Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport release/1.9.x] Add access log configuration for geoserver #576

Merged
merged 1 commit into from
Dec 18, 2024
Merged

[Backport release/1.9.x] Add access log configuration for geoserver #576

merged 1 commit into from
Dec 18, 2024

Conversation

groldan
Copy link
Member

@groldan groldan commented Dec 17, 2024
edited
Loading

Backport #575
Authored by: @groldan

Introduce an AccessLogFilter to log incoming requests based on the following configuration in geoserver_logging.yml, allowing to enable/disable the access log, and define which URIs to log when the logging.level.org.geoserver.cloud.accesslog logging topic is set to different levels:

logging:
  # Control behavior of the org.geoserver.cloud.accesslog logging topic. When enabled, the request logs will include the URI's that match
  # the following regular expressions at the spefified level. The defafult level is info (see logging.level.org.geoserver.cloud.accesslog below)
  # Additionally, if the json-logs spring profile is enabled, the log entries will include MDC attributes configured in the logging.mdc.include.* properties bellow
  accesslog:
    enabled: true
    # A list of java regular expressions applied to the request URL for logging at info level
    # The default behavior is to log all requests to the REST API
    info:
    - .*\/(rest|gwc\/rest)(\/.*|\?.*)?$
    # A list of java regular expressions applied to the request URL for logging at debug level
    # The default behavior is to log OWS requests
    debug:
    - .*\/(ows|ogc|wms|wfs|wcs|wps)(\/.*|\?.*)?$
    # A list of java regular expressions applied to the request URL for logging at trace level
    # The default behavior is to EXCLUDE only webui's static resources and known image extensions
    trace:
    - ^(?!.*\/web\/wicket\/resource\/)(?!.*\.(png|jpg|jpeg|gif|svg|webp|ico)(\\?.*)?$).*$

For example, the following request:

curl -u admin:geoserver -X POST -H "Content-Type: application/xml" \
http://localhost:9090/geoserver/cloud/rest/workspaces \
-d '<workspace><name>testws</name></workspace>'

Will produce a log entry like this (except the JSON formatting, which is added for clarity):

{
  "@timestamp": "2024-12-16T04:51:11.229-03:00",
  "@version": "1",
  "message": "POST 201 /geoserver/cloud/rest/workspaces ",
  "logger_name": "org.geoserver.cloud.accesslog",
  "thread_name": "http-nio-9105-exec-2",
  "level": "INFO",
  "level_value": 20000,
  "enduser.authenticated": "true",
  "application.instance.id": "restconfig-v1:192.168.86.128:9105",
  "enduser.id": "admin",
  "http.request.method": "POST",
  "application.version": "1.10-SNAPSHOT",
  "http.request.id": "01jf9sjy4ndynkd2bq7g6qx6x7",
  "http.request.url": "/geoserver/cloud/rest/workspaces",
  "application.name": "restconfig-v1"
}

@groldan @github-actions
Add access log configuration for geoserver
3c8eba5 
Introduce an `AccessLogFilter` to log incoming requests based on
the following configuration in `geoserver_logging.yml`, allowing
to enable/disable the access log, and define which URIs to log
when the `logging.level.org.geoserver.cloud.accesslog` logging
topic is set to different levels:

```yaml
logging:
  # Control behavior of the org.geoserver.cloud.accesslog logging topic. When enabled, the request logs will include the URI's that match
  # the following regular expressions at the spefified level. The defafult level is info (see logging.level.org.geoserver.cloud.accesslog below)
  # Additionally, if the json-logs spring profile is enabled, the log entries will include MDC attributes configured in the logging.mdc.include.* properties bellow
  accesslog:
    enabled: true
    # A list of java regular expressions applied to the request URL for logging at info level
    # The default behavior is to log all requests to the REST API
    info:
    - .*\/(rest|gwc\/rest)(\/.*|\?.*)?$
    # A list of java regular expressions applied to the request URL for logging at debug level
    # The default behavior is to log OWS requests
    debug:
    - .*\/(ows|ogc|wms|wfs|wcs|wps)(\/.*|\?.*)?$
    # A list of java regular expressions applied to the request URL for logging at trace level
    # The default behavior is to EXCLUDE only webui's static resources and known image extensions
    trace:
    - ^(?!.*\/web\/wicket\/resource\/)(?!.*\.(png|jpg|jpeg|gif|svg|webp|ico)(\\?.*)?$).*$
```

For example, the following request:

```shell
curl -u admin:geoserver -X POST -H "Content-Type: application/xml" \
http://localhost:9090/geoserver/cloud/rest/workspaces \
-d '<workspace><name>testws</name></workspace>'
```

Will produce a log entry like this (except the JSON formatting, which is
added for clarity):

```json
{
  "@timestamp": "2024-12-16T04:51:11.229-03:00",
  "@Version": "1",
  "message": "POST 201 /geoserver/cloud/rest/workspaces ",
  "logger_name": "org.geoserver.cloud.accesslog",
  "thread_name": "http-nio-9105-exec-2",
  "level": "INFO",
  "level_value": 20000,
  "enduser.authenticated": "true",
  "application.instance.id": "restconfig-v1:192.168.86.128:9105",
  "enduser.id": "admin",
  "http.request.method": "POST",
  "application.version": "1.10-SNAPSHOT",
  "http.request.id": "01jf9sjy4ndynkd2bq7g6qx6x7",
  "http.request.url": "/geoserver/cloud/rest/workspaces",
  "application.name": "restconfig-v1"
}
```
@groldan groldan merged commit 3a20c94 into release/1.9.x Dec 18, 2024
4 of 6 checks passed
@groldan groldan deleted the backport-575-to-release/1.9.x branch December 18, 2024 17:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@groldan