Well I have it mostly wrapped up and writing to graylog, however the ops log 
has a `remote_addr` field, but as far as I can tell it's always blank. I found 
this fix but it seems to only be in v13.0.1 

Is there any chance we'd see backports of this to Jewel and/or luminous?


On Mar 12, 2018, at 5:50 PM, Aaron Bassett 
<aaron.bass...@nantomics.com<mailto:aaron.bass...@nantomics.com>> wrote:

Quick update:

adding the following to your config:

rgw log http headers = "http_authorization"
rgw ops log socket path = /tmp/rgw
rgw enable ops log = true
rgw enable usage log = true

and you can now

 nc -U /tmp/rgw |./jq --stream 'fromstream(1|truncate_stream(inputs))'
  "time": "2018-03-12 21:42:19.479037Z",
  "time_local": "2018-03-12 21:42:19.479037",
  "remote_addr": "",
  "user": "test",
  "operation": "PUT",
  "uri": "/testbucket/",
  "http_status": "200",
  "error_code": "",
  "bytes_sent": 19,
  "bytes_received": 0,
  "object_size": 0,
  "total_time": 600967,
  "user_agent": "Boto/2.46.1 Python/2.7.12 Linux/4.4.0-42-generic",
  "referrer": "",
  "http_x_headers": [
      "HTTP_AUTHORIZATION": "AWS <aws key id>: <signature>"

pretty good start on getting an audit log going!

On Mar 9, 2018, at 10:52 PM, Konstantin Shalygin 
<k0...@k0ste.ru<mailto:k0...@k0ste.ru>> wrote:

Unfortunately I can't quite figure out how to use it. I've got "rgw log http 
headers = "authorization" in my ceph.conf but I'm getting no love in the rgw 

I think this shold have 'http_' prefix, like:

rgw log http headers = "http_host, http_x_forwarded_for"


This e-mail message and any attachments are only for the use of the intended 
recipient and may contain information that is privileged, confidential or 
exempt from disclosure under applicable law. If you are not the intended 
recipient, any disclosure, distribution or other use of this e-mail message or 
attachments is prohibited. If you have received this e-mail message in error, 
please delete and notify the sender immediately. Thank you.
ceph-users mailing list

Reply via email to