mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2025-09-19 14:39:24 +08:00
audit log
This commit is contained in:
Konstantin Lebedev
@@ -4,58 +4,56 @@ import (
|
||||
"fmt"
|
||||
"github.com/chrislusf/seaweedfs/weed/glog"
|
||||
xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
|
||||
// "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
|
||||
|
||||
//"github.com/chrislusf/seaweedfs/weed/s3api/s3err"
|
||||
"github.com/fluent/fluent-logger-golang/fluent"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
type AccessLogExtend struct {
|
||||
type AccessLogExtend struct {
|
||||
AccessLog
|
||||
AccessLogHTTP
|
||||
}
|
||||
|
||||
type AccessLog struct {
|
||||
Bucket string `json:"bucket"` // awsexamplebucket1
|
||||
Time time.Time `json:"time"` // [06/Feb/2019:00:00:38 +0000]
|
||||
RemoteIP string `json:"remote_ip,omitempty"` // 192.0.2.3
|
||||
Requester string `json:"requester,omitempty"` // IAM user id
|
||||
RequestID string `json:"request_id,omitempty"` // 3E57427F33A59F07
|
||||
Operation string `json:"operation,omitempty"` // REST.HTTP_method.resource_type REST.PUT.OBJECT
|
||||
Key string `json:"Key,omitempty"` // /photos/2019/08/puppy.jpg
|
||||
ErrorCode string `json:"error_code,omitempty"`
|
||||
HostId string `json:"host_id,omitempty"`
|
||||
HostHeader string `json:"host_header,omitempty"` // s3.us-west-2.amazonaws.com
|
||||
SignatureVersion string `json:"signature_version,omitempty"`
|
||||
type AccessLog struct {
|
||||
Bucket string `json:"bucket"` // awsexamplebucket1
|
||||
Time time.Time `json:"time"` // [06/Feb/2019:00:00:38 +0000]
|
||||
RemoteIP string `json:"remote_ip,omitempty"` // 192.0.2.3
|
||||
Requester string `json:"requester,omitempty"` // IAM user id
|
||||
RequestID string `json:"request_id,omitempty"` // 3E57427F33A59F07
|
||||
Operation string `json:"operation,omitempty"` // REST.HTTP_method.resource_type REST.PUT.OBJECT
|
||||
Key string `json:"Key,omitempty"` // /photos/2019/08/puppy.jpg
|
||||
ErrorCode string `json:"error_code,omitempty"`
|
||||
HostId string `json:"host_id,omitempty"`
|
||||
HostHeader string `json:"host_header,omitempty"` // s3.us-west-2.amazonaws.com
|
||||
SignatureVersion string `json:"signature_version,omitempty"`
|
||||
}
|
||||
|
||||
type AccessLogHTTP struct {
|
||||
RequestURI string `json:"request_uri,omitempty"` // "GET /awsexamplebucket1/photos/2019/08/puppy.jpg?x-foo=bar HTTP/1.1"
|
||||
HTTPStatus int `json:"HTTP_status,omitempty"`
|
||||
BytesSent string `json:"bytes_sent,omitempty"`
|
||||
ObjectSize string `json:"object_size,omitempty"`
|
||||
TotalTime time.Duration `json:"total_time,omitempty"`
|
||||
TurnAroundTime time.Duration `json:"turn_around_time,omitempty"`
|
||||
Referer string `json:"Referer,omitempty"`
|
||||
UserAgent string `json:"user_agent,omitempty"`
|
||||
VersionId string `json:"version_id,omitempty"`
|
||||
CipherSuite string `json:"cipher_suite,omitempty"`
|
||||
AuthenticationType string `json:"auth_type,omitempty"`
|
||||
TLSVersion string `json:"TLS_version,omitempty"`
|
||||
RequestURI string `json:"request_uri,omitempty"` // "GET /awsexamplebucket1/photos/2019/08/puppy.jpg?x-foo=bar HTTP/1.1"
|
||||
HTTPStatus int `json:"HTTP_status,omitempty"`
|
||||
BytesSent string `json:"bytes_sent,omitempty"`
|
||||
ObjectSize string `json:"object_size,omitempty"`
|
||||
TotalTime time.Duration `json:"total_time,omitempty"`
|
||||
TurnAroundTime time.Duration `json:"turn_around_time,omitempty"`
|
||||
Referer string `json:"Referer,omitempty"`
|
||||
UserAgent string `json:"user_agent,omitempty"`
|
||||
VersionId string `json:"version_id,omitempty"`
|
||||
CipherSuite string `json:"cipher_suite,omitempty"`
|
||||
AuthenticationType string `json:"auth_type,omitempty"`
|
||||
TLSVersion string `json:"TLS_version,omitempty"`
|
||||
}
|
||||
|
||||
const tag = "s3.access"
|
||||
|
||||
var (
|
||||
logger *fluent.Fluent
|
||||
logger *fluent.Fluent
|
||||
hostname = os.Getenv("HOSTNAME")
|
||||
)
|
||||
|
||||
func init() {
|
||||
var err error
|
||||
|
||||
logger, err = fluent.New(fluent.Config{})
|
||||
if err != nil {
|
||||
glog.Fatalf("fail to load fluent config: %v", err)
|
||||
@@ -92,7 +90,7 @@ func getResourceType(object string, query string, metod string) (string, bool) {
|
||||
}
|
||||
}
|
||||
|
||||
func getOperation(object string , r *http.Request) string {
|
||||
func getOperation(object string, r *http.Request) string {
|
||||
queries := r.URL.Query()
|
||||
var operation string
|
||||
var queryFound bool
|
||||
@@ -104,27 +102,27 @@ func getOperation(object string , r *http.Request) string {
|
||||
return operation
|
||||
}
|
||||
|
||||
func GetAccessLog (r *http.Request, s3errCode s3err.ErrorCode) AccessLog {
|
||||
func GetAccessLog(r *http.Request, s3errCode ErrorCode) AccessLog {
|
||||
bucket, key := xhttp.GetBucketAndObject(r)
|
||||
var errorCode string
|
||||
if s3errCode != s3err.ErrNone {
|
||||
errorCode = s3err.GetAPIError(s3errCode).Code
|
||||
if s3errCode != ErrNone {
|
||||
errorCode = GetAPIError(s3errCode).Code
|
||||
}
|
||||
return AccessLog{
|
||||
HostHeader: r.Header.Get("Host"),
|
||||
RequestID: r.Header.Get("X-Request-ID"),
|
||||
RemoteIP: r.Header.Get("X-Real-IP"),
|
||||
RequestID: r.Header.Get("X-Request-ID"),
|
||||
RemoteIP: r.Header.Get("X-Real-IP"),
|
||||
Requester: r.Header.Get(xhttp.AmzIdentityId),
|
||||
HostId: hostname,
|
||||
Bucket: bucket,
|
||||
Time: time.Now(),
|
||||
Key: key,
|
||||
Operation: getOperation(key, r),
|
||||
ErrorCode: errorCode,
|
||||
HostId: hostname,
|
||||
Bucket: bucket,
|
||||
Time: time.Now(),
|
||||
Key: key,
|
||||
Operation: getOperation(key, r),
|
||||
ErrorCode: errorCode,
|
||||
}
|
||||
}
|
||||
|
||||
func Post(r *http.Request, errorCode s3err.ErrorCode) {
|
||||
func PostLog(r *http.Request, errorCode ErrorCode) {
|
||||
if logger == nil {
|
||||
return
|
||||
}
|
||||
@@ -132,4 +130,4 @@ func Post(r *http.Request, errorCode s3err.ErrorCode) {
|
||||
if err != nil {
|
||||
glog.Error("Error while posting log: ", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,6 +25,7 @@ func WriteXMLResponse(w http.ResponseWriter, r *http.Request, statusCode int, re
|
||||
|
||||
func WriteEmptyResponse(w http.ResponseWriter, r *http.Request, statusCode int) {
|
||||
WriteResponse(w, r, statusCode, []byte{}, mimeNone)
|
||||
PostLog(r, ErrNone)
|
||||
}
|
||||
|
||||
func WriteErrorResponse(w http.ResponseWriter, r *http.Request, errorCode ErrorCode) {
|
||||
@@ -39,6 +40,7 @@ func WriteErrorResponse(w http.ResponseWriter, r *http.Request, errorCode ErrorC
|
||||
errorResponse := getRESTErrorResponse(apiError, r.URL.Path, bucket, object)
|
||||
encodedErrorResponse := EncodeXMLResponse(errorResponse)
|
||||
WriteResponse(w, r, apiError.HTTPStatusCode, encodedErrorResponse, MimeXML)
|
||||
PostLog(r, errorCode)
|
||||
}
|
||||
|
||||
func getRESTErrorResponse(err APIError, resource string, bucket, object string) RESTErrorResponse {
|
||||
|
||||
Reference in New Issue
Block a user