On Wed, Aug 26, 2020 at 06:17:11PM +0300, Ciprian Dorin Craciun wrote:
> On Wed, Aug 26, 2020 at 1:08 PM Willy Tarreau <w...@1wt.eu> wrote:
> > > Also what would be extra useful, especially for debugging and perhaps
> > > security, is to add an `http-request|http-response log <level>
> > > <log-format> if <condition>` that would allow adding additional log
> > > lines if a certain condition is met.
> >
> > We cannot realistically "add more lines" to a request, however deciding
> > to emit one line at the instant the rule is processed shouldn't be hard
> > at all, and I definitely see the value there, as you say, both for
> > debugging and for security alerts.
>
>
> Yes, you are right, I don't expect such a statement to add a new line
> to the buffer, but to immediately format a log line and submit it.
>
> (This also aids in debugging, because if the same log line is put in
> multiple places of the `http-request` chain, one could see how a
> certain header has changed, and it could also help in generating a log
> line the moment the request was parsed, as opposed to waiting for the
> response to be processed.)
Actually that's fun, because among the features for which we wanted
to have the log profiles was the ability to have multiple log points,
precisely for request then response typically. It appeared as being a
little bit of a mess and I don't think anyone made any progress in this
area. But with your idea we could possibly delegate this choice to the
user. One hook I wanted to support was the "server connection established",
which will not be covered, but now that we have the after-response rules,
that at least gives request, response and end of transfer, which are the
most valuable ones.
> Then, still related to logging, might I add a feature request to just
> use "raw" lines over UDP or TCP, instead of SysLog? (Just as we have
> now support for `stdout`, but with network support.)
You already have it. I'm doing this:
log 127.0.0.1:5514 format raw daemon
log-format "%[uuid]"
And netcat shows me only the uuid with no header nor anything. So
technically speaking I don't think you're missing anything for this.
Willy
