search

mholt / caddy-l4

Layer 4 (TCP/UDP) app for Caddy
Apache License 2.0
808 stars 66 forks source link

[FEATURE]: Add support for access logs #204

Closed cruizba closed 1 week ago

cruizba commented 1 week ago

It would be nice to enable logging of any successful TCP/UDP connection to be able to spot unusual activity or IPs accessing layer4 servers.

cruizba commented 1 week ago

Oh, I discovered a way to log layer4 based on a previous answer in an issue: https://github.com/mholt/caddy-l4/issues/22#issuecomment-853497430

I've added this to my caddy config:

logging:
  logs:
    layer4access:
      level: DEBUG
      include:
        - layer4
      writer:
        output: stdout

Should I close the issue? Or is there a better way to enable access logging?

mholt commented 1 week ago

I'm pretty sure they are written by default. :thinking: I guess you have a non-default logger configured there; did you need more than the default logger?

cruizba commented 1 week ago

Yes, I am modifying the logging configuration. My goal is to set up a basic "access log" configuration to capture logs for both HTTP and Layer 4 connections.

Here is my configuration file:

apps:
  tls: ...
  layer4:
    <some-layer4-servers>
  http:
    service1:
      listen:
        - ":<port>"
      logs:
        default_logger_name: default
      routes:
        - handle:
            - handler: reverse_proxy
              upstreams:
                - dial: "<hostname1>:<port>"
          match:
            - host:
                - "<domain-name>"
    service2:
      listen:
        - ":<port>"
      logs:
        default_logger_name: default
      routes:
        - handle:
            - handler: reverse_proxy
              upstreams:
                - dial: "<hostname2>:<port>"
          match:
            - host:
                - "<domain-name>"

logging:
  logs:
    default:
      level: INFO
      include:
        - http
      writer:
        output: stdout
      encoder:
        format: filter
        wrap:
          format: json
        fields:
          "request>headers":
            filter: delete
          "resp_headers":
            filter: delete
          "request>uri":
            filter: query
            actions:
              - parameter: "access_token"
                type: delete
    layer4access:
      level: DEBUG
      include:
        - layer4
      writer:
        output: stdout

The key section is the logging configuration. I aim to log all HTTP servers by creating a default logger in the logging section of the Caddy config file, and specifying this in each HTTP server:

logs:
  default_logger_name: default

This works perfectly for HTTP servers. However, I am not seeing logs for TCP connections in the Layer 4 section. That's why I've tried to add the layer4access logger configured to print debug logs of the layer4 module.

Note that I am using filters in the default logger to exclude sensitive information from the logs. This should not affect the overall logging configuration.

I am considering removing the layer4access logger to see if Layer 4 logs appear, I will try and reply you back.

Thanks for your quick response :D

mholt commented 1 week ago

That looks right, then. If you want two separate loggers that selectively include this or that, then that's the basic idea. Looks good :)