau
March 24, 2015
Programming
1
330

Don't let your log go away

Talk given at Paris Tech Talk MeetUp

418997665c4a3368515ecf9c3d746b95?s=128

Olivier Dolbeau

March 24, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
130
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
2
290
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
35
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
260
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
62
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
620
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
4
660
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
290
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
320

Other Decks in Programming

See All in Programming
744f1c2c6cbea2ff5104b0ac512936bd?s=48 hpgrahsl
0
100
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
170
Bbb17eeeecd3d9d06f4db310ab630a12?s=48 borkdude
1
210
Fc358d63dcdcbad7a5c29198785dec2c?s=48 naototty
1
220
7975b9fd58c8945ae1c6b38747de7f28?s=48 line_developers_tw2
0
290
942bb606679caf4c57b38927f83178e1?s=48 qsona
26
6.5k
85d7f0ae00c0cf1092dffcec966e3ae9?s=48 mattak
26
15k
0ed10d1154c696886ca483fe827cb299?s=48 thatjeffsmith
0
130
A760a90c9afd981004343b9861f1e8b4?s=48 daipresents
12
4.6k
4b071f90c5d9c0a58e2d9076460b7be4?s=48 ne_sachirou
0
440
7b606c5039f083d13e2d2320ce6ddcfa?s=48 dqneo
0
180
9d974d9df914b4540ae8febc6cb89f02?s=48 tiking76
1
140

Featured

See All Featured
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
146
12k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
262
11k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
146
20k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
257
20k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
7
830
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
28
1.1k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
267
17k
B47b288784fda77a94aeb234ca743c24?s=48 keavy
108
14k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
298
40k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
86
8.7k
11c84dff30266b907714802088852677?s=48 jasonvnalue
82
8.2k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k

Transcript

  1. DON’T LET YOUR LOG GO AWAY @odolbeau 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. Log 3

  4. Which logs are we
 talking about? 4

  5. access logs 5

  6. syslog syslog 6

  7. application logs 7

  8. Access 8

  9. SSH 9

  10. Analyze 10

  11. tail grep cat 11

  12. This is specific to its access logs My roommate uses

    this to colorise his access logs… 12

  13. 13

  14. 14

  15. 15

  16. 16

  17. 17

  18. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 18

  19. Kibana 19

  20. 20

  21. ELK 21

  22. 22

  23. syslog syslog 23

  24. 24

  25. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 25

  26. input { udp { port => 514 type => syslog

    } } Logstash - Input 26

  27. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 27

  28. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 28

  29. 29

  30. syslog 30

  31. 31

  32. 32

  33. None