|
Ah yes, I found it: https://github.com/ceph/ceph/commit/3192ef6a034bf39becead5f87a0e48651fcab705
Unfortunately I can't quite figure out how to use it. I've got "rgw log http headers = "authorization" in my ceph.conf but I'm getting no love in the rgw log.
Also, setting rgw debug level to 10 did get me the user access key id, but only incidentally, talking about a cache miss and put for the user, so I'm not sure how much I'd want to depend on that. Also, to Davids point, that makes thing very chatty
and I'll have to do some processing to correlate the key id with the rest of the request info.
Aaron
Hi
Yehuda,
I
did add support for logging arbitrary headers, but not a
configurable
log record a-la webservers. To level set, David, are you
speaking
about a file or pipe log sync on the RGW host?
Matt
On
Thu, Mar 8, 2018 at 7:55 PM, Yehuda Sadeh-Weinraub <yehuda@xxxxxxxxxx>
wrote:
On Thu, Mar 8, 2018 at 2:22 PM, David Turner <drakonstein@xxxxxxxxx> wrote:
I remember some time ago Yehuda had commented on a thread like this saying
that it would make sense to add a logging/auditing feature like this to RGW.
I haven't heard much about it since then, though. Yehuda, do you remember
that and/or think that logging like this might become viable.
I vaguely remember Matt was working on this. Matt?
Yehuda
On Thu, Mar 8, 2018 at 4:17 PM Aaron Bassett <Aaron.Bassett@xxxxxxxxxxxxx>
wrote:
Yea thats what I was afraid of. I'm looking at possibly patching to add
it, but i really dont want to support my own builds. I suppose other
alternatives are to use proxies to log stuff, but that makes me sad.
Aaron
On Mar 8, 2018, at 12:36 PM, David Turner <drakonstein@xxxxxxxxx> wrote:
Setting radosgw debug logging to 10/10 is the only way I've been able to
get the access key in the logs for requests. It's very unfortunate as it
DRASTICALLY increases the amount of log per request, but it's what we needed
to do to be able to have the access key in the logs along with the request.
On Tue, Mar 6, 2018 at 3:09 PM Aaron Bassett <Aaron.Bassett@xxxxxxxxxxxxx>
wrote:
Hey all,
I'm trying to get something of an audit log out of radosgw. To that end I
was wondering if theres a mechanism to customize the log format of civetweb.
It's already writing IP, HTTP Verb, path, response and time, but I'm hoping
to get it to print the Authorization header of the request, which containers
the access key id which we can tie back into the systems we use to issue
credentials. Any thoughts?
Thanks,
Aaron
CONFIDENTIALITY NOTICE
This e-mail message and any attachments are only for the use of the
intended recipient and may contain information that is privileged,
confidential or exempt from disclosure under applicable law. If you are not
the intended recipient, any disclosure, distribution or other use of this
e-mail message or attachments is prohibited. If you have received this
e-mail message in error, please delete and notify the sender immediately.
Thank you.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.ceph.com_listinfo.cgi_ceph-2Dusers-2Dceph.com&d=DwIBaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=q8So9TjC57treWWapD23wxqiYyUohBcrF1HlEB82ntY&s=SqGv02oZlntXRPTSqDK9e5nWhELurcxGkg8HxB-py_k&e=
--
Matt
Benjamin
Red
Hat, Inc.
315
West Huron Street, Suite 140A
Ann
Arbor, Michigan 48103
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.redhat.com_en_technologies_storage&d=DwIBaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=q8So9TjC57treWWapD23wxqiYyUohBcrF1HlEB82ntY&s=WETrkwV8EkHd9iypM-7_WonFV4XeYhJbXCjg-c6dr84&e=
tel.
734-821-5101
fax.
734-769-8938
cel.
734-216-5309
CONFIDENTIALITY NOTICE
This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution
or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.
|
