search

zmoog / public-notes

Apache License 2.0
0 stars 1 forks source link

Figure out how to get sample AppServiceConsoleLogs from Azure App Service #13

Open zmoog opened 1 year ago

zmoog commented 1 year ago

We are focusing on the AppServiceConsoleLogs log category.

Refs:

zmoog commented 1 year ago

I deployed a sample application following the steps at https://github.com/zmoog/public-notes/issues/14

It is now available at https://mbranca-app.azurewebsites.net.

If the page does not load immediately, you must wait for a few (>15) seconds for the container to return online.

CleanShot 2023-02-26 at 09 10 45@2x

zmoog commented 1 year ago

By accessing the page at https://mbranca-app.azurewebsites.net/ the application generates a few log categories:

Here is a screenshot of the logs sent to Elasticsearch using the Native Azure Integration:

CleanShot 2023-02-26 at 09 05 42@2x
zmoog commented 1 year ago

I also set up a diagnostic setting to send logs to an event hub:

CleanShot 2023-02-26 at 10 44 50@2x

zmoog commented 1 year ago

Time to fetch the logs from the event hub. I will try first with my small tool https://github.com/zmoog/eh

zmoog commented 1 year ago

Using a slightly modified version of https://github.com/zmoog/eh to dump the messages as strings:

$ go run entrypoints/cli/main.go tail > app-service.mbranca.2023-02-26_1139.ndjson

Analyzing the output:

$ cat app-service.mbranca.2023-02-26_1139.ndjson | jq '.records[].category' | sort | uniq -c
 122 "AppServiceConsoleLogs"
  72 "AppServiceHTTPLogs"
  10 "AppServicePlatformLogs"
$ cat app-service.mbranca.2023-02-26_1139.ndjson | grep -i 'AppServicePlatformLogs' |  jq '.records[0]'
{
  "resourceId": "/SUBSCRIPTIONS/123/RESOURCEGROUPS/MAURIZIO.BRANCA_RG_3838/PROVIDERS/MICROSOFT.WEB/SITES/MBRANCA-APP",
  "category": "AppServicePlatformLogs",
  "time": "2023-02-26T09:42:00.165Z",
  "level": "Informational",
  "operationName": "ContainerLogs",
  "properties": "{\"message\":\"Starting container for site\",\"containerName\":\"mbranca-app_Kudu_1_51b6ec07\"}",
  "EventStampType": "Stamp",
  "EventPrimaryStampName": "waws-prod-blu-405",
  "EventStampName": "waws-prod-blu-405",
  "Host": "lw0sdlwk0000HB",
  "EventIpAddress": "10.50.0.199"
}

$ cat app-service.mbranca.2023-02-26_1139.ndjson | grep -i 'AppServiceConsoleLogs' |  jq '.records[0]'
{
  "time": "2023-02-26T09:42:08.567698425Z",
  "resourceId": "/SUBSCRIPTIONS/123/RESOURCEGROUPS/MAURIZIO.BRANCA_RG_3838/PROVIDERS/MICROSOFT.WEB/SITES/MBRANCA-APP",
  "containerId": "d88579a409c5b4b1bcc19698c3be7431fd439b10e9c79bb98189fe3206f4576d",
  "operationName": "Microsoft.Web/sites/log",
  "category": "AppServiceConsoleLogs",
  "resultDescription": "    _____                               \n\n",
  "level": "Informational",
  "EventStampType": "Stamp",
  "EventPrimaryStampName": "waws-prod-blu-405",
  "EventStampName": "waws-prod-blu-405",
  "Host": "lw0sdlwk0000HB",
  "EventIpAddress": "10.50.0.199"
}

$ cat app-service.mbranca.2023-02-26_1139.ndjson | grep -i 'AppServiceHTTPLogs' |  jq '.records[0]'
{
  "time": "2023-02-26T09:38:47.1191830Z",
  "EventTime": "2023-02-26T09:38:47.1191830Z",
  "resourceId": "/SUBSCRIPTIONS/123/RESOURCEGROUPS/MAURIZIO.BRANCA_RG_3838/PROVIDERS/MICROSOFT.WEB/SITES/MBRANCA-APP",
  "properties": "{\"CsHost\":\"mbranca-app.azurewebsites.net\",\"CIp\":\"109.115.38.87\",\"SPort\":\"80\",\"CsUriStem\":\"\\/\",\"CsUriQuery\":\"\",\"CsMethod\":\"GET\",\"TimeTaken\":335,\"ScStatus\":\"200\",\"Result\":\"Success\",\"CsBytes\":\"1547\",\"ScBytes\":\"1588\",\"UserAgent\":\"Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\\/537.36 (KHTML, like Gecko) Chrome\\/110.0.0.0 Safari\\/537.36\",\"Cookie\":\"--\",\"CsUsername\":\"\",\"Referer\":\"\",\"ComputerName\":\"lw0sdlwk0000HB\"}",
  "category": "AppServiceHTTPLogs",
  "EventStampType": "Stamp",
  "EventPrimaryStampName": "waws-prod-blu-405",
  "EventStampName": "waws-prod-blu-405",
  "Host": "lw0sdlwk0000HB",
  "EventIpAddress": "10.50.0.199"
}