Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Olivier Dolbeau
April 09, 2015
Programming
1
2.5k

Logs hunting

Talk given at sfLive 2015 Paris

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Jane & Webby
odolbeau
0
220
Translating a monolingual application
odolbeau
2
320
DX: Developer eXperience
odolbeau
0
43
DX: Developer eXperience
odolbeau
0
310
EasyAdminBundle introduction
odolbeau
0
94
REX API Platform
odolbeau
0
770
Features flags at BlaBlaCar
odolbeau
4
730
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
1
320
Be gentle with your prod!
odolbeau
1
450

Other Decks in Programming

See All in Programming
Swift アクターモデルと Elm Architecture の融合 / iOSDC Japan 2022
inamiy
4
1.2k
ローンチから16年目のWebサービスに、どうやってフィーチャートグルを導入したか、運用しているか / phpcon2022
meihei3
1
550
Layout Grid for Browser | FigmaのLayout Gridを拡張機能で実装してブラウザに持ち込んでみた話
hanzochang
0
110
enum で KeyPaths のような機能を実現する CasePaths
kalupas226
1
230
Rethinking Auth for SPAs and Micro Frontends: Easy and Secure With Gateways
manfredsteyer
PRO
0
100
今更だけどUIKitで型パラメータのインジェクトを利用してViewのレイアウトをしてみよう
martysuzuki
0
430
iOS ライブラリをセルフサービスで生成する仕組み
junkpiano
2
410
どのくらい速くなるの?Laravel MixとViteを性能比較してみました!
akitotsukahara
0
190
Swift Concurrency Next Step
shiz
7
1k
[API Platform Con] Domain Driven Design with API Platform 3
mtarld
0
2.7k
iOSのウィジェットでも猫走らせたい / iOSDC Japan 2022 Day2 Unconference
kyome22
3
520
キャッシュによる状態管理のアーキテクチャ / Cache-based state management architecture
rockname
6
9.7k

Featured

See All Featured
Automating Front-end Workflow
addyosmani
1351
200k
The Cult of Friendly URLs
andyhume
68
4.9k
Building a Scalable Design System with Sketch
lauravandoore
450
30k
Git: the NoSQL Database
bkeepers
PRO
416
59k
Atom: Resistance is Futile
akmur
255
23k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
37
3.4k
Making Projects Easy
brettharned
100
4.4k
GitHub's CSS Performance
jonrohan
1020
420k
Designing the Hi-DPI Web
ddemaree
273
32k
Navigating Team Friction
lara
175
11k
Creatively Recalculating Your Daily Design Routine
revolveconf
207
10k
In The Pink: A Labor of Love
frogandcode
131
21k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting