Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
3k
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
310
Jane & Webby
odolbeau
0
500
Translating a monolingual application
odolbeau
2
690
DX: Developer eXperience
odolbeau
1
130
DX: Developer eXperience
odolbeau
1
580
EasyAdminBundle introduction
odolbeau
0
240
REX API Platform
odolbeau
0
1.4k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
670
Other Decks in Programming
See All in Programming
肥大化するレガシーコードに立ち向かうためのインターフェース分離と依存の逆転 / JJUG CCC 2026 Spring
hirokunimaeta
0
510
3Dシーンの圧縮
fadis
1
670
タクシーアプリ『GO』の バックエンド開発のおける AI利活用と若者のすべて
pyama86
3
1.9k
The Arts and Crafts of Work in the AI Era — Toward Mastery in Software Development
kuranuki
1
730
AI駆動開発勉強会 広島支部 第一回勉強会 AI駆動開発概要とワークショップ
hayatoshimiu
0
450
IBM Bobを活用したレガシーアプリの最新化
oniak3ibm
PRO
1
180
Composerを使ったサプライチェーン攻撃の様子を眺めてみる #phpstudy
o0h
PRO
2
230
LLM Plugin for Node-REDの利用方法と開発について
404background
0
160
ローカルLLMを使ってB2Bサービスを作っていての学び
yaotti
0
150
oxlintはeslint/typescript-eslintを置き換えられるのか
shomafujita
2
320
AIとRubyの静的型付け
ukin0k0
0
550
Javaの型とAI時代に型が大事な理由 / java types and type in AI era
kishida
2
110
Featured
See All Featured
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.5k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
11k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
140
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
360
Design in an AI World
tapps
1
230
Leadership Guide Workshop - DevTernity 2021
reverentgeek
1
300
A Soul's Torment
seathinner
6
2.9k
Between Models and Reality
mayunak
4
330
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
140
The Language of Interfaces
destraynor
162
27k
Amusing Abliteration
ianozsvald
1
200
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
hirokunimaeta
fadis
pyama86
kuranuki
hayatoshimiu
oniak3ibm
o0h
404background
yaotti
shomafujita
ukin0k0
kishida
ipullrank
jnunemaker
aleyda
akademiya2063
tmiket
tapps
reverentgeek
seathinner
mayunak
marketingsoph
destraynor
ianozsvald
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
