Documentation ¶
Overview ¶
Package logger provides the accesslog logging logic for all proxies
Index ¶
Constants ¶
const ( FieldType = "type" FieldVerdict = "verdict" FieldCode = "code" FieldMethod = "method" FieldURL = "url" FieldProtocol = "protocol" FieldHeader = "header" FieldFilePath = logfields.Path FieldMessage = "message" )
fields used for structured logging
const ( FieldKafkaAPIKey = "kafkaApiKey" FieldKafkaAPIVersion = "kafkaApiVersion" FieldKafkaCorrelationID = "kafkaCorrelationID" )
fields used for structured logging of Kafka messages
Variables ¶
var LogTags logTags
LogTags are optional structured tags that can be attached to log records. See NewLogRecord() and ApplyTags() for example usage.
Functions ¶
func SetEndpointInfoRegistry ¶ added in v1.14.0
func SetEndpointInfoRegistry(epInfoRegistry EndpointInfoRegistry)
func SetMetadata ¶
func SetMetadata(md []string)
SetMetadata sets the metadata to include in each record
func SetNotifier ¶
func SetNotifier(n LogRecordNotifier)
SetNotifier sets the notifier to call for all L7 records
Types ¶
type AddressingInfo ¶
type AddressingInfo struct { SrcIPPort string DstIPPort string SrcIdentity identity.NumericIdentity DstIdentity identity.NumericIdentity }
AddressingInfo is the information passed in via the Addressing() tag
type EndpointInfoRegistry ¶
type EndpointInfoRegistry interface { // FillEndpointInfo resolves the labels of the specified identity if known locally. // If 'id' is passed as zero, will locate the EP by 'ip', and also fill info.ID, if found. // Fills in the following info member fields: // - info.IPv4 (if 'ip' is IPv4) // - info.IPv6 (if 'ip' is not IPv4) // - info.Identity (defaults to WORLD if not known) // - info.Labels (only if identity is found) FillEndpointInfo(info *accesslog.EndpointInfo, ip net.IP, id identity.NumericIdentity) }
EndpointInfoRegistry provides endpoint information lookup by endpoint IP address.
type EndpointInfoSource ¶
type EndpointInfoSource interface { GetID() uint64 GetIPv4Address() string GetIPv6Address() string GetIdentityLocked() identity.NumericIdentity GetLabels() []string HasSidecarProxy() bool // ConntrackName assumes that the caller has *not* acquired any mutexes // that may be associated with this EndpointInfoSource. It is (unfortunately) // up to the caller to know when to use this vs. ConntrackNameLocked, which // assumes that the caller has acquired any needed mutexes of the // implementation. ConntrackName() string ConntrackNameLocked() string GetNamedPortLocked(ingress bool, name string, proto uint8) uint16 }
EndpointInfoSource returns information about an endpoint being proxied. The read lock must be held when calling any method.
type EndpointUpdater ¶
type EndpointUpdater interface { EndpointInfoSource // OnProxyPolicyUpdate is called when the proxy acknowledges that it // has applied a policy. OnProxyPolicyUpdate(policyRevision uint64) // UpdateProxyStatistics updates the Endpoint's proxy statistics to account // for a new observed flow with the given characteristics. UpdateProxyStatistics(l4Protocol string, port uint16, ingress, request bool, verdict accesslog.FlowVerdict) // OnDNSPolicyUpdateLocked is called when the Endpoint's DNS policy has been updated. // 'rules' is a fresh copy of the DNS rules passed to the callee. OnDNSPolicyUpdateLocked(rules restore.DNSRules) }
EndpointUpdater returns information about an endpoint being proxied and is called back to update the endpoint when proxy events occur. This is a subset of `Endpoint`.
type LogRecord ¶
LogRecord is a proxy log record based off accesslog.LogRecord.
func NewLogRecord ¶
NewLogRecord creates a new log record and applies optional tags
Example: record := logger.NewLogRecord(flowType, observationPoint, logger.LogTags.Timestamp(time.Now()))
type LogRecordNotifier ¶
type LogRecordNotifier interface { // NewProxyLogRecord is called for each new log record NewProxyLogRecord(l *LogRecord) error }
LogRecordNotifier is the interface to implement LogRecord notifications. Each type that wants to implement this interface must support concurrent calls to the interface methods. Besides, the number of concurrent calls may be very high, so long critical sections should be avoided (i.e.: avoid using a single lock for slow logging operations).