$30 off During Our Annual Pro Sale. View Details »

Logs hunting

Olivier Dolbeau
April 09, 2015
Programming
1
2.7k

Logs hunting

Talk given at sfLive 2015 Paris

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Jane & Webby
odolbeau
0
270
Translating a monolingual application
odolbeau
2
350
DX: Developer eXperience
odolbeau
0
48
DX: Developer eXperience
odolbeau
0
350
EasyAdminBundle introduction
odolbeau
0
120
REX API Platform
odolbeau
0
930
Features flags at BlaBlaCar
odolbeau
4
790
25+ million members in 22 countries, how to scale with Symfony2
odolbeau
1
350
Be gentle with your prod!
odolbeau
1
540

Other Decks in Programming

See All in Programming
supabaseとSvelteKitで作るバックエンドレスなサーバーレスWebサイト / Creating with supabase and SvelteKit Backend-less serverless websites
seike460
PRO
3
1.8k
ブランチ運用とデプロイフローを見直してリリースを楽にする
syukai
3
410
Accelerating App Dev with Cloudflare Workers
chimame
1
210
Vue & Vite Rustify
kazupon
4
910
WantedlyでFeature Storeを導入する際に考えたこと
zerebom
1
400
カスタマーサポートの信頼性向上 〜社内ツールにおけるSRE活動〜 - NIFTY Tech Day 2023
niftycorp
0
110
生成AI×ノーコード (スピーディーなアプリ開発の新時代)
knr109
3
4.4k
長年運用されている Web サービスと 通信をするクライアントを Go で作ってみた話
commojun
0
350
ニフティ社内ISUCON開催への道のり - NIFTY Tech Day 2023
niftycorp
0
140
Introducing Kotlin Multiplatform in an existing mobile app - Workshop Edition | DevFest Berlin 23
prof18
0
230
君たちはどうプログラミングするか
tanakahisateru
7
910
安心してリリース!〜Blue/Greenデプロイ戦略の実体験〜 - NIFTY Tech Day 2023
niftycorp
0
140

Featured

See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.3k
Done Done
chrislema
178
15k
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
1
1.1k
Being A Developer After 40
akosma
52
580k
Happy Clients
brianwarren
91
6.1k
What's new in Ruby 2.0
geeforr
336
30k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
140k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Building a Scalable Design System with Sketch
lauravandoore
453
32k
Code Reviewing Like a Champion
maltzj
511
38k
What the flash - Photography Introduction
edds
64
11k

Transcript

  1. LOGS
    HUNTING
    1

    View Slide

  2. WHO AM I?
    Olivier Dolbeau
    @odolbeau
    Work at BlaBlaCar
    2

    View Slide

  3. THIS IS AN
    ELK
    3

    View Slide

  4. 4

    View Slide

  5. 5

    View Slide

  6. 6

    View Slide

  7. Inputs Filters Outputs
    41 inputs
    • syslog
    • udp
    • varnishlog
    • gelf
    • …
    50 filters
    • date
    • geoip
    • i18n
    • urldecode
    • …
    55 outputs
    • elasticsearch
    • redis
    • email
    • graphite
    • …
    And there are also some codecs
    7

    View Slide

  8. Kibana
    8

    View Slide

  9. 9

    View Slide

  10. 10

    View Slide

  11. Which logs
    are we

    talking about?
    11

    View Slide

  12. 12
    Access Logs
    Population: High
    Difficulty: Easy
    Weapon

    View Slide

  13. 13
    Application logs
    Population: Medium / Low
    Difficulty: Medium
    Weapon
    Monolog <3

    View Slide

  14. syslog
    14
    Syslog
    Population: Medium
    Difficulty: Easy
    Weapon
    RSYSLOG

    View Slide

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat
    15

    View Slide

  16. input {
    udp {
    port => 514
    type => syslog
    }
    }
    Logstash - Input
    16

    View Slide

  17. filter {
    if [type] == "syslog" {
    grok {
    match => [ "message", "<%{POSINT:syslog_pri}>%
    {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %
    {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %
    {GREEDYDATA:syslog_message}" ]
    add_field => [ "received_at", "%{@timestamp}" ]
    add_field => [ "received_from", "%{host}" ]
    add_tag => [ "rsyslog" ]
    }
    }
    }
    Logstash - Filter
    17

    View Slide

  18. output {
    elasticsearch_http {
    host => “my_es.blablacar.com”
    port => 9200
    index => "logstashv1-%{+YYYY.MM.dd}"
    manage_template => false
    }
    }
    Logstash - Output
    18

    View Slide

  19. 19

    View Slide

  20. syslog
    20

    View Slide

  21. 21

    View Slide

  22. @odolbeau
    22
    On recrute !
    https://speakerdeck.com/odolbeau/logs-hunting

    View Slide