Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Olivier Dolbeau
April 09, 2015
Programming
1
2.8k

Logs hunting

Talk given at sfLive 2015 Paris

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
0
80
Jane & Webby
odolbeau
0
310
Translating a monolingual application
odolbeau
2
460
DX: Developer eXperience
odolbeau
0
56
DX: Developer eXperience
odolbeau
0
450
EasyAdminBundle introduction
odolbeau
0
150
REX API Platform
odolbeau
0
1.2k
Features flags at BlaBlaCar
odolbeau
4
940
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
1
430

Other Decks in Programming

See All in Programming
Jakarta EE meets AI
ivargrimstad
0
150
受け取る人から提供する人になるということ
little_rubyist
0
230
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
5
2.1k
どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか
akikogoto
1
120
Realtime API 入門
riofujimon
0
150
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
Less waste, more joy, and a lot more green: How Quarkus makes Java better
hollycummins
0
100
ヤプリ新卒SREの オンボーディング
masaki12
0
130
Nurturing OpenJDK distribution: Eclipse Temurin Success History and plan
ivargrimstad
0
900
OSSで起業してもうすぐ10年 / Open Source Conference 2024 Shimane
furukawayasuto
0
100
EventSourcingの理想と現実
wenas
6
2.3k
3rd party scriptでもReactを使いたい! Preact + Reactのハイブリッド開発
righttouch
PRO
1
600

Featured

See All Featured
Testing 201, or: Great Expectations
jmmastey
38
7.1k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
GitHub's CSS Performance
jonrohan
1030
460k
Art, The Web, and Tiny UX
lynnandtonic
297
20k
4 Signs Your Business is Dying
shpigford
180
21k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Navigating Team Friction
lara
183
14k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Raft: Consensus for Rubyists
vanstee
136
6.6k
The Cult of Friendly URLs
andyhume
78
6k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting