Laisse pas trainer ton log !

LAISSE PAS TRAINER
TON LOG
@odolbeau
1

View Slide

WHO AM I?
Olivier Dolbeau
@odolbeau
Work at BlaBlaCar
2

View Slide

3

View Slide

Logﬁle
4

View Slide

–Wikipedia
“In computing, a logﬁle (or simply log) is a ﬁle that
records either the events which happen while an
operating system or other software runs, […].”
5

View Slide

–Wikipedia
“In computing, a logﬁle (or simply log) is a ﬁle that
records either the events which happen while an
operating system or other software runs, […].”
6

View Slide

Which logs
are we 
talking about?
7

View Slide

access logs
8

View Slide

syslog
syslog
9

View Slide

application logs
10

View Slide

Access
11

View Slide

SSH
12

View Slide

Analyze
13

View Slide

tail
grep
cat
14

View Slide

15

View Slide

My roommate uses this to colorise his access logs…
15

View Slide

This is speciﬁc to its access logs
My roommate uses this to colorise his access logs…
15

View Slide

16

View Slide

17

View Slide

18

View Slide

19

View Slide

20

View Slide

Inputs Filters Outputs
41 inputs
• syslog
• udp
• varnishlog
• gelf
• …
50 ﬁlters
• date
• geoip
• i18n
• urldecode
• …
55 outputs
• elasticsearch
• redis
• email
• graphite
• …
21

View Slide

Inputs Filters Outputs
41 inputs
• syslog
• udp
• varnishlog
• gelf
• …
50 ﬁlters
• date
• geoip
• i18n
• urldecode
• …
55 outputs
• elasticsearch
• redis
• email
• graphite
• …
And there are also some codecs
21

View Slide

Kibana
22

View Slide

23

View Slide

ELK
24

View Slide

25

View Slide

syslog
syslog
26

View Slide

27

View Slide

*.* @127.0.0.1:514;RSYSLOG_ForwardFormat
28

View Slide

input {
udp {
port => 514
type => syslog
}
}
Logstash - Input
29

View Slide

filter {
if [type] == "syslog" {
grok {
match => [ "message", "%
{TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %
{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %
{GREEDYDATA:syslog_message}" ]
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
add_tag => [ "rsyslog" ]
}
}
}
Logstash - Filter
30

View Slide

output {
elasticsearch_http {
host => “my_es.blablacar.com”
port => 9200
index => "logstashv1-%{+YYYY.MM.dd}"
manage_template => false
}
}
Logstash - Output
31

View Slide

application logs
32

View Slide

33

View Slide

• StreamHandler
• ErrorLogHandler
• SwiftMailerHandler
• SyslogUdpHandler
• FirePHPHandler
• FingersCrossedHandler
• NullHandler
• …
More than 36 handlers!
It’s just some outputs!
34

View Slide

http://symfony.com/doc/current/cookbook/logging/channels_handlers.html
35

View Slide

36

View Slide

37

View Slide

38

View Slide

WHAT CAN
I DO WITH
THAT
39

View Slide

I want to have
all
my logs
displayed on the
console.
40

View Slide

41

View Slide

handlers
41

View Slide

handlers
channels
41

View Slide

I want to add
web context
informations
to my logs.
42

View Slide

43

View Slide

I want to
see
all
my logs
in a PRETTY interface!
44

View Slide

45

View Slide

input {
gelf {
port => 12201
type => gelf
}
}
Logstash - Input
46

View Slide

Logstash - Filter
47

View Slide

Logstash - Filter
47
This space has intentionally been left blank.

View Slide

Logstash - Filter
47
We don’t need any ﬁlter

View Slide

Logstash - Filter
47
Because logstash works well!

View Slide

Logstash - Filter
47
Because logstash works well!
With Heka you need to write a lot of Lua

View Slide

This troll was dedicated to @lyrixx
48

View Slide

output {
port => 9200
}
}
Logstash - Output
49

View Slide

output {
port => 9200
}
}
Logstash - Output
49
It’s a duplicate slide!

View Slide

Laisse pas trainer ton log !

Laisse pas trainer ton log !

Olivier Dolbeau

More Decks by Olivier Dolbeau

Other Decks in Programming

Featured

Transcript