Requests from browsers are not logged

Eyal-Shalev commented 4 years ago

Summary

I've added the udp-log plugin to a kong instance, that points to a local logstash server. But browser request logs are not being sent to my logstash server, only curl requests from my terminal.

Steps To Reproduce

Setup kong (db-less)
Setup logstash (used a variation of github.com/deviantony/docker-elk)
Add the udp-log plugin pointing to the logstash port.
Add a POC service that returns OK 200 on every request.

Additional Details & Logs

Kong version: We are working with kong 1.1.3, but I tried kong 1.5.1 as well.

Kong debug-level startup logs

2020/08/04 17:44:53 [verbose] Kong: 1.1.3
2020/08/04 17:44:53 [debug] ngx_lua: 10013
2020/08/04 17:44:53 [debug] nginx: 1013006
2020/08/04 17:44:53 [debug] Lua: LuaJIT 2.1.0-beta3
2020/08/04 17:44:53 [verbose] reading config file at /usr/local/kong/etc/kong.conf
2020/08/04 17:44:53 [debug] reading environment variables
2020/08/04 17:44:53 [debug] KONG_NGINX_DAEMON ENV found with "off"
2020/08/04 17:44:53 [debug] admin_access_log = "logs/admin_access.log"
2020/08/04 17:44:53 [debug] admin_error_log = "logs/error.log"
2020/08/04 17:44:53 [debug] admin_listen = {"127.0.0.1:8001","127.0.0.1:8444 ssl"}
2020/08/04 17:44:53 [debug] anonymous_reports = true
2020/08/04 17:44:53 [debug] cassandra_consistency = "ONE"
2020/08/04 17:44:53 [debug] cassandra_contact_points = {"127.0.0.1"}
2020/08/04 17:44:53 [debug] cassandra_data_centers = {"dc1:2","dc2:3"}
2020/08/04 17:44:53 [debug] cassandra_keyspace = "kong"
2020/08/04 17:44:53 [debug] cassandra_lb_policy = "RequestRoundRobin"
2020/08/04 17:44:53 [debug] cassandra_port = 9042
2020/08/04 17:44:53 [debug] cassandra_repl_factor = 1
2020/08/04 17:44:53 [debug] cassandra_repl_strategy = "SimpleStrategy"
2020/08/04 17:44:53 [debug] cassandra_schema_consensus_timeout = 10000
2020/08/04 17:44:53 [debug] cassandra_ssl = false
2020/08/04 17:44:53 [debug] cassandra_ssl_verify = false
2020/08/04 17:44:53 [debug] cassandra_timeout = 5000
2020/08/04 17:44:53 [debug] cassandra_username = "kong"
2020/08/04 17:44:53 [debug] client_body_buffer_size = "8k"
2020/08/04 17:44:53 [debug] client_max_body_size = "0"
2020/08/04 17:44:53 [debug] client_ssl = false
2020/08/04 17:44:53 [debug] database = "off"
2020/08/04 17:44:53 [debug] db_cache_ttl = 0
2020/08/04 17:44:53 [debug] db_resurrect_ttl = 30
2020/08/04 17:44:53 [debug] db_update_frequency = 5
2020/08/04 17:44:53 [debug] db_update_propagation = 0
2020/08/04 17:44:53 [debug] declarative_config = "/usr/local/kong/etc/kong.yml"
2020/08/04 17:44:53 [debug] dns_error_ttl = 1
2020/08/04 17:44:53 [debug] dns_hostsfile = "/etc/hosts"
2020/08/04 17:44:53 [debug] dns_no_sync = false
2020/08/04 17:44:53 [debug] dns_not_found_ttl = 30
2020/08/04 17:44:53 [debug] dns_order = {"LAST","SRV","A","CNAME"}
2020/08/04 17:44:53 [debug] dns_resolver = {}
2020/08/04 17:44:53 [debug] dns_stale_ttl = 4
2020/08/04 17:44:53 [debug] error_default_type = "text/plain"
2020/08/04 17:44:53 [debug] headers = {"off"}
2020/08/04 17:44:53 [debug] log_level = "notice"
2020/08/04 17:44:53 [debug] lua_package_cpath = ""
2020/08/04 17:44:53 [debug] lua_package_path = "./?.lua;./?/init.lua;"
2020/08/04 17:44:53 [debug] lua_socket_pool_size = 30
2020/08/04 17:44:53 [debug] lua_ssl_verify_depth = 1
2020/08/04 17:44:53 [debug] mem_cache_size = "1024m"
2020/08/04 17:44:53 [debug] nginx_admin_directives = {}
2020/08/04 17:44:53 [debug] nginx_daemon = "off"
2020/08/04 17:44:53 [debug] nginx_http_directives = {{value="on",name="proxy_buffering"},{value="75s",name="proxy_connect_timeout"},{value="1m",name="proxy_busy_buffers_size"},{value="2700s",name="proxy_send_timeout"},{value="2700s",name="proxy_read_timeout"},{value="on",name="proxy_ignore_client_abort"},{value="2048 256k",name="proxy_buffers"},{value="1m",name="proxy_buffer_size"}}
2020/08/04 17:44:53 [debug] nginx_http_proxy_buffer_size = "1m"
2020/08/04 17:44:53 [debug] nginx_http_proxy_buffering = "on"
2020/08/04 17:44:53 [debug] nginx_http_proxy_buffers = "2048 256k"
2020/08/04 17:44:53 [debug] nginx_http_proxy_busy_buffers_size = "1m"
2020/08/04 17:44:53 [debug] nginx_http_proxy_connect_timeout = "75s"
2020/08/04 17:44:53 [debug] nginx_http_proxy_ignore_client_abort = "on"
2020/08/04 17:44:53 [debug] nginx_http_proxy_read_timeout = "2700s"
2020/08/04 17:44:53 [debug] nginx_http_proxy_send_timeout = "2700s"
2020/08/04 17:44:53 [debug] nginx_optimizations = true
2020/08/04 17:44:53 [debug] nginx_proxy_directives = {}
2020/08/04 17:44:53 [debug] nginx_sproxy_directives = {}
2020/08/04 17:44:53 [debug] nginx_stream_directives = {}
2020/08/04 17:44:53 [debug] nginx_user = "nobody nobody"
2020/08/04 17:44:53 [debug] nginx_worker_processes = "auto"
2020/08/04 17:44:53 [debug] origins = {}
2020/08/04 17:44:53 [debug] pg_database = "kong"
2020/08/04 17:44:53 [debug] pg_host = "127.0.0.1"
2020/08/04 17:44:53 [debug] pg_port = 5432
2020/08/04 17:44:53 [debug] pg_ssl = false
2020/08/04 17:44:53 [debug] pg_ssl_verify = false
2020/08/04 17:44:53 [debug] pg_timeout = 5000
2020/08/04 17:44:53 [debug] pg_user = "kong"
2020/08/04 17:44:53 [debug] plugins = {"bundled"}
2020/08/04 17:44:53 [debug] prefix = "/usr/local/kong"
2020/08/04 17:44:53 [debug] proxy_access_log = "logs/access.log"
2020/08/04 17:44:53 [debug] proxy_error_log = "logs/error.log"
2020/08/04 17:44:53 [debug] proxy_listen = {"0.0.0.0:8000","0.0.0.0:8443 ssl"}
2020/08/04 17:44:53 [debug] real_ip_header = "X-Real-IP"
2020/08/04 17:44:53 [debug] real_ip_recursive = "off"
2020/08/04 17:44:53 [debug] ssl_cipher_suite = "modern"
2020/08/04 17:44:53 [debug] ssl_ciphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
2020/08/04 17:44:53 [debug] stream_listen = {"off"}
2020/08/04 17:44:53 [debug] trusted_ips = {}
2020/08/04 17:44:53 [debug] upstream_keepalive = 60
2020/08/04 17:44:53 [verbose] prefix in use: /usr/local/kong
2020/08/04 17:44:53 [debug] loading subsystems migrations...
2020/08/04 17:44:53 [verbose] retrieving cache schema state...
2020/08/04 17:44:53 [verbose] schema state retrieved
2020/08/04 17:44:53 [verbose] preparing nginx prefix directory at /usr/local/kong
2020/08/04 17:44:53 [verbose] SSL enabled, no custom certificate set: using default certificate
2020/08/04 17:44:53 [verbose] generating default SSL certificate and key
2020/08/04 17:44:53 [verbose] Admin SSL enabled, no custom certificate set: using default certificate
2020/08/04 17:44:53 [verbose] generating admin SSL certificate and key
2020/08/04 17:44:53 [debug] searching for OpenResty 'nginx' executable
2020/08/04 17:44:53 [debug] /usr/local/openresty/nginx/sbin/nginx -v: 'nginx version: openresty/1.13.6.2'

Kong error logs

2020/08/04 17:44:54 [notice] 19#0: using the "epoll" event method
2020/08/04 17:44:54 [notice] 19#0: openresty/1.13.6.2
2020/08/04 17:44:54 [notice] 19#0: built by gcc 8.3.0 (Alpine 8.3.0) 
2020/08/04 17:44:54 [notice] 19#0: OS: Linux 4.19.76-linuxkit
2020/08/04 17:44:54 [notice] 19#0: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2020/08/04 17:44:54 [notice] 19#0: start worker processes
2020/08/04 17:44:54 [notice] 19#0: start worker process 24
2020/08/04 17:44:54 [notice] 19#0: start worker process 25
2020/08/04 17:44:54 [notice] 19#0: start worker process 26
2020/08/04 17:44:54 [notice] 19#0: start worker process 27
2020/08/04 17:44:54 [notice] 26#0: *3 [lua] cache.lua:186: purge(): [DB cache] purging (local) cache, context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 25#0: *2 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.001 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 25#0: *2 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.002 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 27#0: *4 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.001 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 27#0: *4 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.002 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 25#0: *2 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.004 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 24#0: *1 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.001 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 24#0: *1 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.002 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 27#0: *4 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.004 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 24#0: *1 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.004 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 25#0: *2 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.008 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 27#0: *4 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.008 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 24#0: *1 [lua] globalpatches.lua:47: sleep(): executing a blocking 'sleep' (0.008 seconds), context: init_worker_by_lua*
2020/08/04 17:44:54 [notice] 26#0: *3 [kong] init.lua:278 declarative config loaded from /usr/local/kong/etc/kong.yml, context: init_worker_by_lua*
2020/08/04 17:44:54 [warn] 26#0: *3 [lua] mesh.lua:86: init(): no cluster_ca in declarative configuration: cannot use node in mesh mode, context: init_worker_by_lua*

Kong configuration

{"plugins":{"enabled_in_cluster":["udp-log"],"available_on_server":{"response-transformer":true,"oauth2":true,"acl":true,"ip-restriction":true,"correlation-id":true,"statsd":true,"jwt":true,"cors":true,"request-transformer":true,"basic-auth":true,"key-auth":true,"rate-limiting":true,"file-log":true,"http-log":true,"prometheus":true,"hmac-auth":true,"ldap-auth":true,"datadog":true,"tcp-log":true,"zipkin":true,"post-function":true,"syslog":true,"bot-detection":true,"kubernetes-sidecar-injector":true,"request-size-limiting":true,"azure-functions":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"pre-function":true,"loggly":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"plugins":["bundled"],"admin_ssl_enabled":true,"lua_ssl_verify_depth":1,"trusted_ips":{},"prefix":"\/app","loaded_plugins":{"response-transformer":true,"request-termination":true,"loggly":true,"pre-function":true,"ip-restriction":true,"statsd":true,"jwt":true,"cors":true,"aws-lambda":true,"basic-auth":true,"key-auth":true,"rate-limiting":true,"response-ratelimiting":true,"http-log":true,"ldap-auth":true,"hmac-auth":true,"syslog":true,"datadog":true,"tcp-log":true,"zipkin":true,"post-function":true,"request-size-limiting":true,"acl":true,"kubernetes-sidecar-injector":true,"bot-detection":true,"azure-functions":true,"udp-log":true,"file-log":true,"request-transformer":true,"prometheus":true,"correlation-id":true,"oauth2":true},"cassandra_username":"kong","ssl_cert_key":"\/app\/ssl\/kong-default.key","admin_ssl_cert_key":"\/app\/ssl\/admin-kong-default.key","dns_resolver":{},"pg_user":"kong","mem_cache_size":"1024m","ssl_ciphers":"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256","nginx_admin_directives":{},"nginx_http_directives":[{"value":"75s","name":"proxy_connect_timeout"},{"value":"1m","name":"proxy_busy_buffers_size"},{"value":"2700s","name":"proxy_send_timeout"},{"value":"2700s","name":"proxy_read_timeout"},{"value":"2048 256k","name":"proxy_buffers"},{"value":"on","name":"proxy_ignore_client_abort"},{"value":"on","name":"proxy_buffering"},{"value":"1m","name":"proxy_buffer_size"},{"value":"prometheus_metrics 5m","name":"lua_shared_dict"}],"pg_host":"127.0.0.1","nginx_acc_logs":"\/app\/logs\/access.log","proxy_listen":["0.0.0.0:8000","0.0.0.0:8443 ssl"],"declarative_config":"\/app\/etc\/kong.yml","client_ssl_cert_default":"\/app\/ssl\/kong-default.crt","stream_listeners":{},"dns_no_sync":false,"db_update_propagation":0,"stream_listen":["off"],"nginx_err_logs":"\/app\/logs\/error.log","cassandra_port":9042,"nginx_http_proxy_connect_timeout":"75s","dns_error_ttl":1,"headers":["off"],"cassandra_lb_policy":"RequestRoundRobin","nginx_optimizations":true,"nginx_http_proxy_busy_buffers_size":"1m","origins":{},"database":"off","proxy_access_log":"logs\/access.log","db_update_frequency":5,"pg_database":"kong","nginx_worker_processes":"auto","cassandra_ssl":false,"lua_package_cpath":"","enabled_headers":{"latency_tokens":false,"X-Kong-Proxy-Latency":false,"Via":false,"server_tokens":false,"Server":false,"X-Kong-Upstream-Latency":false,"X-Kong-Upstream-Status":false},"admin_acc_logs":"\/app\/logs\/admin_access.log","proxy_error_log":"logs\/error.log","nginx_conf":"\/app\/nginx.conf","lua_package_path":".\/?.lua;.\/?\/init.lua;","nginx_http_proxy_send_timeout":"2700s","upstream_keepalive":60,"nginx_pid":"\/app\/pids\/nginx.pid","ssl_cert_csr_default":"\/app\/ssl\/kong-default.csr","error_default_type":"text\/plain","dns_order":["LAST","SRV","A","CNAME"],"cassandra_contact_points":["127.0.0.1"],"nginx_http_proxy_buffering":"on","admin_ssl_cert":"\/app\/ssl\/admin-kong-default.crt","proxy_listeners":[{"transparent":false,"ssl":false,"ip":"0.0.0.0","proxy_protocol":false,"port":8000,"http2":false,"listener":"0.0.0.0:8000"},{"transparent":false,"ssl":true,"ip":"0.0.0.0","proxy_protocol":false,"port":8443,"http2":false,"listener":"0.0.0.0:8443 ssl"}],"proxy_ssl_enabled":true,"nginx_http_proxy_read_timeout":"2700s","nginx_stream_directives":{},"lua_socket_pool_size":30,"nginx_sproxy_directives":{},"ssl_cipher_suite":"modern","db_resurrect_ttl":30,"nginx_proxy_directives":{},"cassandra_consistency":"ONE","client_max_body_size":"0","admin_error_log":"logs\/error.log","admin_ssl_cert_default":"\/app\/ssl\/admin-kong-default.crt","dns_not_found_ttl":30,"pg_ssl":false,"admin_access_log":"logs\/admin_access.log","nginx_http_proxy_ignore_client_abort":"on","cassandra_repl_strategy":"SimpleStrategy","pg_timeout":60000,"real_ip_header":"X-Real-IP","cassandra_timeout":60000,"nginx_http_proxy_buffers":"2048 256k","nginx_kong_conf":"\/app\/nginx-kong.conf","cassandra_schema_consensus_timeout":60000,"dns_hostsfile":"\/etc\/hosts","admin_listeners":[{"transparent":false,"ssl":false,"ip":"0.0.0.0","proxy_protocol":false,"port":8001,"http2":false,"listener":"0.0.0.0:8001"},{"transparent":false,"ssl":true,"ip":"0.0.0.0","proxy_protocol":false,"port":8444,"http2":false,"listener":"0.0.0.0:8444 ssl"}],"dns_stale_ttl":4,"ssl_cert":"\/app\/ssl\/kong-default.crt","log_level":"notice","admin_ssl_cert_key_default":"\/app\/ssl\/admin-kong-default.key","cassandra_ssl_verify":false,"kong_env":"\/app\/.kong_env","cassandra_data_centers":["dc1:2","dc2:3"],"real_ip_recursive":"off","cassandra_repl_factor":1,"client_ssl_cert_key_default":"\/app\/ssl\/kong-default.key","nginx_daemon":"off","anonymous_reports":true,"pg_ssl_verify":false,"db_cache_ttl":0,"pg_port":5432,"nginx_kong_stream_conf":"\/app\/nginx-kong-stream.conf","client_body_buffer_size":"8k","ssl_preread_enabled":true,"nginx_http_proxy_buffer_size":"1m","ssl_cert_key_default":"\/app\/ssl\/kong-default.key","cassandra_keyspace":"kong","ssl_cert_default":"\/app\/ssl\/kong-default.crt","client_ssl":false,"admin_listen":["0.0.0.0:8001","0.0.0.0:8444 ssl"]},"version":"1.1.3","node_id":"578f8d03-ff3d-442e-811f-3d25b5a7b375","lua_version":"LuaJIT 2.1.0-beta3","prng_seeds":{"pid: 24":102132213351,"pid: 26":261901741359,"pid: 27":150237721461,"pid: 19":124141486914,"pid: 25":145242178214},"timers":{"pending":3,"running":0},"hostname":"eab879872cc1"}

Operating system: mac, but I used docker-alpine for the kong server.

Eyal-Shalev commented 4 years ago

The following is the request I'm making:

curl 'http://localhost:8000/greet' \
  -H 'Connection: keep-alive' \
  -H 'Pragma: no-cache' \
  -H 'Cache-Control: no-cache' \
  -H 'Upgrade-Insecure-Requests: 1' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' \
  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'Sec-Fetch-Site: none' \
  -H 'Sec-Fetch-Mode: navigate' \
  -H 'Sec-Fetch-User: ?1' \
  -H 'Sec-Fetch-Dest: document' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  --compressed

Though the following request is logged:

curl 'http://localhost:8000/greet' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' \
  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  --compressed

It seems that the Sec-Fetch, Upgrade-Insecure-Requests, Pragma, Connection & Cache-Control headers prevent the request from being logged.

kikito commented 4 years ago

Hello Eyal,

My first impression is that this is a browser-caching issue. The browser caches the value of the first request it sends and then it does not send it the second time.

Can you try with a cache-busting param? http://localhost:8000/greet?rnd=12345 . Are requests done this way registered, even from the browser?
Can you confirm whether the curl with the extra headers is always ignored?

Eyal-Shalev commented 4 years ago

Hi @kikito, curl with the above headers doesn't register as well. That is how I figured which headers are problematic. Though, sometimes requests with the problematic headers were logged (but not consistently, and I couldn't figure out why).

Eyal-Shalev commented 4 years ago

Another curious thing, is that if the route doesn't exist in kong, the request is being logged.

Eyal-Shalev commented 4 years ago

Hi @kikito any news?

Eyal-Shalev commented 4 years ago

Do you guys have any news regarding this issue? @kikito , @hutchic ?

dndx commented 4 years ago

Hi @Eyal-Shalev,

I investigated the report, however I was not able to reproduce the bug with the exact curl command you gave. Could you make sure that you test this using the latest version of Kong and make sure nothing sits between the curl client and Kong is caching the HTTP request in the middle?

If there is a reliably way to reproduce this with the latest version of Kong, please share them in the issue (something like a Dockerfile or automated reproduction script will be helpful).

Eyal-Shalev commented 4 years ago

@dndx below is a small POC:

kong.yml

_format_version: "1.1"
services:
  - name: hello-world
    url: http://host.docker.internal:1234
    routes:
      - name: hello-world
        paths:
          - /greet
plugins:
  - name: udp-log
    config:
      host: host.docker.internal
      port: 5000

hello-world service is defined with the following go program.
hello-world.go

package main

import (
    "net/http"
)

func main() {
    _ = http.ListenAndServe("0.0.0.0:1234", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        w.Header().Set("Content-Type", "text/html")
        _, _ = w.Write([]byte(`"Hello world"`))
    }))
}

run-local.sh

docker run --rm -it --name hello-kong \
  -p 8000:8000 -p 8001:8001 \
  -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
  -e "KONG_MEM_CACHE_SIZE=1024m" \
  -e "KONG_DECLARATIVE_CONFIG=/usr/local/kong/etc/kong.yml" \
  -e "KONG_DATABASE=off" \
  -v "$PWD/kong.yml:/usr/local/kong/etc/kong.yml" \
  kong:2.1-alpine kong start --vv

My Logstash server is based on: deviantony/docker-elk.
with the following patch:

diff --git a/logstash/pipeline/logstash.conf b/logstash/pipeline/logstash.conf
index 14c76f8..3f8f313 100644
--- a/logstash/pipeline/logstash.conf
+++ b/logstash/pipeline/logstash.conf
@@ -1,6 +1,12 @@
 input {
        tcp {
                port => 5000
+               codec => json_lines
+               host => "0.0.0.0"
+       }
+       udp {
+               port => 5000
+               codec => json_lines
        }
 }

Eyal-Shalev commented 4 years ago

Below is a screen recording of the issue ezgif-4-0e930a5b0eef

bungle commented 4 years ago

Is it possible that the UDP packet is too big?

Eyal-Shalev commented 4 years ago

Is it possible that the UDP packet is too big?

How can I test it?

Eyal-Shalev commented 4 years ago

I switched to TCP and weirdly after testing again, I saw a single /greet request in the log. But future requests did not include it (via curl as well).

Is it possible that Kong is by default caching requests (and doesn't send them to the log)?

curl 'http://localhost:8000/greet' is always logged successfully.

Eyal-Shalev commented 4 years ago

This is the successful logged /greet request I had above (see image).

{
  "_index": "logstash-2020.09.07-000001",
  "_type": "_doc",
  "_id": "1ljumnQBIhYXwHJVS_aV",
  "_score": 1,
  "_source": {
    "host": "gateway",
    "request": {
      "headers": {
        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36",
        "sec-fetch-dest": "document",
        "sec-fetch-user": "?1",
        "dnt": "1",
        "host": "localhost:8000",
        "cookie": "sid=Fe26.2**2319dfbf22d73a731f89bec4ba6549deb577c4e128ecaaceb46c6f1f3f9ef516*Beq2xj8--LPqCymbG9kf6w*VJqJYyTyGHXB6FDbw3mslgA-43ILUEGwkOqbSjnVF7t3xWe1hVT0lY6tPi6mgrFnlSmaSdx0M37athpv0tIP28Kzb7O5eNiMpu7jkw_LZx_0hVkR2n_GyCMrRUGO7xRnq2oxtpsN8UUzjvp9SU24mO4qDMnD1A52L0co6ZpRl69tMdlnpETFF32HfHgFs7rcKxA6jtaGmg37gqRQmKdzMQ**f9baebbe1899f022a5be48035b84140245cb51a7e63353859237877d0ea0b2c7*G16J4koy1HK-nyjb_24o1JfeHtl5firJm7phIqSZ5eQ",
        "sec-fetch-mode": "navigate",
        "accept-encoding": "gzip, deflate, br",
        "upgrade-insecure-requests": "1",
        "accept-language": "en-US,en;q=0.9,he;q=0.8",
        "sec-fetch-site": "none",
        "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
        "connection": "keep-alive"
      },
      "method": "GET",
      "uri": "/greet",
      "size": "993",
      "querystring": {},
      "url": "http://localhost:8000/greet"
    },
    "port": 55504,
    "upstream_uri": "/",
    "service": {
      "write_timeout": 60000,
      "ws_id": "0dc6f45b-8f8d-40d2-a504-473544ee190b",
      "retries": 5,
      "host": "host.docker.internal",
      "read_timeout": 60000,
      "port": 1234,
      "connect_timeout": 60000,
      "id": "d7ca8386-6a7e-5bf7-bd63-347609249458",
      "name": "hello-world",
      "updated_at": 1600327132,
      "protocol": "http",
      "created_at": 1600327132
    },
    "tries": [
      {
        "balancer_latency": 0,
        "balancer_start": 1600327141848,
        "code": 502,
        "port": 1234,
        "ip": "192.168.65.2",
        "state": "failed"
      },
      {
        "balancer_latency": 0,
        "balancer_start": 1600327141850,
        "code": 502,
        "port": 1234,
        "ip": "192.168.65.2",
        "state": "failed"
      },
      {
        "balancer_latency": 0,
        "balancer_start": 1600327141853,
        "code": 502,
        "port": 1234,
        "ip": "192.168.65.2",
        "state": "failed"
      },
      {
        "balancer_latency": 0,
        "balancer_start": 1600327141854,
        "code": 502,
        "port": 1234,
        "ip": "192.168.65.2",
        "state": "failed"
      },
      {
        "balancer_latency": 0,
        "balancer_start": 1600327141855,
        "code": 502,
        "port": 1234,
        "ip": "192.168.65.2",
        "state": "failed"
      },
      {
        "balancer_latency": 0,
        "balancer_start": 1600327141857,
        "port": 1234,
        "ip": "192.168.65.2"
      }
    ],
    "route": {
      "ws_id": "0dc6f45b-8f8d-40d2-a504-473544ee190b",
      "regex_priority": 0,
      "path_handling": "v0",
      "strip_path": true,
      "paths": [
        "/greet"
      ],
      "id": "b2a5e842-2e58-5d07-878d-6c2f050c44ad",
      "service": {
        "id": "d7ca8386-6a7e-5bf7-bd63-347609249458"
      },
      "protocols": [
        "http",
        "https"
      ],
      "name": "greet",
      "https_redirect_status_code": 426,
      "updated_at": 1600327132,
      "created_at": 1600327132,
      "preserve_host": false
    },
    "latencies": {
      "request": 14,
      "kong": 13,
      "proxy": 1
    },
    "started_at": 1600327141844,
    "@timestamp": "2020-09-17T07:19:02.153Z",
    "response": {
      "headers": {
        "server": "kong/2.1.3",
        "x-kong-proxy-latency": "13",
        "x-kong-upstream-latency": "1",
        "via": "kong/2.1.3",
        "content-length": "75",
        "connection": "close",
        "content-type": "application/json; charset=utf-8"
      },
      "status": 502,
      "size": "322"
    },
    "@version": "1",
    "client_ip": "172.17.0.1"
  },
  "fields": {
    "@timestamp": [
      "2020-09-17T07:19:02.153Z"
    ]
  }
}

This is a logged curl 'http://localhost:8000/greet' request:

{
  "_index": "logstash-2020.09.07-000001",
  "_type": "_doc",
  "_id": "F1j5mnQBIhYXwHJVVf9A",
  "_score": 1,
  "_source": {
    "host": "172.19.0.1",
    "request": {
      "headers": {
        "accept": "*/*",
        "user-agent": "curl/7.64.1",
        "host": "localhost:8000"
      },
      "method": "GET",
      "uri": "/greet",
      "size": "83",
      "querystring": {},
      "url": "http://localhost:8000/greet"
    },
    "upstream_uri": "/",
    "service": {
      "write_timeout": 60000,
      "ws_id": "0dc6f45b-8f8d-40d2-a504-473544ee190b",
      "retries": 5,
      "host": "host.docker.internal",
      "read_timeout": 60000,
      "port": 1234,
      "connect_timeout": 60000,
      "id": "d7ca8386-6a7e-5bf7-bd63-347609249458",
      "name": "hello-world",
      "updated_at": 1600327807,
      "protocol": "http",
      "created_at": 1600327807
    },
    "tries": [
      {
        "balancer_latency": 0,
        "balancer_start": 1600327865542,
        "port": 1234,
        "ip": "192.168.65.2"
      }
    ],
    "route": {
      "ws_id": "0dc6f45b-8f8d-40d2-a504-473544ee190b",
      "regex_priority": 0,
      "path_handling": "v0",
      "strip_path": true,
      "paths": [
        "/greet"
      ],
      "id": "fca9ee99-edf2-51ca-bdc8-0714ecf9bb52",
      "service": {
        "id": "d7ca8386-6a7e-5bf7-bd63-347609249458"
      },
      "protocols": [
        "http",
        "https"
      ],
      "name": "hello-world",
      "https_redirect_status_code": 426,
      "updated_at": 1600327807,
      "created_at": 1600327807,
      "preserve_host": false
    },
    "latencies": {
      "request": 3,
      "kong": 0,
      "proxy": 2
    },
    "started_at": 1600327865541,
    "@timestamp": "2020-09-17T07:31:05.549Z",
    "response": {
      "headers": {
        "date": "Thu, 17 Sep 2020 07:31:05 GMT",
        "x-kong-proxy-latency": "1",
        "x-kong-upstream-latency": "2",
        "via": "kong/2.1.3",
        "content-length": "13",
        "connection": "close",
        "content-type": "text/plain; charset=UTF-8"
      },
      "status": 200,
      "size": "224"
    },
    "@version": "1",
    "client_ip": "172.17.0.1"
  },
  "fields": {
    "@timestamp": [
      "2020-09-17T07:31:05.549Z"
    ]
  }
}

Eyal-Shalev commented 4 years ago

@kikito are there any updates on this issue?

Eyal-Shalev commented 3 years ago

Are there any updates on this issue? @kikito @dndx @hutchic

dndx commented 3 years ago

Hello @Eyal-Shalev,

I took another look at your example and the udp-log source, and could not spot any reason why this would happen.

Could you provide some tcpdump pcap files for the Kong proxy port and the UDP log port? That way we can confirm if the browser request or the UDP log packet was actually sent.

Eyal-Shalev commented 3 years ago

@dndx Here is a dump created with Wireshark (filtered to only UDP entries) localhost-udp.pcapng

gszr commented 3 years ago

@Eyal-Shalev Could you use netcat and see if the UDP packages are received? You can open a UDP socket with netcat -vv 127.0.0.1 -p 5000 -u -l -- this is on a Mac; if you use Linux the command might be a bit different (check this out if needed https://www.binarytides.com/programming-udp-sockets-c-linux/). Thanks in advance!

Eyal-Shalev commented 3 years ago

@gszr I added a -z to the command (-z, --zero zero-I/O mode (used for scanning)). Without it only a single request is logged.

With the browser (2 requests):

~ % netcat -vv 127.0.0.1 -p 5000 -u -l -z
Listening on any address 5000 (commplex-main) (using 1 sockets)
Received packet from 127.0.0.1:50931 -> 127.0.0.1:5000 (local)
{"latencies":{"request":1,"kong":1,"proxy":-1},"request":{"querystring":{},"size":"513","uri":"\/favicon.ico","url":"http:\/\/localhost:8000\/favicon.ico","headers":{"host":"localhost:8000","connection":"keep-alive","accept-language":"en-US,en;q=0.9,he;q=0.8","sec-fetch-site":"same-origin","sec-fetch-dest":"image","cache-control":"no-cache","sec-fetch-mode":"no-cors","pragma":"no-cache","user-agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/87.0.4280.67 Safari\/537.36","accept-encoding":"gzip, deflate, br","referer":"http:\/\/localhost:8000\/greet","dnt":"1","accept":"image\/avif,image\/webp,image\/apng,image\/*,*\/*;q=0.8"},"method":"GET"},"client_ip":"172.17.0.1","upstream_uri":"","response":{"headers":{"content-type":"application\/json; charset=utf-8","x-kong-response-latency":"1","server":"kong\/2.1.3","connection":"close","content-length":"48"},"status":404,"size":"250"},"started_at":1606656272267}

Received packet from 127.0.0.1:57159 -> 127.0.0.1:5000 (local)
{"latencies":{"request":1,"kong":1,"proxy":-1},"request":{"querystring":{},"size":"513","uri":"\/favicon.ico","url":"http:\/\/localhost:8000\/favicon.ico","headers":{"host":"localhost:8000","connection":"keep-alive","accept-language":"en-US,en;q=0.9,he;q=0.8","sec-fetch-site":"same-origin","sec-fetch-dest":"image","cache-control":"no-cache","sec-fetch-mode":"no-cors","pragma":"no-cache","user-agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/87.0.4280.67 Safari\/537.36","accept-encoding":"gzip, deflate, br","referer":"http:\/\/localhost:8000\/greet","dnt":"1","accept":"image\/avif,image\/webp,image\/apng,image\/*,*\/*;q=0.8"},"method":"GET"},"client_ip":"172.17.0.1","upstream_uri":"","response":{"headers":{"content-type":"application\/json; charset=utf-8","x-kong-response-latency":"1","server":"kong\/2.1.3","connection":"close","content-length":"48"},"status":404,"size":"250"},"started_at":1606656278844}

With curl (2 requests):

~ % netcat -vv 127.0.0.1 -p 5000 -u -l -z
Listening on any address 5000 (commplex-main) (using 1 sockets)
Received packet from 127.0.0.1:62291 -> 127.0.0.1:5000 (local)
{"latencies":{"request":2,"kong":1,"proxy":1},"service":{"host":"host.docker.internal","created_at":1606656019,"connect_timeout":60000,"id":"d7ca8386-6a7e-5bf7-bd63-347609249458","protocol":"http","name":"hello-world","read_timeout":60000,"port":1234,"updated_at":1606656019,"write_timeout":60000,"retries":5,"ws_id":"0dc6f45b-8f8d-40d2-a504-473544ee190b"},"request":{"querystring":{},"size":"83","uri":"\/greet","url":"http:\/\/localhost:8000\/greet","headers":{"host":"localhost:8000","accept":"*\/*","user-agent":"curl\/7.64.1"},"method":"GET"},"client_ip":"172.17.0.1","tries":[{"balancer_latency":0,"port":1234,"balancer_start":1606656412521,"ip":"192.168.65.2"}],"upstream_uri":"\/","response":{"headers":{"content-type":"text\/plain; charset=UTF-8","date":"Sun, 29 Nov 2020 13:26:52 GMT","via":"kong\/2.1.3","connection":"close","x-kong-proxy-latency":"1","x-kong-upstream-latency":"1","content-length":"13"},"status":200,"size":"224"},"route":{"id":"fca9ee99-edf2-51ca-bdc8-0714ecf9bb52","path_handling":"v0","paths"

Received packet from 127.0.0.1:55896 -> 127.0.0.1:5000 (local)
{"latencies":{"request":3,"kong":1,"proxy":0},"service":{"host":"host.docker.internal","created_at":1606656019,"connect_timeout":60000,"id":"d7ca8386-6a7e-5bf7-bd63-347609249458","protocol":"http","name":"hello-world","read_timeout":60000,"port":1234,"updated_at":1606656019,"write_timeout":60000,"retries":5,"ws_id":"0dc6f45b-8f8d-40d2-a504-473544ee190b"},"request":{"querystring":{},"size":"83","uri":"\/greet","url":"http:\/\/localhost:8000\/greet","headers":{"host":"localhost:8000","accept":"*\/*","user-agent":"curl\/7.64.1"},"method":"GET"},"client_ip":"172.17.0.1","tries":[{"balancer_latency":0,"port":1234,"balancer_start":1606656422438,"ip":"192.168.65.2"}],"upstream_uri":"\/","response":{"headers":{"content-type":"text\/plain; charset=UTF-8","date":"Sun, 29 Nov 2020 13:27:02 GMT","via":"kong\/2.1.3","connection":"close","x-kong-proxy-latency":"2","x-kong-upstream-latency":"0","content-length":"13"},"status":200,"size":"224"},"route":{"id":"fca9ee99-edf2-51ca-bdc8-0714ecf9bb52","path_handling":"v0","paths"

Note: For some reason the JSON sent when requesting with CURL is invalid (maybe it is missing an assumed header).

gszr commented 3 years ago

@Eyal-Shalev So both requests were successfully logged if you use netcat instead of Logstash?

Eyal-Shalev commented 3 years ago

@gszr no. The request that is logged, is for the /favicon.ico path not for the /greet path - as seen by the logstash reports above. Sorry I did not point that out in the previous comment.

Eyal-Shalev commented 3 years ago

After building a custom UDP logger plugin (that encountered the same issue), I discovered that this is caused by a limit on the UDP packet size (MTU).

This did not come up when I used WireShark, because the limit was set inside the docker container I used to run Kong.

I'm closing this issue, but you guys should probably update the description on the udp-logger that requests won't be logged, if the information passed passes your MTU limit (of any part in the chain from the kong machine to the logger machine).

Kong / kong