search

sensu / sensu-go

Simple. Scalable. Multi-cloud monitoring.
https://sensu.io
MIT License
1.03k stars 175 forks source link

Enhanced apid logging #3972

Closed jspaleta closed 3 years ago

jspaleta commented 4 years ago

General problem

Tracking down rogue sensu backend api resource calls can be very difficult to troubleshoot. Can we enhance the logging to help?

Feature Suggestion

Enhance apid info log to include: 1) the request api address -> do i need to firewall off that host for now? 2) authenticated user making the request 3) info as to whether the method was called using api-key or token auth -> do i need to disable user or revoke api key? 4) print out http request User-Agent header -> We can start populating User-Agent in specalized handler plugins or sensuctl commands to help identify wtf is calling the api when troubleshooting the logs.

Context

troubleshooting rogue api access scripts can be a bit of a pain. Just need a little more information to help operators identifying which api related automation needs to be adjusted.

palourde commented 4 years ago

For reference, we already include the authenticated user in the logs:

{"component":"apid","duration":"1.348ms","level":"info","method":"GET","msg":"request completed","path":"/api/core/v2/namespaces/default/checks","size":536,"status":200,"time":"2020-08-18T14:08:28-04:00","user":"admin"}
stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.