David, that's exactly my goal as well. On closer reading of the docs, I see that this setting is to be used for writing these headers to the ops log. I guess it's time for me to learn what that's about. I've never quite been able to figure out how to get my hands on it. I also see an option for writing the ops log to a socket instead of the bucket it normally writes to. Seems like a good place for me to snag the info I need and transform and log it in an audit log. I'm going to investigate this and see what turns up.
Aaron On Mar 9, 2018, at 5:12 PM, David Turner <drakonst...@gmail.com<mailto:drakonst...@gmail.com>> wrote: Matt, my only goal is to be able to have something that can be checked to see which key was used to access which resource. The closest I was able to get in Jewel was rgw debug logging 10/10, but it generates 100+ lines of logs for every request and as Aaron points out takes some logic to combine the object, the key, and the action as well that it doesn't actually catch every type of request. It sounds like you've done some work with this. How can we utilize what you've done to be able to have audit logging on buckets? On Fri, Mar 9, 2018, 5:00 PM Aaron Bassett <aaron.bass...@nantomics.com<mailto:aaron.bass...@nantomics.com>> wrote: Ah yes, I found it: https://github.com/ceph/ceph/commit/3192ef6a034bf39becead5f87a0e48651fcab705<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ceph_ceph_commit_3192ef6a034bf39becead5f87a0e48651fcab705&d=DwMFaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=FHllL29ULMv_4o5Dyy1U8sv5F1VnHXVdIVkQ7EifinQ&s=EQhGrmDRtCR7Ib7inLmL5FIVGjBvxnnMpJtYauqKGMQ&e=> Unfortunately I can't quite figure out how to use it. I've got "rgw log http headers = "authorization" in my ceph.conf but I'm getting no love in the rgw log. Also, setting rgw debug level to 10 did get me the user access key id, but only incidentally, talking about a cache miss and put for the user, so I'm not sure how much I'd want to depend on that. Also, to Davids point, that makes thing very chatty and I'll have to do some processing to correlate the key id with the rest of the request info. Aaron On Mar 8, 2018, at 8:18 PM, Matt Benjamin <mbenj...@redhat.com<mailto:mbenj...@redhat.com>> wrote: Hi Yehuda, I did add support for logging arbitrary headers, but not a configurable log record a-la webservers. To level set, David, are you speaking about a file or pipe log sync on the RGW host? Matt On Thu, Mar 8, 2018 at 7:55 PM, Yehuda Sadeh-Weinraub <yeh...@redhat.com<mailto:yeh...@redhat.com>> wrote: On Thu, Mar 8, 2018 at 2:22 PM, David Turner <drakonst...@gmail.com<mailto:drakonst...@gmail.com>> wrote: I remember some time ago Yehuda had commented on a thread like this saying that it would make sense to add a logging/auditing feature like this to RGW. I haven't heard much about it since then, though. Yehuda, do you remember that and/or think that logging like this might become viable. I vaguely remember Matt was working on this. Matt? Yehuda On Thu, Mar 8, 2018 at 4:17 PM Aaron Bassett <aaron.bass...@nantomics.com<mailto:aaron.bass...@nantomics.com>> wrote: Yea thats what I was afraid of. I'm looking at possibly patching to add it, but i really dont want to support my own builds. I suppose other alternatives are to use proxies to log stuff, but that makes me sad. Aaron On Mar 8, 2018, at 12:36 PM, David Turner <drakonst...@gmail.com<mailto:drakonst...@gmail.com>> wrote: Setting radosgw debug logging to 10/10 is the only way I've been able to get the access key in the logs for requests. It's very unfortunate as it DRASTICALLY increases the amount of log per request, but it's what we needed to do to be able to have the access key in the logs along with the request. On Tue, Mar 6, 2018 at 3:09 PM Aaron Bassett <aaron.bass...@nantomics.com<mailto:aaron.bass...@nantomics.com>> wrote: Hey all, I'm trying to get something of an audit log out of radosgw. To that end I was wondering if theres a mechanism to customize the log format of civetweb. It's already writing IP, HTTP Verb, path, response and time, but I'm hoping to get it to print the Authorization header of the request, which containers the access key id which we can tie back into the systems we use to issue credentials. Any thoughts? Thanks, Aaron CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you. _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com<mailto:ceph-users@lists.ceph.com> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.ceph.com_listinfo.cgi_ceph-2Dusers-2Dceph.com&d=DwIBaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=q8So9TjC57treWWapD23wxqiYyUohBcrF1HlEB82ntY&s=SqGv02oZlntXRPTSqDK9e5nWhELurcxGkg8HxB-py_k&e= -- Matt <https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D315-250D-250A-2BWest-2BHuron-2BStreet-2C-2BSuite-2B140A-2B-250D-250A-2BAnn-250D-250A-2BArbor-2C-2BMichigan-2B48103-26entry-3Dgmail-26source-3Dg&d=DwMFaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=FHllL29ULMv_4o5Dyy1U8sv5F1VnHXVdIVkQ7EifinQ&s=KtfASUh8uPBNUxXP4ZrBZKjqRGGXdeiItlAYhUGIM-0&e=> Benjamin Red Hat, Inc. 315 West Huron Street, Suite 140A<https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D315-250D-250A-2BWest-2BHuron-2BStreet-2C-2BSuite-2B140A-2B-250D-250A-2BAnn-250D-250A-2BArbor-2C-2BMichigan-2B48103-26entry-3Dgmail-26source-3Dg&d=DwMFaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=FHllL29ULMv_4o5Dyy1U8sv5F1VnHXVdIVkQ7EifinQ&s=KtfASUh8uPBNUxXP4ZrBZKjqRGGXdeiItlAYhUGIM-0&e=> Ann Arbor, Michigan 48103<https://urldefense.proofpoint.com/v2/url?u=https-3A__maps.google.com_-3Fq-3D315-250D-250A-2BWest-2BHuron-2BStreet-2C-2BSuite-2B140A-2B-250D-250A-2BAnn-250D-250A-2BArbor-2C-2BMichigan-2B48103-26entry-3Dgmail-26source-3Dg&d=DwMFaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=FHllL29ULMv_4o5Dyy1U8sv5F1VnHXVdIVkQ7EifinQ&s=KtfASUh8uPBNUxXP4ZrBZKjqRGGXdeiItlAYhUGIM-0&e=> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.redhat.com_en_technologies_storage&d=DwIBaQ&c=Tpa2GKmmYSmpYS4baANxQwQYqA0vwGXwkJOPBegaiTs&r=5nKer5huNDFQXjYpOR4o_7t5CRI8wb5Vb_v1pBywbYw&m=q8So9TjC57treWWapD23wxqiYyUohBcrF1HlEB82ntY&s=WETrkwV8EkHd9iypM-7_WonFV4XeYhJbXCjg-c6dr84&e= tel. 734-821-5101 fax. 734-769-8938 cel. 734-216-5309 CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com