Hello Aleksandar,
On 03/07/2021 13:19, Aleksandar Lazic wrote:
Hi Remi.
How about to combine ssl_version/ssl_ciphers in one line.
Yes why not.
It would be helpful to see also the backend status.
Maybe add a 14th and 15th line with following fields
*backend_name '/' conn_status '/' SSL hsk error '/' SSL vfy '/' SSL CA
vfy*
*backend_name '/' ssl_version '/' ssl_ciphers*
The backend name is already included in the log line, I'll avoid
duplicating information.
I had in the past several issues with the backend where the backend CA
wasn't in the CA File which was quite
difficult to debug.
Backend related errors won't be raised in the log line since it is
emitted on the fronted side of the connection but this backend error
problem will also be treated after this.
+1 to the suggestion from Илья Шипицин to use iso8601 which is already
in haproxy since 2019/10/01:2.1-dev2.
I haven't found sub second format parameter in strftime call therefore
I assume the strftime call have this
".000000" as fix value.
```
strftime(iso_time_str, sizeof(iso_time_str),
"%Y-%m-%dT%H:%M:%S.000000+00:00", &tm)
```
In the timeofday_as_iso_us function where the strftime call happens, the
time zone and microsecond precision are set in the time string just
after the strftime call (see the 'offset' variable and the utoa_pad call).
Maybe another option is to use TAI for timestamps.
https://en.wikipedia.org/wiki/International_Atomic_Time
https://cr.yp.to/proto/utctai.html
http://www.madore.org/~david/computers/unix-leap-seconds.html
Thanks
Rémi
Jm2c
Alex
Thanks
Rémi