Slavik  Muz
Slavik Muz

Reputation: 1217

How to get access-logs from OpenShift router (HAProxy)?

How to get access-logs from openshift router (HAproxy).

I tried to use this command:

$ oc project default 
$ oc logs router-1-g...

I got output:

I0129 09:47:17.125616       1 router.go:554] Router reloaded:
 - Checking http://localhost:80 ...
 - Health check ok : 0 retry attempt(s).
I0129 09:47:54.356142       1 router.go:554] Router reloaded:
 - Checking http://localhost:80 ...
 - Health check ok : 0 retry attempt(s).

But there was no information about users traffic (client/server requests/responses).

Please give me advice on how I can debug how this proxy is working?

Upvotes: 10

Views: 11810

Answers (3)

Stefan Feurle
Stefan Feurle

Reputation: 71

On Openshift >=4.5 you can do it this way by edititing your ingresscontroller and add the following .spec.logging (see below, log format example included):

apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
  name: default
  namespace: openshift-ingress-operator
spec:
  logging:
    access:
      destination:
        type: Container
      # % formats see here: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
      httpLogFormat: log_source="haproxy-default" log_type="http" c_ip="%ci" c_port="%cp"
        req_date="%tr" fe_name_transport="%ft" be_name="%b" server_name="%s" res_time="%TR"
        tot_wait_q="%Tw" Tc="%Tc" Tr="%Tr" Ta="%Ta" status_code="%ST" bytes_read="%B"
        bytes_uploaded="%U" captrd_req_cookie="%CC" captrd_res_cookie="%CS" term_state="%tsc"
        actconn="%ac" feconn="%fc" beconn="%bc" srv_conn="%sc" retries="%rc" srv_queue="%sq"
        backend_queue="%bq" captrd_req_headers="%hr" captrd_res_headers="%hs" http_request="%r"

This solution is based on https://access.redhat.com/solutions/3250781.
There is a solution for Openshift 3.x as well.

You may access the logs by doing 'oc logs -n openshift-ingress <your-router-pod-name> -c logs'.

It is also possible to send those logs directly to a syslog server:

apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
  name: default
  namespace: openshift-ingress-operator
spec:
  logging:
    access:
      destination:
        type: Syslog
        syslog:
          address: 1.2.3.4
          port: 10514
      # % formats see here: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3
      httpLogFormat: log_source="haproxy-default" log_type="http" c_ip="%ci" c_port="%cp"
        req_date="%tr" fe_name_transport="%ft" be_name="%b" server_name="%s" res_time="%TR"
        tot_wait_q="%Tw" Tc="%Tc" Tr="%Tr" Ta="%Ta" status_code="%ST" bytes_read="%B"
        bytes_uploaded="%U" captrd_req_cookie="%CC" captrd_res_cookie="%CS" term_state="%tsc"
        actconn="%ac" feconn="%fc" beconn="%bc" srv_conn="%sc" retries="%rc" srv_queue="%sq"
        backend_queue="%bq" captrd_req_headers="%hr" captrd_res_headers="%hs" http_request="%r"

Upvotes: 7

cbrdy
cbrdy

Reputation: 812

In the openshift 3.11, you could create a new router using oc adm router command with extended logging enabled

  1. New router
oc adm router myrouter --extended-logging
  1. Enable debug logging
oc set env dc/myrouter ROUTER_LOG_LEVEL=debug
  1. tail the logs
oc logs -f myrouter-x-xxxxx -c syslog

Upvotes: 3

PhilipGough
PhilipGough

Reputation: 1769

You will need to point the router at a syslog server to debug the output. No access logs are output by default. You are seeing the logs of the Go process.

I created a rsyslog container some time ago to help debug issues with a custom router. This will log to stdout for debugging purposes only. Follow the instructions in the readme to deploy this within the default project. Shout if you need any further help.

Upvotes: 4

Related Questions