访问日志各字段解读
sidercar会在标准输出中打印访问日志,istio日志中每个字段的含义解读如下。由于不同istio版本的访问日志格式及其字段的内容存在差异,下面分1.15及以下版本和1.18及以上版本两大类进行说明。
1.15及以下版本
1.15版本及以下采用Istio的默认格式。以下面的istio日志为例,字段含义见下表。
[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% \"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" %UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n
|
日志标记 |
HTTP场景含义 |
TCP场景含义 |
UDP场景含义 |
样例 |
备注 |
|---|---|---|---|---|---|
|
[%START_TIME%] |
请求开始时间,毫秒 |
Downstream发起连接的时间 |
UDP proxy会话开始的时间 |
[2020-11-25T21:26:18.409Z] |
- |
|
\"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" |
请求方法 请求PATH 请求协议 |
\ |
\ |
"GET /status/418 HTTP/1.1" |
- |
|
%RESPONSE_CODE% |
响应码 |
\ |
\ |
418 |
- |
|
%RESPONSE_FLAGS% |
响应或连接的其他信息 |
响应或连接的其他信息 |
\ |
UH |
参考响应标记解读。 |
|
%RESPONSE_CODE_DETAILS% |
响应码详情:返回对象和原因 |
\ |
\ |
via_upstream |
- |
|
%CONNECTION_TERMINATION_DETAILS% |
请求被Envoy中止的L4层原因 |
同HTTP |
\ |
xxx |
- |
|
\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" |
传输层失败原因(TLS等) |
\ |
\ |
"TLSV1_ALERT_UNKNOWN_CA" |
- |
|
%BYTES_RECEIVED% |
收到的Body体大小 |
收到的数据包大小 |
\ |
0 |
- |
|
%BYTES_SENT% |
发送的Body体大小 |
发送的数据包大小 |
\ |
135 |
- |
|
%DURATION% |
从开始到发送最后1个Bytes的时间(毫秒) |
整个TCP连接的时间(毫秒) |
\ |
4 |
- |
|
%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% |
响应头X-ENVOY-UPSTREAM-SERVICE-TIME的内容 |
\ |
\ |
4 |
该头代表UPSTREAM处理请求和Envoy与UPSTREAM之间的网络延迟 |
|
\"%REQ(X-FORWARDED-FOR)%\" |
请求头X-FORWARDED-FOR的内容 |
\ |
\ |
"10.44.x.x" |
- |
|
\"%REQ(USER-AGENT)%\" |
请求头USER-AGEN的内容 |
\ |
\ |
"curl/7.73.0-DEV" |
- |
|
\"%REQ(X-REQUEST-ID)%\" |
请求头X-REQUEST-ID的内容 |
\ |
\ |
"84961386-6d84-929d-98bd-c5aee93b5c88" |
- |
|
\"%REQ(:AUTHORITY)%\" |
请求头AUTHORITY的内容 |
\ |
\ |
"httpbin:8000" |
- |
|
\"%UPSTREAM_HOST%\" |
UPSTREAM_HOST的主要地址 |
同HTTP |
同HTTP |
"10.44.x.x:80" |
- |
|
%UPSTREAM_CLUSTER% |
UPSTREAM_HOST所属的Cluster |
同HTTP |
同HTTP |
outbound|8000||httpbin.foo.svc.cluster.local |
- |
|
%UPSTREAM_LOCAL_ADDRESS% |
连接UPSTREAM_HOST所使用的本地地址 |
同HTTP |
同HTTP |
10.44.x.x:37652 |
- |
|
%DOWNSTREAM_LOCAL_ADDRESS% |
DOWNSTREAM连接的本地地址 |
同HTTP |
同HTTP |
10.0.x.x:8000 |
- |
|
%DOWNSTREAM_REMOTE_ADDRESS% |
DOWNSTREAM连接的对端地址 |
同HTTP |
同HTTP |
10.44.x.x:46520 |
- |
|
%REQUESTED_SERVER_NAME% |
SSL连接的SNI |
同HTTP |
\ |
xxx |
- |
|
%ROUTE_NAME% |
路由的名称 |
同HTTP |
\ |
default |
- |
1.18及以后版本
1.18的访问日志提供JSON格式的内容,以如下JSON格式为例。
{
"start_time": "%START_TIME%",
"route_name": "%ROUTE_NAME%",
"method": "%REQ(:METHOD)%",
"path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
"protocol": "%PROTOCOL%",
"response_code": "%RESPONSE_CODE%",
"response_flags": "%RESPONSE_FLAGS%",
"response_code_details": "%RESPONSE_CODE_DETAILS%",
"connection_termination_details": "%CONNECTION_TERMINATION_DETAILS%",
"bytes_received": "%BYTES_RECEIVED%",
"bytes_sent": "%BYTES_SENT%",
"duration": "%DURATION%",
"upstream_service_time": "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
"x_forwarded_for": "%REQ(X-FORWARDED-FOR)%",
"user_agent": "%REQ(USER-AGENT)%",
"request_id": "%REQ(X-REQUEST-ID)%",
"authority": "%REQ(:AUTHORITY)%",
"upstream_host": "%UPSTREAM_HOST%",
"upstream_cluster": "%UPSTREAM_CLUSTER%",
"upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%",
"downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%",
"downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%",
"requested_server_name": "%REQUESTED_SERVER_NAME%",
"upstream_transport_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%",
"pod_name": "%ENVIRONMENT(POD_NAME)%",
"pod_namespace": "%ENVIRONMENT(POD_NAMESPACE)%",
"mesh_id": "%ENVIRONMENT(ISTIO_META_ASM_MESH_ID)%",
"cluster_id": "%ENVIRONMENT(ISTIO_META_ASM_CLUSTER_ID)%",
}
了解更多
Istio官方日志介绍:Istio / Envoy Access Logs
Envoy官方日志字段含义:Access logging — envoy 1.31.0-dev-3d906a documentation (envoyproxy.io)
