Home Explore Help
Sign In
SMusatov
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Files Wiki
Branch: master
Branches Tags
seaweedfs
/
weed
/
s3api
/
s3err
/
audit_fluent.go

audit_fluent.go 5.7 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 
  1. package s3err
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"fmt"
    6. 

  6. 	"github.com/fluent/fluent-logger-golang/fluent"
    7. 

  7. 	"github.com/seaweedfs/seaweedfs/weed/glog"
    8. 

  8. 	"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
    9. 

  9. 	"net/http"
    10. 

  10. 	"os"
    11. 

  11. 	"time"
    12. 

  12. )
    13. 

  13. 

  14. type AccessLogExtend struct {
    15. 

  15. 	AccessLog
    16. 

  16. 	AccessLogHTTP
    17. 

  17. }
    18. 

  18. 

  19. type AccessLog struct {
    20. 

  20. 	Bucket           string `msg:"bucket" json:"bucket"`                   // awsexamplebucket1
    21. 

  21. 	Time             int64  `msg:"time" json:"time"`                       // [06/Feb/2019:00:00:38 +0000]
    22. 

  22. 	RemoteIP         string `msg:"remote_ip" json:"remote_ip,omitempty"`   // 192.0.2.3
    23. 

  23. 	Requester        string `msg:"requester" json:"requester,omitempty"`   // IAM user id
    24. 

  24. 	RequestID        string `msg:"request_id" json:"request_id,omitempty"` // 3E57427F33A59F07
    25. 

  25. 	Operation        string `msg:"operation" json:"operation,omitempty"`   // REST.HTTP_method.resource_type REST.PUT.OBJECT
    26. 

  26. 	Key              string `msg:"key" json:"key,omitempty"`               // /photos/2019/08/puppy.jpg
    27. 

  27. 	ErrorCode        string `msg:"error_code" json:"error_code,omitempty"`
    28. 

  28. 	HostId           string `msg:"host_id" json:"host_id,omitempty"`
    29. 

  29. 	HostHeader       string `msg:"host_header" json:"host_header,omitempty"` // s3.us-west-2.amazonaws.com
    30. 

  30. 	UserAgent        string `msg:"user_agent" json:"user_agent,omitempty"`
    31. 

  31. 	HTTPStatus       int    `msg:"status" json:"status,omitempty"`
    32. 

  32. 	SignatureVersion string `msg:"signature_version" json:"signature_version,omitempty"`
    33. 

  33. }
    34. 

  34. 

  35. type AccessLogHTTP struct {
    36. 

  36. 	RequestURI         string `json:"request_uri,omitempty"` // "GET /awsexamplebucket1/photos/2019/08/puppy.jpg?x-foo=bar HTTP/1.1"
    37. 

  37. 	BytesSent          string `json:"bytes_sent,omitempty"`
    38. 

  38. 	ObjectSize         string `json:"object_size,omitempty"`
    39. 

  39. 	TotalTime          int    `json:"total_time,omitempty"`
    40. 

  40. 	TurnAroundTime     int    `json:"turn_around_time,omitempty"`
    41. 

  41. 	Referer            string `json:"Referer,omitempty"`
    42. 

  42. 	VersionId          string `json:"version_id,omitempty"`
    43. 

  43. 	CipherSuite        string `json:"cipher_suite,omitempty"`
    44. 

  44. 	AuthenticationType string `json:"auth_type,omitempty"`
    45. 

  45. 	TLSVersion         string `json:"TLS_version,omitempty"`
    46. 

  46. }
    47. 

  47. 

  48. const tag = "s3.access"
    49. 

  49. 

  50. var (
    51. 

  51. 	Logger      *fluent.Fluent
    52. 

  52. 	hostname    = os.Getenv("HOSTNAME")
    53. 

  53. 	environment = os.Getenv("ENVIRONMENT")
    54. 

  54. )
    55. 

  55. 

  56. func InitAuditLog(config string) {
    57. 

  57. 	configContent, readErr := os.ReadFile(config)
    58. 

  58. 	if readErr != nil {
    59. 

  59. 		glog.Errorf("fail to read fluent config %s : %v", config, readErr)
    60. 

  60. 		return
    61. 

  61. 	}
    62. 

  62. 	fluentConfig := &fluent.Config{}
    63. 

  63. 	if err := json.Unmarshal(configContent, fluentConfig); err != nil {
    64. 

  64. 		glog.Errorf("fail to parse fluent config %s : %v", string(configContent), err)
    65. 

  65. 		return
    66. 

  66. 	}
    67. 

  67. 	if len(fluentConfig.TagPrefix) == 0 && len(environment) > 0 {
    68. 

  68. 		fluentConfig.TagPrefix = environment
    69. 

  69. 	}
    70. 

  70. 	fluentConfig.Async = true
    71. 

  71. 	fluentConfig.AsyncResultCallback = func(data []byte, err error) {
    72. 

  72. 		if err != nil {
    73. 

  73. 			glog.Warning("Error while posting log: ", err)
    74. 

  74. 		}
    75. 

  75. 	}
    76. 

  76. 	var err error
    77. 

  77. 	Logger, err = fluent.New(*fluentConfig)
    78. 

  78. 	if err != nil {
    79. 

  79. 		glog.Errorf("fail to load fluent config: %v", err)
    80. 

  80. 	}
    81. 

  81. }
    82. 

  82. 

  83. func getREST(httpMetod string, resourceType string) string {
    84. 

  84. 	return fmt.Sprintf("REST.%s.%s", httpMetod, resourceType)
    85. 

  85. }
    86. 

  86. 

  87. func getResourceType(object string, query_key string, metod string) (string, bool) {
    88. 

  88. 	if object == "/" {
    89. 

  89. 		switch query_key {
    90. 

  90. 		case "delete":
    91. 

  91. 			return "BATCH.DELETE.OBJECT", true
    92. 

  92. 		case "tagging":
    93. 

  93. 			return getREST(metod, "OBJECTTAGGING"), true
    94. 

  94. 		case "lifecycle":
    95. 

  95. 			return getREST(metod, "LIFECYCLECONFIGURATION"), true
    96. 

  96. 		case "acl":
    97. 

  97. 			return getREST(metod, "ACCESSCONTROLPOLICY"), true
    98. 

  98. 		case "policy":
    99. 

  99. 			return getREST(metod, "BUCKETPOLICY"), true
    100. 

  100. 		default:
    101. 

  101. 			return getREST(metod, "BUCKET"), false
    102. 

  102. 		}
    103. 

  103. 	} else {
    104. 

  104. 		switch query_key {
    105. 

  105. 		case "tagging":
    106. 

  106. 			return getREST(metod, "OBJECTTAGGING"), true
    107. 

  107. 		default:
    108. 

  108. 			return getREST(metod, "OBJECT"), false
    109. 

  109. 		}
    110. 

  110. 	}
    111. 

  111. }
    112. 

  112. 

  113. func getOperation(object string, r *http.Request) string {
    114. 

  114. 	queries := r.URL.Query()
    115. 

  115. 	var operation string
    116. 

  116. 	var queryFound bool
    117. 

  117. 	for key, _ := range queries {
    118. 

  118. 		operation, queryFound = getResourceType(object, key, r.Method)
    119. 

  119. 		if queryFound {
    120. 

  120. 			return operation
    121. 

  121. 		}
    122. 

  122. 	}
    123. 

  123. 	if len(queries) == 0 {
    124. 

  124. 		operation, _ = getResourceType(object, "", r.Method)
    125. 

  125. 	}
    126. 

  126. 	return operation
    127. 

  127. }
    128. 

  128. 

  129. func GetAccessHttpLog(r *http.Request, statusCode int, s3errCode ErrorCode) AccessLogHTTP {
    130. 

  130. 	return AccessLogHTTP{
    131. 

  131. 		RequestURI: r.RequestURI,
    132. 

  132. 		Referer:    r.Header.Get("Referer"),
    133. 

  133. 	}
    134. 

  134. }
    135. 

  135. 

  136. func GetAccessLog(r *http.Request, HTTPStatusCode int, s3errCode ErrorCode) *AccessLog {
    137. 

  137. 	bucket, key := s3_constants.GetBucketAndObject(r)
    138. 

  138. 	var errorCode string
    139. 

  139. 	if s3errCode != ErrNone {
    140. 

  140. 		errorCode = GetAPIError(s3errCode).Code
    141. 

  141. 	}
    142. 

  142. 	remoteIP := r.Header.Get("X-Real-IP")
    143. 

  143. 	if len(remoteIP) == 0 {
    144. 

  144. 		remoteIP = r.RemoteAddr
    145. 

  145. 	}
    146. 

  146. 	hostHeader := r.Header.Get("X-Forwarded-Host")
    147. 

  147. 	if len(hostHeader) == 0 {
    148. 

  148. 		hostHeader = r.Host
    149. 

  149. 	}
    150. 

  150. 	return &AccessLog{
    151. 

  151. 		HostHeader:       hostHeader,
    152. 

  152. 		RequestID:        r.Header.Get("X-Request-ID"),
    153. 

  153. 		RemoteIP:         remoteIP,
    154. 

  154. 		Requester:        r.Header.Get(s3_constants.AmzIdentityId),
    155. 

  155. 		SignatureVersion: r.Header.Get(s3_constants.AmzAuthType),
    156. 

  156. 		UserAgent:        r.Header.Get("user-agent"),
    157. 

  157. 		HostId:           hostname,
    158. 

  158. 		Bucket:           bucket,
    159. 

  159. 		HTTPStatus:       HTTPStatusCode,
    160. 

  160. 		Time:             time.Now().Unix(),
    161. 

  161. 		Key:              key,
    162. 

  162. 		Operation:        getOperation(key, r),
    163. 

  163. 		ErrorCode:        errorCode,
    164. 

  164. 	}
    165. 

  165. }
    166. 

  166. 

  167. func PostLog(r *http.Request, HTTPStatusCode int, errorCode ErrorCode) {
    168. 

  168. 	if Logger == nil {
    169. 

  169. 		return
    170. 

  170. 	}
    171. 

  171. 	if err := Logger.Post(tag, *GetAccessLog(r, HTTPStatusCode, errorCode)); err != nil {
    172. 

  172. 		glog.Warning("Error while posting log: ", err)
    173. 

  173. 	}
    174. 

  174. }
    175. 

  175. 

  176. func PostAccessLog(log AccessLog) {
    177. 

  177. 	if Logger == nil || len(log.Key) == 0 {
    178. 

  178. 		return
    179. 

  179. 	}
    180. 

  180. 	if err := Logger.Post(tag, log); err != nil {
    181. 

  181. 		glog.Warning("Error while posting log: ", err)
    182. 

  182. 	}
    183. 

  183. }
    184.