Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
260
Jane & Webby
odolbeau
0
450
Translating a monolingual application
odolbeau
2
630
DX: Developer eXperience
odolbeau
1
110
DX: Developer eXperience
odolbeau
1
560
EasyAdminBundle introduction
odolbeau
0
190
REX API Platform
odolbeau
0
1.4k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
580
Other Decks in Programming
See All in Programming
認証・認可の基本を学ぼう後編
kouyuume
0
250
Java 25, Nuevas características
czelabueno
0
110
ゆくKotlin くるRust
exoego
1
160
AIエンジニアリングのご紹介 / Introduction to AI Engineering
rkaga
8
3.3k
DevFest Android in Korea 2025 - 개발자 커뮤니티를 통해 얻는 가치
wisemuji
0
170
Basic Architectures
denyspoltorak
0
120
大規模Cloud Native環境におけるFalcoの運用
owlinux1000
0
200
perlをWebAssembly上で動かすと何が嬉しいの??? / Where does Perl-on-Wasm actually make sense?
mackee
0
130
AIコーディングエージェント(NotebookLM)
kondai24
0
230
LLMで複雑な検索条件アセットから脱却する!! 生成的検索インタフェースの設計論
po3rin
4
970
「コードは上から下へ読むのが一番」と思った時に、思い出してほしい話
panda728
PRO
39
26k
GISエンジニアから見たLINKSデータ
nokonoko1203
0
180
Featured
See All Featured
AI: The stuff that nobody shows you
jnunemaker
PRO
1
22
Crafting Experiences
bethany
0
22
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
74
Building Applications with DynamoDB
mza
96
6.8k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
28
We Are The Robots
honzajavorek
0
120
For a Future-Friendly Web
brad_frost
180
10k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
9
1k
The Cult of Friendly URLs
andyhume
79
6.7k
Accessibility Awareness
sabderemane
0
24
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
31
Site-Speed That Sticks
csswizardry
13
1k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
kouyuume
czelabueno
exoego
rkaga
wisemuji
denyspoltorak
owlinux1000
mackee
kondai24
po3rin
panda728
nokonoko1203
jnunemaker
bethany
techseoconnect
mza
ryanjones
honzajavorek
brad_frost
addyosmani
andyhume
sabderemane
csswizardry
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
