On 03.07.21 13:27, Илья Шипицин wrote:
сб, 3 июл. 2021 г. в 16:22, Aleksandar Lazic <[email protected]
<mailto:[email protected]>>:
Hi Remi.
On 02.07.21 16:26, Remi Tricot-Le Breton wrote:
> Hello list,
>
> Some work in ongoing to ease connection error and SSL handshake error
logging.
> This will rely on some new sample fetches that could be added to a custom
> log-format string.
> In order to ease SSL logging and debugging, we will also add a new
default log
> format for SSL connections. Now is then the good time to find the best
format
> for everyone.
> The proposed format looks like the HTTP one to which the SSL specific
> information is added. But if anybody sees a missing information that
could be
> beneficial for everybody, feel free to tell it, nothing is set in stone
yet.
>
> The format would look like this :
> >>> Jul 1 18:11:31 haproxy[143338]: 127.0.0.1:37740
<http://127.0.0.1:37740> [01/Jul/2021:18:11:31.517] \
> ssl_frontend~ ssl_frontend/s2 0/0/0/7/+7 \
> 0/0/0/0 2750 ---- 1/1/1/1/0 0/0 TLSv1.3 TLS_AES_256_GCM_SHA384
>
> Field Format Extract from the
example above
> 1 process_name '[' pid ']:'
haproxy[143338]:
> 2 client_ip ':' client_port 127.0.0.1:37740
<http://127.0.0.1:37740>
> 3 '[' request_date ']'
[01/Jul/2021:18:11:31.517]
> 4 frontend_name
ssl_frontend~
> 5 backend_name '/' server_name
ssl_frontend/s2
> 6 TR '/' Tw '/' Tc '/' Tr '/' Ta*
0/0/0/7/+7
> 7 *conn_status '/' SSL hsk error '/' SSL vfy '/' SSL CA vfy*
0/0/0/0
> 8 bytes_read*
2750
> 9 termination_state
----
> 10 actconn '/' feconn '/' beconn '/' srv_conn '/' retries*
1/1/1/1/0
> 11 srv_queue '/' backend_queue
0/0
> 12 *ssl_version*
TLSv1.3
> 13 *ssl_ciphers*
TLS_AES_256_GCM_SHA384
>
>
> The equivalent log-format string would be the following :
> "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta \
> %[conn_err_code]/%[ssl_fc_hsk_err]/%[ssl_c_err]/%[ssl_c_ca_err] \
> %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq %sslv %sslc
>
> The fields in bold are the SSL specific ones and the statuses ones will
come
> from a not yet submitted code so the names and format might slightly
change.
>
> Feel free to suggest any missing data, which could come from log-format
> specific fields or already existing sample fetches.
How about to combine ssl_version/ssl_ciphers in one line.
It would be helpful to see also the backend status.
Maybe add a 14th and 15th line with following fields
*backend_name '/' conn_status '/' SSL hsk error '/' SSL vfy '/' SSL CA vfy*
*backend_name '/' ssl_version '/' ssl_ciphers*
I had in the past several issues with the backend where the backend CA
wasn't in the CA File which
was quite difficult to debug.
+1 to the suggestion from Илья Шипицин to use iso8601 which is already in
haproxy since
2019/10/01:2.1-dev2.
I haven't found sub second format parameter in strftime call therefore I
assume the strftime call
have this
".000000" as fix value.
```
strftime(iso_time_str, sizeof(iso_time_str), "%Y-%m-%dT%H:%M:%S.000000+00:00",
&tm)
```
Maybe another option is to use TAI for timestamps.
many analysis tools, for example Microsoft LogParser, ClickHouse, can perform
queries right on top
of TSV files with iso8601 time.
Agree.
The output could be a TSV just to get sub seconds information could TAI be used.
https://en.wikipedia.org/wiki/International_Atomic_Time
https://cr.yp.to/proto/utctai.html
http://www.madore.org/~david/computers/unix-leap-seconds.html
> Thanks
>
> Rémi
Jm2c
Alex
