Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Logs hunting
Search
Olivier Dolbeau
April 09, 2015
Programming
1
2.9k
Logs hunting
Talk given at sfLive 2015 Paris
Olivier Dolbeau
April 09, 2015
Tweet
Share
More Decks by Olivier Dolbeau
See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
odolbeau
1
280
Jane & Webby
odolbeau
0
460
Translating a monolingual application
odolbeau
2
670
DX: Developer eXperience
odolbeau
1
110
DX: Developer eXperience
odolbeau
1
570
EasyAdminBundle introduction
odolbeau
0
200
REX API Platform
odolbeau
0
1.4k
Features flags at BlaBlaCar
odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
2
640
Other Decks in Programming
See All in Programming
それ、本当に安全? ファイルアップロードで見落としがちなセキュリティリスクと対策
penpeen
7
3.9k
Grafana:建立系統全知視角的捷徑
blueswen
0
330
CSC307 Lecture 02
javiergs
PRO
1
780
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
kamina_zzz
0
400
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
rkaga
4
2k
AIフル活用時代だからこそ学んでおきたい働き方の心得
shinoyu
0
130
CSC307 Lecture 01
javiergs
PRO
0
690
今から始めるClaude Code超入門
448jp
8
8.7k
AIエージェントのキホンから学ぶ「エージェンティックコーディング」実践入門
masahiro_nishimi
5
450
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
200
MDN Web Docs に日本語翻訳でコントリビュート
ohmori_yusuke
0
650
AI巻き込み型コードレビューのススメ
nealle
1
210
Featured
See All Featured
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
49
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Color Theory Basics | Prateek | Gurzu
gurzu
0
200
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Paper Plane (Part 1)
katiecoart
PRO
0
4.2k
How GitHub (no longer) Works
holman
316
140k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.7k
Transcript
LOGS HUNTING 1
WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2
THIS IS AN ELK 3
4
5
6
Inputs Filters Outputs 41 inputs • syslog • udp •
varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7
Kibana 8
9
10
Which logs are we talking about? 11
12 Access Logs Population: High Difficulty: Easy Weapon
13 Application logs Population: Medium / Low Difficulty: Medium Weapon
Monolog <3
syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG
*.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15
input { udp { port => 514 type => syslog
} } Logstash - Input 16
filter { if [type] == "syslog" { grok { match
=> [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17
output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200
index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18
19
syslog 20
21
@odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting
odolbeau
penpeen
blueswen
javiergs
kamina_zzz
rkaga
shinoyu
448jp
masahiro_nishimi
tasshi
ohmori_yusuke
nealle
chrisshort
akademiya2063
denniskardys
jlugia
gurzu
jcasabona
keithpitt
panda_program
lauravandoore
katiecoart
holman
jnunemaker
![filter { if [type] == "syslog" { grok { match](https://files.speakerdeck.com/presentations/830b3cc35cc64bd58e9df1ac9a3aa6fa/slide_16.jpg){kind=link}
