-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log HTTP requests, responses #13241
Comments
To ensure that this can wrong alongside the existing core, I think we need to preserve all of this data in exactly the same format as before.
I'm not against new data or anything, but if we add new data in the new platform, then we'll need to do the same in the old core until that aspect is moved entirely over to the new platform, so I recommend avoiding it.
Those are the only things I can think of |
Yep, filed #13412 to track that.
Yeah, the plan is to carefully and selectively replace current plugins/sub-systems/features with counterparts from the new platform one by one (e.g. logging). To avoid double work we'll be introducing breaking changes/new behavior only for already incorporated stuff. Here I just wanted to collect ideas in advance :)
Good, thanks. |
@azasypkin Anything else we need from this issue? We're moving forward with hapi, so that makes part of this moot. The rest seems relevant, but it also seems like we have a decision. |
Hmm, I think we need to do this eventually anyway. The fact that we're going to use Hapi in new platform doesn't change our intention to rely on our own logging system and get rid of At some point we'll reach feature parity between new and old logging systems and just get rid of Hapi-based logging (aka |
As far as I'm aware from the
I'm dealing with a situation where a user has a custom auth header showing up in their logs, and they need to filter it out and I recommended taking advantage of |
Yep, indeed, thanks for the input! |
Hi, is this advice still relevant to users that want to have the username from Auth header logged? https://discuss.elastic.co/t/how-can-i-setup-kibana-server-logs-for-capturing-the-user-logged-in-and-dashboards-viewed-info/174575/2?u=tsullivan
|
Hey, sorry for the late reply! I guess you can also achieve that with something like this: logging:
filter.authorization: none # it's `remove` by default
json: true |
Per our discussion this morning, I'm going to adjust the scope of this issue:
|
Pinging @elastic/kibana-core (Team:Core) |
I’ve spent awhile thinking through our options for how request/response logging could work in the new logging system and am working toward a draft PR, but first I'd like to get some input (cc @elastic/kibana-core). Legacy request/response loggingIn the legacy platform, there are two ways I’m aware of to enable request/response logging:
logging:
events:
request: "*"
response: "*" With verbose logging, a typical response log when
And when {
"type": "response",
"@timestamp": "2021-01-06T10:00:14-07:00",
"tags": [],
"pid": 57746,
"method": "post",
"statusCode": 200,
"req": {
"url": "/path/to/thing",
"method": "post",
"headers": {
"content-type": "application/json",
"authorization": "Basic ABC123==", // can be removed with logging.filters.authorization=none
"cookie": "sid=ABC123" // can be removed with logging.filters.cookie=none
// ...etc
},
"remoteAddress": "127.0.0.1",
"userAgent": "...",
"referer": "http://localhost:5601/app/discover"
},
"res": {
"statusCode": 200,
"responseTime": 16,
"contentLength": 9
},
"message": "POST /path/to/thing 200 16ms - 9.0B"
} (Note: the calculated response contentLength is broken right now anyway but can be fixed as part of this effort) So how do we translate all of this to the new platform logging system? KP request/response loggingThere are a few questions to answer here: How to configure? The simplest / most natural way to integrate these with the existing logging infrastructure would probably be to just put them under a dedicated context ( Also worth noting that folks who already enabled verbose logs would be getting a ton of new/duplicate response logs, unless we try to use this as a drop-in replacement for legacy response logging and integrate with the existing legacy configs. I'm not sure this makes sense since we should be aiming to conform to ECS which will require breaking changes. Other options:
How to actually log the responses? The first thing that comes to mind is to register lifecycle Other options:
TLDR
|
That's a hard one. I agree that having the request/response logs under a specific context seems way more consistent to the new logging philosophy (and log4j fwiw), so I would say that it sounds alright. In that case, I also agree that using the Also, we will only remove the legacy logging system on 8.0, so using So overall, I would say that I'm personally ok doing that. But I would like to hear what the others think.
As that's internal code, I would just go with the underlying |
Thinking about this more, we have a similar situation with I think this is what @restrry was proposing in #57546, if I'm understanding correctly? Re-reading that issue, I'm not 100% clear on that part. |
yes, imo it should align with the logging config across the stack.
Yeah, that how I was thinking of it. logging:
events:
request: "*"
response: "*" and disable Hapi network logs even when
+1 to use
How are you going to implement sensitive data (cookie, authorization header) filtering? We can start with filtering them out until we have a configurable filtering mechanism. @elastic/kibana-security do we want to provide the ability to log |
I can see the value in being able to log cookies and authorization headers for debug purposes assuming it's not enabled by default and can only be enabled intentionally and explicitly. |
++ Agreed, I was thinking along these lines too
Hadn't considered this, but sounds like a good idea.
@restrry I added a note to the issue on filtering with some possible approaches to discuss. My thinking was to remove cookie/authorization headers by default here (as is done in legacy platform). And then when #57547 is addressed, handle the filtering of these headers by that new mechanism instead. An alternative would be introducing the filtering mechanism first, and then revisiting this feature as a follow-up step. I think either approach would work. |
Currently Kibana is able to log requests, corresponding responses and various operations data (CPU, memory, disk, and other metrics). It's done with the help of
even-better
HapiJS plugin (fork ofgood
plugin). As far as I can tell this information is only logged withlogging.json: true
.Also there is additional
logging.filter
configuration value that allows Kibana to remove/censor some sensitive data from logs (e.g.authorization
orcookie
headers).In the
new-platform
we're not going to use HapiJS so we'll have to handle this differently. So let's start from the following questions first:authorization
andcookie
headers (i.e. only request/response use case)?Any thoughts?
/cc @elastic/kibana-platform @elastic/kibana-operations
Tasks:
logging.filter
config Implement filtering mechanism in the Logging service #57547The text was updated successfully, but these errors were encountered: