|
Well I have it mostly wrapped up and writing to graylog, however the ops log has a `remote_addr` field, but as far as I can tell it's always blank. I found this fix but it seems to only be in v13.0.1 https://github.com/ceph/ceph/pull/16860
Is there any chance we'd see backports of this to Jewel and/or luminous?
Aaron
Quick update:
adding the following to your config:
rgw log http headers = "http_authorization"
rgw ops log socket path = /tmp/rgw
rgw enable ops log = true
rgw enable usage log = true
and you can now
nc -U /tmp/rgw |./jq --stream 'fromstream(1|truncate_stream(inputs))'
{
"time": "2018-03-12 21:42:19.479037Z",
"time_local": "2018-03-12 21:42:19.479037",
"remote_addr": "",
"user": "test",
"operation": "PUT",
"uri": "/testbucket/",
"http_status": "200",
"error_code": "",
"bytes_sent": 19,
"bytes_received": 0,
"object_size": 0,
"total_time": 600967,
"user_agent": "Boto/2.46.1 Python/2.7.12 Linux/4.4.0-42-generic",
"referrer": "",
"http_x_headers": [
{
"HTTP_AUTHORIZATION": "AWS <aws key id>: <signature>"
}
]
}
pretty good start on getting an audit log going!
On Mar 9, 2018, at 10:52 PM, Konstantin Shalygin < k0ste@xxxxxxxx> wrote:
Unfortunately I can't quite figure out how to use it. I've got "rgw log http headers = "authorization" in my ceph.conf but I'm getting no love in the rgw log.
I think this shold have 'http_' prefix, like:
rgw log http headers = "http_host, http_x_forwarded_for"
k
CONFIDENTIALITY NOTICE
This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution
or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.
|
