I worked with log formats a lot, couple of thoughts

1) tab separated is better for any log import tool (mixing spaces and "/"
is terrible for import)
2) time should be iso8601

пт, 2 июл. 2021 г. в 19:29, Remi Tricot-Le Breton <[email protected]>:

> Hello list,
>
> Some work in ongoing to ease connection error and SSL handshake error
> logging.
> This will rely on some new sample fetches that could be added to a custom
> log-format string.
> In order to ease SSL logging and debugging, we will also add a new default
> log
> format for SSL connections. Now is then the good time to find the best
> format
> for everyone.
> The proposed format looks like the HTTP one to which the SSL specific
> information is added. But if anybody sees a missing information that could
> be
> beneficial for everybody, feel free to tell it, nothing is set in stone
> yet.
>
> The format would look like this :
>     >>> Jul  1 18:11:31 haproxy[143338]: 127.0.0.1:37740
> [01/Jul/2021:18:11:31.517] \
>           ssl_frontend~ ssl_frontend/s2 0/0/0/7/+7 \
>           0/0/0/0 2750 ---- 1/1/1/1/0 0/0 TLSv1.3 TLS_AES_256_GCM_SHA384
>
>   Field   Format                                Extract from the example
> above
>       1   process_name '[' pid ']:'
> haproxy[143338]:
>       2   client_ip ':' client_port
> 127.0.0.1:37740
>       3   '[' request_date ']'
> [01/Jul/2021:18:11:31.517]
>       4   frontend_name
> ssl_frontend~
>       5   backend_name '/' server_name
> ssl_frontend/s2
>       6   TR '/' Tw '/' Tc '/' Tr '/' Ta*
> 0/0/0/7/+7
>       7   *conn_status '/' SSL hsk error '/' SSL vfy '/' SSL CA vfy*
> 0/0/0/0
>       8   bytes_read*
> 2750
>       9   termination_state
> ----
>      10   actconn '/' feconn '/' beconn '/' srv_conn '/' retries*
> 1/1/1/1/0
>      11   srv_queue '/' backend_queue
> 0/0
>      12   *ssl_version*
> TLSv1.3
>      13   *ssl_ciphers*
> TLS_AES_256_GCM_SHA384
>
>
> The equivalent log-format string would be the following :
>     "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta \
>         %[conn_err_code]/%[ssl_fc_hsk_err]/%[ssl_c_err]/%[ssl_c_ca_err] \
>         %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq %sslv %sslc
>
> The fields in bold are the SSL specific ones and the statuses ones will
> come
> from a not yet submitted code so the names and format might slightly
> change.
>
> Feel free to suggest any missing data, which could come from log-format
> specific fields or already existing sample fetches.
>
> Thanks
>
> Rémi
>

Reply via email to