Well I have it mostly wrapped up and writing to graylog, however the ops log has a `remote_addr` field, but as far as I can tell it's always blank. I found this fix but it seems to only be in v13.0.1 https://github.com/ceph/ceph/pull/16860
Is there any chance we'd see backports of this to Jewel and/or luminous? Aaron On Mar 12, 2018, at 5:50 PM, Aaron Bassett <aaron.bass...@nantomics.com<mailto:aaron.bass...@nantomics.com>> wrote: Quick update: adding the following to your config: rgw log http headers = "http_authorization" rgw ops log socket path = /tmp/rgw rgw enable ops log = true rgw enable usage log = true and you can now nc -U /tmp/rgw |./jq --stream 'fromstream(1|truncate_stream(inputs))' { "time": "2018-03-12 21:42:19.479037Z", "time_local": "2018-03-12 21:42:19.479037", "remote_addr": "", "user": "test", "operation": "PUT", "uri": "/testbucket/", "http_status": "200", "error_code": "", "bytes_sent": 19, "bytes_received": 0, "object_size": 0, "total_time": 600967, "user_agent": "Boto/2.46.1 Python/2.7.12 Linux/4.4.0-42-generic", "referrer": "", "http_x_headers": [ { "HTTP_AUTHORIZATION": "AWS <aws key id>: <signature>" } ] } pretty good start on getting an audit log going! On Mar 9, 2018, at 10:52 PM, Konstantin Shalygin <k0...@k0ste.ru<mailto:k0...@k0ste.ru>> wrote: Unfortunately I can't quite figure out how to use it. I've got "rgw log http headers = "authorization" in my ceph.conf but I'm getting no love in the rgw log. I think this shold have 'http_' prefix, like: rgw log http headers = "http_host, http_x_forwarded_for" k CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
