$30 off During Our Annual Pro Sale. View Details »

Logs hunting

Avatar for Olivier Dolbeau Olivier Dolbeau
April 09, 2015
Programming
1
2.9k

Logs hunting

Talk given at sfLive 2015 Paris

Avatar for Olivier Dolbeau

Olivier Dolbeau

April 09, 2015
Tweet

More Decks by Olivier Dolbeau

See All by Olivier Dolbeau
Throw new \Exception(); Oui, mais laquelle ?
Avatar for Olivier Dolbeau odolbeau
1
260
Jane & Webby
Avatar for Olivier Dolbeau odolbeau
0
450
Translating a monolingual application
Avatar for Olivier Dolbeau odolbeau
2
630
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
110
DX: Developer eXperience
Avatar for Olivier Dolbeau odolbeau
1
560
EasyAdminBundle introduction
Avatar for Olivier Dolbeau odolbeau
0
190
REX API Platform
Avatar for Olivier Dolbeau odolbeau
0
1.4k
Features flags at BlaBlaCar
Avatar for Olivier Dolbeau odolbeau
5
1.2k
25+ million members in 22 countries, how to scale with Symfony2
Avatar for Olivier Dolbeau odolbeau
2
590

Other Decks in Programming

See All in Programming
リリース時」テストから「デイリー実行」へ!開発マネージャが取り組んだ、レガシー自動テストのモダン化戦略
Avatar for goataka (GOAMI Takaaki) goataka
0
140
Grafana:建立系統全知視角的捷徑
Avatar for Blueswen blueswen
0
220
Pythonではじめるオープンデータ分析〜書籍の紹介と書籍で紹介しきれなかった事例の紹介〜
Avatar for Ryo YOSHI welliving
3
610
안드로이드 9년차 개발자, 프론트엔드 주니어로 커리어 리셋하기
Avatar for Seungmin 마량 maryang
1
140
「コードは上から下へ読むのが一番」と思った時に、思い出してほしい話
Avatar for HideyukiKitao panda728
PRO
39
26k
ゲームの物理 剛体編
Avatar for Fadis fadis
0
370
re:Invent 2025 トレンドからみる製品開発への AI Agent 活用
Avatar for Kohei Yoshikawa yoskoh
0
430
Canon EOS R50 V と R5 Mark II 購入でみえてきた最近のデジイチ VR180 事情、そして VR180 静止画に活路を見出すまで
Avatar for kazuhiro hara karad
0
140
Navigating Dependency Injection with Metro
Avatar for HyunWoo Lee l2hyunwoo
1
190
Tinkerbellから学ぶ、Podで DHCPをリッスンする手法
Avatar for Tomofumi Kondo tomokon
0
140
令和最新版Android Studioで化石デバイス向けアプリを作る
Avatar for Sora Arakawa arkw
0
450
開発に寄りそう自動テストの実現
Avatar for Hiroki Iseri goyoki
2
1.4k

Featured

See All Featured
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
580
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
61
9.7k
It's Worth the Effort
Avatar for 3n 3n
187
29k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
13k
Designing for Timeless Needs
Avatar for Cassini Nazir cassininazir
0
93
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
Avatar for Aleyda Solis aleyda
0
1.8k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
110
Believing is Seeing
Avatar for Spiro Bolos oripsolob
0
15
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.1k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
1.8k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
710

Transcript

  1. LOGS HUNTING 1

  2. WHO AM I? Olivier Dolbeau @odolbeau Work at BlaBlaCar 2

  3. THIS IS AN ELK 3

  4. 4

  5. 5

  6. 6

  7. Inputs Filters Outputs 41 inputs • syslog • udp •

    varnishlog • gelf • … 50 filters • date • geoip • i18n • urldecode • … 55 outputs • elasticsearch • redis • email • graphite • … And there are also some codecs 7

  8. Kibana 8

  9. 9

  10. 10

  11. Which logs are we
 talking about? 11

  12. 12 Access Logs Population: High Difficulty: Easy Weapon

  13. 13 Application logs Population: Medium / Low Difficulty: Medium Weapon

    Monolog <3

  14. syslog 14 Syslog Population: Medium Difficulty: Easy Weapon RSYSLOG

  15. *.* @127.0.0.1:514;RSYSLOG_ForwardFormat 15

  16. input { udp { port => 514 type => syslog

    } } Logstash - Input 16

  17. filter { if [type] == "syslog" { grok { match

    => [ "message", "<%{POSINT:syslog_pri}>% {TIMESTAMP_ISO8601:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} % {DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: % {GREEDYDATA:syslog_message}" ] add_field => [ "received_at", "%{@timestamp}" ] add_field => [ "received_from", "%{host}" ] add_tag => [ "rsyslog" ] } } } Logstash - Filter 17

  18. output { elasticsearch_http { host => “my_es.blablacar.com” port => 9200

    index => "logstashv1-%{+YYYY.MM.dd}" manage_template => false } } Logstash - Output 18

  19. 19

  20. syslog 20

  21. 21

  22. @odolbeau 22 On recrute ! https://speakerdeck.com/odolbeau/logs-hunting