On Tue, Jul 06, 2021 at 12:19:56PM +0200, Tim Düsterhus wrote: > Willy, > > On 7/6/21 12:12 PM, Willy Tarreau wrote: > > A few points first, that are needed to address various concerns. The > > goal here is to defined an HTTPS log format because that's what the > > vast majority of users are dealing with day-to-day. For specific usages, > > everyone already redefines log formats. But for a very basic setup, right > > now it's true that httplog is a bit limited, and all it shows to help guess > > there was SSL involved is to append this '~' after the frontend's name. > > It was not clear to me that this log format is meant to apply to HTTPS > requests, because the example given by Remi does not include the HTTP verb > and neither the request URI (unless I need glasses). I thought it was a > format for TLS errors or something like this.
At least it was my understanding that it was mostly aimed at HTTPS given that the discussion we had on the subject started around this :-) > Is this a mistake in the examples? Or is HAProxy going to emit multiple log > lines: One for the TLS connection and one for each HTTP request passing > through this TLS connection? There was a discussion around logging at various layers, I don't remember if it was on the list or in a github issue, but I remember having been involved in this some time ago. I think that it makes sense to ultimately be able to emit error logs at various levels (i.e. when being certain that no other event will happen) but it's particularly confusing to log successes at various levels. Thus typically seeing TLS handshake failures is important but their success should not be logged as all the info will instead be available with the traffic logs. There are already enough users complaining about noise caused by client-aborted connections :-) Willy
