Re: Try to log the IP in the header X-Forwarded-For with radosgw behind haproxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi @all,

On 4/9/19 12:43 PM, Francois Lafont wrote:


I have tried this config:

-----
rgw enable ops log      = true
rgw ops log socket path = /tmp/opslog
rgw log http headers    = http_x_forwarded_for
-----

and I have logs in the socket /tmp/opslog like this:

-----
{"bucket":"test1","time":"2019-04-09 09:41:18.188350Z","time_local":"2019-04-09 11:41:18.188350","remote_addr":"10.111.222.51","user":"flaf","operation":"GET","uri":"GET /?prefix=toto/&delimiter=%2F HTTP/1.1","http_status":"200","error_code":"","bytes_sent":832,"bytes_received":0,"object_size":0,"total_time":39,"user_agent":"DragonDisk 1.05 ( http://www.dragondisk.com )","referrer":"","http_x_headers":[{"HTTP_X_FORWARDED_FOR":"10.111.222.55"}]},
-----

I can see the IP address of the client in the value of HTTP_X_FORWARDED_FOR, that's cool.

But I don't understand why there is a specific socket to log that? I'm using radosgw in a Docker container (installed via ceph-ansible) and I have logs of the "radosgw" daemon in the "/var/log/syslog" file of my host (I'm using the Docker "syslog" log-driver).

1. Why is there a _separate_ log source for that? Indeed, in "/var/log/syslog" I have already some logs of civetweb. For instance:

     2019-04-09 12:33:45.926 7f02e021c700  1 civetweb: 0x55876dc9c000: 10.111.222.51 - - [09/Apr/2019:12:33:45 +0200] "GET /?prefix=toto/&delimiter=%2F HTTP/1.1" 200 1014 - DragonDisk 1.05 ( http://www.dragondisk.com )


The fact that radosgw uses a separate log source for "ops log" (ie a specific Unix socket) is still very mysterious for me.



2. In my Docker container context, is it possible to put the logs above in the file "/var/log/syslog" of my host, in other words is it possible to make sure to log this in stdout of the daemon "radosgw"?


It seems to me impossible to put ops log in the stdout of the "radosgw" process (or, if it's possible, I have not found). So I have made a workaround. I have set:

    rgw_ops_log_socket_path = /var/run/ceph/rgw-opslog.asok

in my ceph.conf and I have created a daemon (via un systemd unit file) which runs this loop:

    while true;
    do
        netcat -U "/var/run/ceph/rgw-opslog.asok" | logger -t "rgwops" -p "local5.notice"
    done

to retrieve logs in syslog. It's not very satisfying but it's works.

--
François (flaf)
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux