Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
240
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
440
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
600
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
100
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
550
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
180
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.3k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.1k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
520

Other Decks in Programming

See All in Programming
オンデバイスAIとXcode
Avatar for リョウ ryodeveloper
0
470
CloudflareのSandbox SDKを試してみた
Avatar for syumai syumai
0
140
Stay Hacker 〜九州で生まれ、Perlに出会い、コミュニティで育つ〜
Avatar for Kazuhiko Yamashita pyama86
1
740
2026年向け会社紹介資料
Avatar for Yasutaka misu
0
160
開発生産性が組織文化になるまでの軌跡
Avatar for ふくすけ tonegawa07
0
150
AI駆動開発カンファレンスAutumn2025 _AI駆動開発にはAI駆動品質保証
Avatar for Autify autifyhq
0
160
最新のDirectX12で使えるレイトレ周りの機能追加について
Avatar for Pocol projectasura
0
200
Dive into Triton Internals
Avatar for Liam Jongsu Kim appleparan
0
490
ビルドプロセスをデバッグしよう!
Avatar for Yuta Tomiyama yt8492
0
300
What’s Fair is FAIR: A Decentralised Future for WordPress Distribution
Avatar for Ryan McCue rmccue
0
160
AIの弱点、やっぱりプログラミングは人間が(も)勉強しよう / YAPC AI and Programming
Avatar for Naoki Kishida kishida
9
4k
乱雑なコードの整理から学ぶ設計の初歩
Avatar for 増田 亨 masuda220
PRO
31
11k

Featured

See All Featured
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
231
22k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
253
22k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
38
2.9k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.7k
Side Projects
Avatar for Sacha Greif sachag
455
43k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
192
56k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
272
21k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1371
200k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
140
34k

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting