Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Don't let your log go away

418997665c4a3368515ecf9c3d746b95?s=47 Olivier Dolbeau
March 24, 2015
Programming
1
330

Don't let your log go away

Talk given at Paris Tech Talk MeetUp

418997665c4a3368515ecf9c3d746b95?s=128

Olivier Dolbeau

March 24, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
160
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
2
300
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
35
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
270
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
72
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
0
660
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
4
670
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
300
418997665c4a3368515ecf9c3d746b95?s=48 odolbeau
1
360

Other Decks in Programming

See All in Programming
7850a83d81b034248782d63e7dcf7974?s=48 tatsuya4451
0
470
1a1d418bdf51cbf8fce1317f6c80a907?s=48 satoshi0212
3
120
0227f6274b8a6cce078d7f8a91460c41?s=48 eminetto
0
170
585b6bd646ae00cd1025309c912d922f?s=48 saten
5
420
E37b4344ef4bfd0fc4826c04971e54fb?s=48 nrslib
0
130
E505897a79eede1a676f92740261e8f8?s=48 kubode
1
250
583e920a7e9238a1c21e923025f8f641?s=48 elainenaomi
4
150
Af64bc38c0ffcfcabdf430759ee491ce?s=48 lovee
0
180
23a9ea59992e5349aa4bf659a6d583d3?s=48 nanashiki
1
400
A2cd163fd3cfca5204b0d8f0c17eea29?s=48 yujif
2
110
44f37c1fe3a6a56376bb41a338741355?s=48 ring
1
110
422d6810de47c88b0df5132771e67b81?s=48 michaeldyrynda
0
190

Featured

See All Featured
9128d500301ae51524e887bb680f471d?s=48 caitiem20
314
18k
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
482
150k
828ace851b606e1206900f26459f55ad?s=48 speakerdeck
PRO
0
300
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
235
18k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
260
20k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
54k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
287
47k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1352
200k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
16
870
24fc194843a71f10949be18d5a692682?s=48 gr2m
86
11k
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
96
3.3k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.6k

Transcript

  1. DON’T LET YOUR LOG GO AWAY @odolbeau 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. Log 3

  4. Which logs are we
 talking about? 4

  5. access logs 5

  6. syslog syslog 6

  7. application logs 7

  8. Access 8

  9. SSH 9

  10. Analyze 10

  11. tail grep cat 11

  12. This is specific to its access logs My roommate uses

    this to colorise his access logs… 12

  13. 13

  14. 14

  15. 15

  16. 16

  17. 17

  18. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 18

  19. Kibana 19

  20. 20

  21. ELK 21

  22. 22

  23. syslog syslog 23

  24. 24

  25. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 25

  26. input { udp { port => 514 type => syslog

    } } Logstash - Input 26

  27. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 27

  28. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 28

  29. 29

  30. syslog 30

  31. 31

  32. 32

  33. None