forked from cloudfoundry/docs-bosh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
director-access-events.html.md.erb
66 lines (47 loc) · 2.14 KB
/
director-access-events.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
---
title: Access Event Logging
---
<p class="note">Note: This feature is available in bosh-release v256+.</p>
Director logs all API access events to syslog under `vcap.bosh.director` topic.
Here is a log snipped found in `/var/log/syslog` in [Common Event Format (CEF)](https://www.protect724.hpe.com/servlet/JiveServlet/downloadBody/1072-102-7-18874/CommonEventFormat%20v22.pdf):
```
May 13 05:13:34 localhost vcap.bosh.director[16199]: CEF:0|CloudFoundry|BOSH|1.0000.0|director_api|/deployments|7|requestMethod=GET src=127.0.0.1 spt=25556 shost=36ff45a2-51a2-488d-af95-953c43de4cec cs1=10.10.0.36,fe80::80a:99ff:fed6:df7d%eth0 cs1Label=ips cs2=X_BOSH_UPLOAD_REQUEST_TIME=0.000&HOST=127.0.0.1&X_REAL_IP=127.0.0.1&X_FORWARDED_FOR=127.0.0.1&X_FORWARDED_PROTO=https&USER_AGENT=EventMachine HttpClient cs2Label=httpHeaders cs3=none cs3Label=authType cs4=401 cs4Label=responseStatus cs5=Not authorized: '/deployments' cs5Label=statusReason
```
And in a more redable form:
```
May 13 05:13:34 localhost vcap.bosh.director[16199]:
CEF:0
CloudFoundry
BOSH
1.3232.0
director_api
/deployments
7
requestMethod=GET
src=127.0.0.1
spt=25556
shost=36ff45a2-51a2-488d-af95-953c43de4cec
cs1=10.10.0.36,fe80::80a:99ff:fed6:df7d%eth0
cs1Label=ips
cs2=X_BOSH_UPLOAD_REQUEST_TIME=0.000&HOST=127.0.0.1&X_REAL_IP=127.0.0.1&X_FORWARDED_FOR=127.0.0.1&X_FORWARDED_PROTO=https&USER_AGENT=EventMachine HttpClient
cs2Label=httpHeaders
cs3=none
cs3Label=authType
cs4=401
cs4Label=responseStatus
cs5=Not authorized: '/deployments'
cs5Label=statusReason
```
---
## <a id="enable"></a> Enabling Logging
To enable this feature:
1. Add [`director.log_access_events_to_syslog`](https://bosh.io/jobs/director?source=github.com/cloudfoundry/bosh#p=director.log_access_events_to_syslog) deployment manifest for the Director:
```yaml
properties:
director:
log_access_events_to_syslog: true
```
1. Optionally colocate [syslog-release's `syslog_forwarder` job](http://bosh.io/jobs/syslog_forwarder?source=github.com/cloudfoundry/syslog-release) with the Director to forward logs to a remote location.
1. Redeploy the Director.
---
[Back to Table of Contents](index.html#director-config)