前往小程序,Get更优阅读体验!
立即前往
首页
学习
活动
专区
工具
TVP
发布
社区首页 >专栏 >隔山打牛之-借助nginx解析rgw日志

隔山打牛之-借助nginx解析rgw日志

作者头像
用户1260683
发布2020-02-25 16:31:12
1.2K0
发布2020-02-25 16:31:12
举报
文章被收录于专栏:Ceph对象存储方案

隔山打牛之-借助nginx解析rgw日志

需求及背景

知识tips:一般情况下每一个客户端发往RGW的HTTP请求都会在其header里面包含authorization这个字段,该字段中包含了用户的Access_key信息,但是AWS2和ASW4两种签名格式各不相同。 背景:业务在访问RGW服务的时候会记录对应的log,对比nginx一类的专业产品,原生的RGW日志格式和内容都太过粗糙,如果去改动RGW代码虽然可以满足需求,但是后续格式变化又要批量更新RGW,对运维造成不便,而且从管理的角度来看这类改动收益较低。因此从充分解耦的思想出发,想借助nginx来实现日志格式的标准化管理,因此在RGW前端架设了一层nginx作为反向代理。但是原生的nginx日志是无法解析出每个HTTP请求的authorization字段的,因此有了这篇文章。

解决方案

思路:通过nginx内置的map指令,解析http的header字段,将authorization字段按正则匹配进行解析,将解析出来的结果保存在自定义的变量access_key里面,最终将access_key的内容存储到log中,完成最终解析。

map指令用例参考:https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/

nginx配置内容如下,正则部分比较粗糙,只是抛砖引玉,大家可以根据情况自己做一些优化。

代码语言:javascript
复制
http {
   map $http_authorization $access_key {
   default "anonymous"; #未匹配的设置为匿名用户
   ~^AWS[\ ](.*):(.*) $1; #匹配AWS2签名
  ~^AWS4-HMAC-SHA256[\ ]Credential=(.*)/(.*)/(.*)/s3/aws4_request $1; #匹配AWS4签名
  }

    log_format  json  '{"scheme":"$scheme","http_host":"$http_host","remote_addr":"$remote_addr","server_addr":"$server_addr","time_local":"[$time_local]","request":"$request","status":$status,"body_bytes_sent":$body_bytes_sent,"http_referer":"$http_referer","http_user_agent":"$http_user_agent","upstream_addr":"$upstream_addr","upsteam_response_time":$upstream_response_time,"request_time":$request_time,"http_x_forwarded_for":"$http_x_forwarded_for","content_length":"$content_length","request_length":$request_length,"request_method":"$request_method","server_protocol":"$server_protocol","request_uri":"$request_uri","x_rgw_request_id":"$upstream_http_x_amz_request_id","access_key":"$authorization"}';
    access_log  /var/log/nginx/access.log  json;

最终效果

通过查看/var/log/nginx/access.log,可以看到最终效果如下

代码语言:javascript
复制
{"scheme":"http","http_host":"s3.cephbook.com","remote_addr":"127.0.0.1","server_addr":"127.0.0.1","time_local":"[15/Feb/2020:23:49:08 -0500]","request":"GET /rgw-demo/?delimiter=%2F HTTP/1.1","status":404,"body_bytes_sent":3650,"http_referer":"-","http_user_agent":"-","upstream_addr":"-","upsteam_response_time":-,"request_time":0.000,"http_x_forwarded_for":"-","content_length":"0","request_length":453,"request_method":"GET","server_protocol":"HTTP/1.1","request_uri":"/rgw-demo/?delimiter=%2F","x_rgw_request_id":"-","access_key":"B45IHF34SQPKDNHAUVVV"}
{"scheme":"http","http_host":"localhost","remote_addr":"127.0.0.1","server_addr":"127.0.0.1","time_local":"[15/Feb/2020:23:50:30 -0500]","request":"GET / HTTP/1.1","status":200,"body_bytes_sent":4833,"http_referer":"-","http_user_agent":"curl/7.29.0","upstream_addr":"-","upsteam_response_time":-,"request_time":0.000,"http_x_forwarded_for":"-","content_length":"-","request_length":73,"request_method":"GET","server_protocol":"HTTP/1.1","request_uri":"/","x_rgw_request_id":"-","access_key":"anonymous"}
{"scheme":"http","http_host":"s3.cephbook.com","remote_addr":"127.0.0.1","server_addr":"127.0.0.1","time_local":"[15/Feb/2020:23:52:40 -0500]","request":"GET / HTTP/1.1","status":200,"body_bytes_sent":4833,"http_referer":"-","http_user_agent":"-","upstream_addr":"-","upsteam_response_time":-,"request_time":0.000,"http_x_forwarded_for":"-","content_length":"0","request_length":207,"request_method":"GET","server_protocol":"HTTP/1.1","request_uri":"/","x_rgw_request_id":"-","access_key":"B45IHF34SQPKDNHAUVVV"}
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2020-02-24,如有侵权请联系 cloudcommunity@tencent.com 删除

本文分享自 Ceph对象存储方案 微信公众号,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体同步曝光计划  ,欢迎热爱写作的你一起参与!

评论
登录后参与评论
0 条评论
热度
最新
推荐阅读
目录
  • 隔山打牛之-借助nginx解析rgw日志
    • 需求及背景
      • 解决方案
        • 最终效果
        领券
        问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档