链接复制成功!
访问日志各字段解读
sidercar会在标准输出中打印访问日志,istio日志中每个字段的含义解读如下。由于不同istio版本的访问日志格式及其字段的内容存在差异,下面分1.15及以下版本和1.18及以上版本两大类进行说明。
1.15及以下版本
1.15版本及以下采用Istio的默认格式。以下面的istio日志为例,字段含义见下表。
[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n
日志标记 |
HTTP场景含义 |
TCP场景含义 |
UDP场景含义 |
样例 |
备注 |
---|---|---|---|---|---|
[%START_TIME%] |
请求开始时间,毫秒 |
Downstream发起连接的时间 |
UDP proxy会话开始的时间 |
[2020-11-25T21:26:18.409Z] |
- |
\"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" |
请求方法 请求PATH 请求协议 |
\ |
\ |
"GET /status/418 HTTP/1.1" |
- |
%RESPONSE_CODE% |
响应码 |
\ |
\ |
418 |
- |
%RESPONSE_FLAGS% |
响应或连接的其他信息 |
响应或连接的其他信息 |
\ |
UH |
参考响应标记解读。 |
%RESPONSE_CODE_DETAILS% |
响应码详情:返回对象和原因 |
\ |
\ |
via_upstream |
- |
%CONNECTION_TERMINATION_DETAILS% |
请求被Envoy中止的L4层原因 |
同HTTP |
\ |
xxx |
- |
\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" |
传输层失败原因(TLS等) |
\ |
\ |
"TLSV1_ALERT_UNKNOWN_CA" |
- |
%BYTES_RECEIVED% |
收到的Body体大小 |
收到的数据包大小 |
\ |
0 |
- |
%BYTES_SENT% |
发送的Body体大小 |
发送的数据包大小 |
\ |
135 |
- |
%DURATION% |
从开始到发送最后1个Bytes的时间(毫秒) |
整个TCP连接的时间(毫秒) |
\ |
4 |
- |
%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% |
响应头X-ENVOY-UPSTREAM-SERVICE-TIME的内容 |
\ |
\ |
4 |
该头代表UPSTREAM处理请求和Envoy与UPSTREAM之间的网络延迟 |
\"%REQ(X-FORWARDED-FOR)%\" |
请求头X-FORWARDED-FOR的内容 |
\ |
\ |
"10.44.x.x" |
- |
\"%REQ(USER-AGENT)%\" |
请求头USER-AGEN的内容 |
\ |
\ |
"curl/7.73.0-DEV" |
- |
\"%REQ(X-REQUEST-ID)%\" |
请求头X-REQUEST-ID的内容 |
\ |
\ |
"84961386-6d84-929d-98bd-c5aee93b5c88" |
- |
\"%REQ(:AUTHORITY)%\" |
请求头AUTHORITY的内容 |
\ |
\ |
"httpbin:8000" |
- |
\"%UPSTREAM_HOST%\" |
UPSTREAM_HOST的主要地址 |
同HTTP |
同HTTP |
"10.44.x.x:80" |
- |
%UPSTREAM_CLUSTER% |
UPSTREAM_HOST所属的Cluster |
同HTTP |
同HTTP |
outbound|8000||httpbin.foo.svc.cluster.local |
- |
%UPSTREAM_LOCAL_ADDRESS% |
连接UPSTREAM_HOST所使用的本地地址 |
同HTTP |
同HTTP |
10.44.x.x:37652 |
- |
%DOWNSTREAM_LOCAL_ADDRESS% |
DOWNSTREAM连接的本地地址 |
同HTTP |
同HTTP |
10.0.x.x:8000 |
- |
%DOWNSTREAM_REMOTE_ADDRESS% |
DOWNSTREAM连接的对端地址 |
同HTTP |
同HTTP |
10.44.x.x:46520 |
- |
%REQUESTED_SERVER_NAME% |
SSL连接的SNI |
同HTTP |
\ |
xxx |
- |
%ROUTE_NAME% |
路由的名称 |
同HTTP |
\ |
default |
- |
1.18及以后版本
1.18的访问日志提供JSON格式的内容,以如下JSON格式为例。
{ "start_time": "%START_TIME%", "route_name": "%ROUTE_NAME%", "method": "%REQ(:METHOD)%", "path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", "protocol": "%PROTOCOL%", "response_code": "%RESPONSE_CODE%", "response_flags": "%RESPONSE_FLAGS%", "response_code_details": "%RESPONSE_CODE_DETAILS%", "connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%", "bytes_received": "%BYTES_RECEIVED%", "bytes_sent": "%BYTES_SENT%", "duration": "%DURATION%", "upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%", "x_forwarded_for": "%REQ(X-FORWARDED-FOR)%", "user_agent": "%REQ(USER-AGENT)%", "request_id": "%REQ(X-REQUEST-ID)%", "authority": "%REQ(:AUTHORITY)%", "upstream_host": "%UPSTREAM_HOST%", "upstream_cluster": "%UPSTREAM_CLUSTER%", "upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%", "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", "requested_server_name": "%REQUESTED_SERVER_NAME%", "upstream_transport_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%", "pod_name": "%ENVIRONMENT(POD_NAME)%", "pod_namespace": "%ENVIRONMENT(POD_NAMESPACE)%", "mesh_id": "%ENVIRONMENT(ISTIO_META_ASM_MESH_ID)%", "cluster_id": "%ENVIRONMENT(ISTIO_META_ASM_CLUSTER_ID)%", }
了解更多
Istio官方日志介绍:Istio / Envoy Access Logs
Envoy官方日志字段含义:Access logging — envoy 1.31.0-dev-3d906a documentation (envoyproxy.io)