Willy, On 7/6/21 12:12 PM, Willy Tarreau wrote:
A few points first, that are needed to address various concerns. The goal here is to defined an HTTPS log format because that's what the vast majority of users are dealing with day-to-day. For specific usages, everyone already redefines log formats. But for a very basic setup, right now it's true that httplog is a bit limited, and all it shows to help guess there was SSL involved is to append this '~' after the frontend's name.
It was not clear to me that this log format is meant to apply to HTTPS requests, because the example given by Remi does not include the HTTP verb and neither the request URI (unless I need glasses). I thought it was a format for TLS errors or something like this.
Is this a mistake in the examples? Or is HAProxy going to emit multiple log lines: One for the TLS connection and one for each HTTP request passing through this TLS connection?
However, it's also clear that most users will not violently migrate from httplog to httpslog, and it's important to keep a smooth enough transition. This also means not to change stuff that would be relevant to httplog as well (e.g. delimitors, time format etc). We can (and should) have discussions about what to change in future log formats, but let's not use the https one as a bootstrap for passing everyone's missing field. Instead, let's focus on the SSL-specific stuff that users are always missing from HTTP logs, and try to establish a reasonable list that will always be there and suit most users without adding too much for others, and that will require limited adaptations to parsers.
Agree. Best regards Tim Düsterhus
