I understand that everybody can redefine its own format. but I saw several times that default (not very comfortable) format was later adopted as industry wide.
пт, 2 июл. 2021 г. в 19:52, Илья Шипицин <chipits...@gmail.com>: > I worked with log formats a lot, couple of thoughts > > 1) tab separated is better for any log import tool (mixing spaces and "/" > is terrible for import) > 2) time should be iso8601 > > пт, 2 июл. 2021 г. в 19:29, Remi Tricot-Le Breton <rlebre...@haproxy.com>: > >> Hello list, >> >> Some work in ongoing to ease connection error and SSL handshake error >> logging. >> This will rely on some new sample fetches that could be added to a custom >> log-format string. >> In order to ease SSL logging and debugging, we will also add a new >> default log >> format for SSL connections. Now is then the good time to find the best >> format >> for everyone. >> The proposed format looks like the HTTP one to which the SSL specific >> information is added. But if anybody sees a missing information that >> could be >> beneficial for everybody, feel free to tell it, nothing is set in stone >> yet. >> >> The format would look like this : >> >>> Jul 1 18:11:31 haproxy[143338]: 127.0.0.1:37740 >> [01/Jul/2021:18:11:31.517] \ >> ssl_frontend~ ssl_frontend/s2 0/0/0/7/+7 \ >> 0/0/0/0 2750 ---- 1/1/1/1/0 0/0 TLSv1.3 TLS_AES_256_GCM_SHA384 >> >> Field Format Extract from the example >> above >> 1 process_name '[' pid ']:' >> haproxy[143338]: >> 2 client_ip ':' client_port >> 127.0.0.1:37740 >> 3 '[' request_date ']' >> [01/Jul/2021:18:11:31.517] >> 4 frontend_name >> ssl_frontend~ >> 5 backend_name '/' server_name >> ssl_frontend/s2 >> 6 TR '/' Tw '/' Tc '/' Tr '/' Ta* >> 0/0/0/7/+7 >> 7 *conn_status '/' SSL hsk error '/' SSL vfy '/' SSL CA vfy* >> 0/0/0/0 >> 8 bytes_read* >> 2750 >> 9 termination_state >> ---- >> 10 actconn '/' feconn '/' beconn '/' srv_conn '/' retries* >> 1/1/1/1/0 >> 11 srv_queue '/' >> backend_queue 0/0 >> 12 *ssl_version* >> TLSv1.3 >> 13 *ssl_ciphers* >> TLS_AES_256_GCM_SHA384 >> >> >> The equivalent log-format string would be the following : >> "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta \ >> %[conn_err_code]/%[ssl_fc_hsk_err]/%[ssl_c_err]/%[ssl_c_ca_err] \ >> %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq %sslv %sslc >> >> The fields in bold are the SSL specific ones and the statuses ones will >> come >> from a not yet submitted code so the names and format might slightly >> change. >> >> Feel free to suggest any missing data, which could come from log-format >> specific fields or already existing sample fetches. >> >> Thanks >> >> Rémi >> >