访问日志各字段解读
sidecar会在标准输出中打印访问日志,istio日志中每个字段的含义解读如下。由于不同istio版本的访问日志格式及其字段的内容存在差异,下面分1.15及以下版本和1.18及以上版本两大类进行说明。
1.15及以下版本
1.15版本及以下采用Istio的默认格式。以下面的istio日志为例,字段含义见下表。
[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n
日志标记 | HTTP场景含义 | TCP场景含义 | UDP场景含义 | 样例 | 备注 |
|---|---|---|---|---|---|
[%START_TIME%] | 请求开始时间,毫秒 | Downstream发起连接的时间 | UDP proxy会话开始的时间 | [2020-11-25T21:26:18.409Z] | - |
\"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" | 请求方法 请求PATH 请求协议 | \ | \ | "GET /status/418 HTTP/1.1" | - |
%RESPONSE_CODE% | 响应码 | \ | \ | 418 | - |
%RESPONSE_FLAGS% | 响应或连接的其他信息 | 响应或连接的其他信息 | \ | UH | 参考响应标记解读。 |
%RESPONSE_CODE_DETAILS% | 响应码详情:返回对象和原因 | \ | \ | via_upstream | - |
%CONNECTION_TERMINATION_DETAILS% | 请求被Envoy中止的L4层原因 | 同HTTP | \ | xxx | - |
\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" | 传输层失败原因(TLS等) | \ | \ | "TLSV1_ALERT_UNKNOWN_CA" | - |
%BYTES_RECEIVED% | 收到的Body体大小 | 收到的数据包大小 | \ | 0 | - |
%BYTES_SENT% | 发送的Body体大小 | 发送的数据包大小 | \ | 135 | - |
%DURATION% | 从开始到发送最后1个Bytes的时间(毫秒) | 整个TCP连接的时间(毫秒) | \ | 4 | - |
%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% | 响应头X-ENVOY-UPSTREAM-SERVICE-TIME的内容 | \ | \ | 4 | 该头代表UPSTREAM处理请求和Envoy与UPSTREAM之间的网络延迟 |
\"%REQ(X-FORWARDED-FOR)%\" | 请求头X-FORWARDED-FOR的内容 | \ | \ | "10.44.x.x" | - |
\"%REQ(USER-AGENT)%\" | 请求头USER-AGENT的内容 | \ | \ | "curl/7.73.0-DEV" | - |
\"%REQ(X-REQUEST-ID)%\" | 请求头X-REQUEST-ID的内容 | \ | \ | "84961386-6d84-929d-98bd-c5aee93b5c88" | - |
\"%REQ(:AUTHORITY)%\" | 请求头AUTHORITY的内容 | \ | \ | "httpbin:8000" | - |
\"%UPSTREAM_HOST%\" | UPSTREAM_HOST的主要地址 | 同HTTP | 同HTTP | "10.44.x.x:80" | - |
%UPSTREAM_CLUSTER% | UPSTREAM_HOST所属的Cluster | 同HTTP | 同HTTP | outbound|8000||httpbin.foo.svc.cluster.local | - |
%UPSTREAM_LOCAL_ADDRESS% | 连接UPSTREAM_HOST所使用的本地地址 | 同HTTP | 同HTTP | 10.44.x.x:37652 | - |
%DOWNSTREAM_LOCAL_ADDRESS% | DOWNSTREAM连接的本地地址 | 同HTTP | 同HTTP | 10.0.x.x:8000 | - |
%DOWNSTREAM_REMOTE_ADDRESS% | DOWNSTREAM连接的对端地址 | 同HTTP | 同HTTP | 10.44.x.x:46520 | - |
%REQUESTED_SERVER_NAME% | SSL连接的SNI | 同HTTP | \ | xxx | - |
%ROUTE_NAME% | 路由的名称 | 同HTTP | \ | default | - |
1.18及以后版本
1.18的访问日志提供JSON格式的内容,以如下JSON格式为例。
{
"start_time": "%START_TIME%",
"route_name": "%ROUTE_NAME%",
"method": "%REQ(:METHOD)%",
"path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"protocol": "%PROTOCOL%",
"response_code": "%RESPONSE_CODE%",
"response_flags": "%RESPONSE_FLAGS%",
"response_code_details": "%RESPONSE_CODE_DETAILS%",
"connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%",
"bytes_received": "%BYTES_RECEIVED%",
"bytes_sent": "%BYTES_SENT%",
"duration": "%DURATION%",
"upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"x_forwarded_for": "%REQ(X-FORWARDED-FOR)%",
"user_agent": "%REQ(USER-AGENT)%",
"request_id": "%REQ(X-REQUEST-ID)%",
"authority": "%REQ(:AUTHORITY)%",
"upstream_host": "%UPSTREAM_HOST%",
"upstream_cluster": "%UPSTREAM_CLUSTER%",
"upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%",
"downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%",
"downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%",
"requested_server_name": "%REQUESTED_SERVER_NAME%",
"upstream_transport_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%",
"pod_name": "%ENVIRONMENT(POD_NAME)%",
"pod_namespace": "%ENVIRONMENT(POD_NAMESPACE)%",
"mesh_id": "%ENVIRONMENT(ISTIO_META_ASM_MESH_ID)%",
"cluster_id": "%ENVIRONMENT(ISTIO_META_ASM_CLUSTER_ID)%",
} 了解更多
Istio官方日志介绍:Istio / Envoy Access Logs
Envoy官方日志字段含义:Access logging — envoy 1.31.0-dev-3d906a documentation (envoyproxy.io)
