Re: Civetweb log format

Aaron Bassett <Aaron.Bassett@xxxxxxxxxxxxx> · Fri, 9 Mar 2018 22:21:04 +0000

David, that's exactly my goal as well. 

On closer reading of the docs, I see that this setting is to be used for writing these headers to the ops log. I guess it's time for me to learn what that's about. I've never quite been able to figure out how to get my hands on it. I also see
 an option for writing the ops log to a socket instead of the bucket it normally writes to. Seems like a good place for me to snag the info I need and transform and log it in an audit log. I'm going to investigate this and see what turns up.

Aaron

On Mar 9, 2018, at 5:12 PM, David Turner <drakonstein@xxxxxxxxx> wrote:

Matt, my only goal is to be able to have something that can be checked to see which key was used to access which resource. The closest I was able to get in Jewel was rgw debug logging 10/10, but it generates 100+ lines of logs for every request
 and as Aaron points out takes some logic to combine the object, the key, and the action as well that it doesn't actually catch every type of request.

It sounds like you've done some work with this. How can we utilize what you've done to be able to have audit logging on buckets?

On Fri, Mar 9, 2018, 5:00 PM Aaron Bassett <Aaron.Bassett@xxxxxxxxxxxxx> wrote:

Ah yes, I found it: https://github.com/ceph/ceph/commit/3192ef6a034bf39becead5f87a0e48651fcab705

Unfortunately I can't quite figure out how to use it. I've got "rgw log http headers = "authorization" in my ceph.conf but I'm getting no love in the rgw log. 

Also, setting rgw debug level to 10 did get me the user access key id, but only incidentally, talking about a cache miss and put for the user, so I'm not sure how much I'd want to depend on that. Also, to Davids point, that makes thing very chatty
 and I'll have to do some processing to correlate the key id with the rest of the request info. 

Aaron

On Mar 8, 2018, at 8:18 PM, Matt Benjamin <mbenjami@xxxxxxxxxx> wrote:

Hi
 Yehuda,

I
 did add support for logging arbitrary headers, but not a

configurable
 log record a-la webservers.  To level set, David, are you

speaking
 about a file or pipe log sync on the RGW host?

Matt

On
 Thu, Mar 8, 2018 at 7:55 PM, Yehuda Sadeh-Weinraub <yehuda@xxxxxxxxxx>
 wrote:

On Thu, Mar 8, 2018 at 2:22 PM, David Turner <drakonstein@xxxxxxxxx> wrote:

I remember some time ago Yehuda had commented on a thread like this saying

that it would make sense to add a logging/auditing feature like this to RGW.

I haven't heard much about it since then, though.  Yehuda, do you remember

that and/or think that logging like this might become viable.

I vaguely remember Matt was working on this. Matt?

Yehuda

On Thu, Mar 8, 2018 at 4:17 PM Aaron Bassett <Aaron.Bassett@xxxxxxxxxxxxx>

wrote:

Yea thats what I was afraid of. I'm looking at possibly patching to add

it, but i really dont want to support my own builds. I suppose other

alternatives are to use proxies to log stuff, but that makes me sad.

Aaron

On Mar 8, 2018, at 12:36 PM, David Turner <drakonstein@xxxxxxxxx> wrote:

Setting radosgw debug logging to 10/10 is the only way I've been able to

get the access key in the logs for requests.  It's very unfortunate as it

DRASTICALLY increases the amount of log per request, but it's what we needed

to do to be able to have the access key in the logs along with the request.

On Tue, Mar 6, 2018 at 3:09 PM Aaron Bassett <Aaron.Bassett@xxxxxxxxxxxxx>

wrote:

Hey all,

I'm trying to get something of an audit log out of radosgw. To that end I

was wondering if theres a mechanism to customize the log format of civetweb.

It's already writing IP, HTTP Verb, path, response and time, but I'm hoping

to get it to print the Authorization header of the request, which containers

the access key id which we can tie back into the systems we use to issue

credentials. Any thoughts?

Thanks,

Aaron

CONFIDENTIALITY NOTICE

This e-mail message and any attachments are only for the use of the

intended recipient and may contain information that is privileged,

confidential or exempt from disclosure under applicable law. If you are not

the intended recipient, any disclosure, distribution or other use of this

e-mail message or attachments is prohibited. If you have received this

e-mail message in error, please delete and notify the sender immediately.

Thank you.

_______________________________________________

ceph-users mailing list

ceph-users@xxxxxxxxxxxxxx

https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.ceph.com_listinfo.cgi_ceph-2Dusers-2Dceph.com&d=DwIBaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=q8So9TjC57treWWapD23wxqiYyUohBcrF1HlEB82ntY&s=SqGv02oZlntXRPTSqDK9e5nWhELurcxGkg8HxB-py_k&e=

-- 

Matt
Benjamin

Red
 Hat, Inc.

315
 West Huron Street, Suite 140A

Ann
 Arbor, Michigan 48103

https://urldefense.proofpoint.com/v2/url?u=http-3A__www.redhat.com_en_technologies_storage&d=DwIBaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=q8So9TjC57treWWapD23wxqiYyUohBcrF1HlEB82ntY&s=WETrkwV8EkHd9iypM-7_WonFV4XeYhJbXCjg-c6dr84&e=

tel.
  734-821-5101

fax.
  734-769-8938

cel.
  734-216-5309

CONFIDENTIALITY NOTICE

This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution
 or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com