I worked with log formats a lot, couple of thoughts 1) tab separated is better for any log import tool (mixing spaces and "/" is terrible for import) 2) time should be iso8601
пт, 2 июл. 2021 г. в 19:29, Remi Tricot-Le Breton <[email protected]>: > Hello list, > > Some work in ongoing to ease connection error and SSL handshake error > logging. > This will rely on some new sample fetches that could be added to a custom > log-format string. > In order to ease SSL logging and debugging, we will also add a new default > log > format for SSL connections. Now is then the good time to find the best > format > for everyone. > The proposed format looks like the HTTP one to which the SSL specific > information is added. But if anybody sees a missing information that could > be > beneficial for everybody, feel free to tell it, nothing is set in stone > yet. > > The format would look like this : > >>> Jul 1 18:11:31 haproxy[143338]: 127.0.0.1:37740 > [01/Jul/2021:18:11:31.517] \ > ssl_frontend~ ssl_frontend/s2 0/0/0/7/+7 \ > 0/0/0/0 2750 ---- 1/1/1/1/0 0/0 TLSv1.3 TLS_AES_256_GCM_SHA384 > > Field Format Extract from the example > above > 1 process_name '[' pid ']:' > haproxy[143338]: > 2 client_ip ':' client_port > 127.0.0.1:37740 > 3 '[' request_date ']' > [01/Jul/2021:18:11:31.517] > 4 frontend_name > ssl_frontend~ > 5 backend_name '/' server_name > ssl_frontend/s2 > 6 TR '/' Tw '/' Tc '/' Tr '/' Ta* > 0/0/0/7/+7 > 7 *conn_status '/' SSL hsk error '/' SSL vfy '/' SSL CA vfy* > 0/0/0/0 > 8 bytes_read* > 2750 > 9 termination_state > ---- > 10 actconn '/' feconn '/' beconn '/' srv_conn '/' retries* > 1/1/1/1/0 > 11 srv_queue '/' backend_queue > 0/0 > 12 *ssl_version* > TLSv1.3 > 13 *ssl_ciphers* > TLS_AES_256_GCM_SHA384 > > > The equivalent log-format string would be the following : > "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta \ > %[conn_err_code]/%[ssl_fc_hsk_err]/%[ssl_c_err]/%[ssl_c_ca_err] \ > %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq %sslv %sslc > > The fields in bold are the SSL specific ones and the statuses ones will > come > from a not yet submitted code so the names and format might slightly > change. > > Feel free to suggest any missing data, which could come from log-format > specific fields or already existing sample fetches. > > Thanks > > Rémi >
