$30 off During Our Annual Pro Sale. View Details »

Don't let your log go away

Olivier Dolbeau
March 24, 2015
Programming
1
370

Don't let your log go away

Talk given at Paris Tech Talk MeetUp

Olivier Dolbeau

March 24, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Jane & Webby
odolbeau
0
270
Translating a monolingual application
odolbeau
2
350
DX: Developer eXperience
odolbeau
0
48
DX: Developer eXperience
odolbeau
0
350
EasyAdminBundle introduction
odolbeau
0
120
REX API Platform
odolbeau
0
930
Features flags at BlaBlaCar
odolbeau
4
780
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
1
350
Be gentle with your prod!
odolbeau
1
540

Other Decks in Programming

See All in Programming
B2B SaaSでSpringSecurityによる Roleを用いたユーザー権限設定の 実装について
rakus_dev
1
180
カスタマーサポートの信頼性向上 〜社内ツールにおけるSRE活動〜 - NIFTY Tech Day 2023
niftycorp
0
100
Bun がメジャーリリースされたけど、本当にBun はNode.js に取って代わるのか?をAWS Lambda で検証してみた
smt7174
1
2k
DMMプラットフォームにおけるコード品質を改善する取り組みの理想と現実
pospome
3
1.8k
コンピュータグラフィクスの空
fadis
5
1.2k
Angular 17 - Rainaissance
gregonnet
0
130
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
720
フロントエンドエンジニアも知っておきたい HTTP/3 で変わること
yahiru
17
9.7k
ニジエチューニング2023-12
nijieinfra
0
130
Comment choisir les « bons » composants open source ? (Capitole du Libre 2023)
pylapp
0
100
Modern Java for the Masses! Is Java Still Relevant?
deepu105
1
450
クソアプリを作ってみた💩 / kusojaku
uhooi
0
180

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
688
190k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.4k
Testing 201, or: Great Expectations
jmmastey
26
6.1k
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.7k
Unsuck your backbone
ammeep
660
56k
Become a Pro
speakerdeck
PRO
8
3.6k
How GitHub Uses GitHub to Build GitHub
holman
467
280k
Three Pipe Problems
jasonvnalue
89
9.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
140k
Automating Front-end Workflow
addyosmani
1354
200k
WebSockets: Embracing the real-time Web
robhawkes
58
6.6k

Transcript

  1. DON’T LET YOUR
    LOG GO AWAY
    @odolbeau
    1

    View Slide

  2. WHO AM I?
    Olivier Dolbeau
    @odolbeau
    Work at BlaBlaCar
    2

    View Slide

  3. Log
    3

    View Slide

  4. Which logs
    are we

    talking about?
    4

    View Slide

  5. access logs
    5

    View Slide

  6. syslog
    syslog
    6

    View Slide

  7. application logs
    7

    View Slide

  8. Access
    8

    View Slide

  9. SSH
    9

    View Slide

  10. Analyze
    10

    View Slide

  11. tail
    grep
    cat
    11

    View Slide

  12. This is specific to its access logs
    My roommate uses this to colorise his access logs…
    12

    View Slide

  13. 13

    View Slide

  14. 14

    View Slide

  15. 15

    View Slide

  16. 16

    View Slide

  17. 17

    View Slide

  18. Inputs Filters Outputs
    41 inputs
    • syslog
    • udp
    • varnishlog
    • gelf
    • …
    50 filters
    • date
    • geoip
    • i18n
    • urldecode
    • …
    55 outputs
    • elasticsearch
    • redis
    • email
    • graphite
    • …
    And there are also some codecs
    18

    View Slide

  19. Kibana
    19

    View Slide

  20. 20

    View Slide

  21. ELK
    21

    View Slide

  22. 22

    View Slide

  23. syslog
    syslog
    23

    View Slide

  24. 24

    View Slide

  25. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat
    25

    View Slide

  26. input {
    udp {
    port => 514
    type => syslog
    }
    }
    Logstash - Input
    26

    View Slide

  27. filter {
    if [type] == "syslog" {
    grok {
    match => [ "message", "<%{POSINT:syslog_pri}>%
    {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %
    {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %
    {GREEDYDATA:syslog_message}" ]
    add_field => [ "received_at", "%{@timestamp}" ]
    add_field => [ "received_from", "%{host}" ]
    add_tag => [ "rsyslog" ]
    }
    }
    }
    Logstash - Filter
    27

    View Slide

  28. output {
    elasticsearch_http {
    host => “my_es.blablacar.com”
    port => 9200
    index => "logstashv1-%{+YYYY.MM.dd}"
    manage_template => false
    }
    }
    Logstash - Output
    28

    View Slide

  29. 29

    View Slide

  30. syslog
    30

    View Slide

  31. 31

    View Slide

  32. 32

    View Slide

  33. View Slide