Enhance traefik integration to also handle JSON-formatted access logs (…

…#770) * Migrating traefik module * Formatting package files * Removing invalid path field * Adding categories * Formatting tweaks * Adding pipeline test files * Adding YAML header * Adding system tests * Renaming pipeline test case files * Fixing pipeline tests * Adding sample event for health data set * Adding system test for access data stream * Adding README * Starting to handle JSON formatted logs * Adding ARG to Dockerfile for log format * Adding sample JSON logs * Running elastic-package format * Removing host field from sample event * Fix docker compose file * Splitting in commonlog and json format pipelines * Making pipeline test pass * Updating README.md * Address TODOs in pipeline * Specify services in system test configs * Refactoring out common processors into common pipeline * Add @timestamp field * Adding service to health data stream system test * Adding CHANGELOG entries * Parsing out event.duration * Regenerating sample events * Updating README * Add allow_duplicates: false for related.* fields' append processors * Adding community_id processor * Populating url.domain * Set allow_duplicates: false for other append processors * Regenerating README
elastic · Mar 23, 2021 · c83a14c · c83a14c
1 parent 5c07017
commit c83a14c
Show file tree

Hide file tree

Showing 24 changed files with 762 additions and 314 deletions.
diff --git a/packages/traefik/_dev/deploy/docker/Dockerfile b/packages/traefik/_dev/deploy/docker/Dockerfile
@@ -1,7 +1,8 @@
 ARG TRAEFIK_VERSION
 FROM traefik:${TRAEFIK_VERSION}-alpine
 
-COPY ./traefik.toml /etc/traefik/traefik.toml
+ARG TRAEFIK_LOG_FORMAT
+COPY ./traefik_format_${TRAEFIK_LOG_FORMAT}.toml /etc/traefik/traefik.toml
 
 RUN apk add --no-cache curl
 HEALTHCHECK --interval=1s --retries=90 CMD curl --header 'Host:backend.elastic-package-service.docker.localhost' 'http://localhost:80/'
diff --git a/packages/traefik/_dev/deploy/docker/docker-compose.yml b/packages/traefik/_dev/deploy/docker/docker-compose.yml
@@ -1,13 +1,33 @@
 version: '2.3'
 services:
-  traefik:
+  traefik_format_common:
     # Commented out `image:` below until we have a process to refresh the hosted images from
     # Dockerfiles in this repo. Until then, we build the image locally using `build:` below.
     # image: docker.elastic.co/integrations-ci/beats-traefik:${TRAEFIK_VERSION:-1.6}-1
     build:
       context: .
+      dockerfile: Dockerfile
       args:
         TRAEFIK_VERSION: ${SERVICE_VERSION:-1.7}
+        TRAEFIK_LOG_FORMAT: common
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${SERVICE_LOGS_DIR}:/var/log
+    ports:
+      - 8080
+      - 80
+    depends_on:
+      - backend
+  traefik_format_json:
+    # Commented out `image:` below until we have a process to refresh the hosted images from
+    # Dockerfiles in this repo. Until then, we build the image locally using `build:` below.
+    # image: docker.elastic.co/integrations-ci/beats-traefik:${TRAEFIK_VERSION:-1.6}-1
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        TRAEFIK_VERSION: ${TRAEFIK_VERSION:-1.7}
+        TRAEFIK_LOG_FORMAT: json
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ${SERVICE_LOGS_DIR}:/var/log

diff --git a/...s/traefik/_dev/deploy/docker/traefik.toml → .../deploy/docker/traefik_format_common.toml b/...s/traefik/_dev/deploy/docker/traefik.toml → .../deploy/docker/traefik_format_common.toml
@@ -1,5 +1,5 @@
 [accessLog]
-  filePath = "/var/log/access.log"
+  filePath = "/var/log/access-common.log"
 
 [api]
 

diff --git a/packages/traefik/_dev/deploy/docker/traefik_format_json.toml b/packages/traefik/_dev/deploy/docker/traefik_format_json.toml
@@ -0,0 +1,9 @@
+[accessLog]
+  filePath = "/var/log/access-json.log"
+  format = "json"
+
+[api]
+
+# Docker configuration backend
+[docker]
+  domain = "docker.localhost"
diff --git a/packages/traefik/changelog.yml b/packages/traefik/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.1.1"
+  changes:
+    - description: parse either commonlog- or json-formatted logs
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/770
 - version: "0.1.0"
   changes:
     - description: initial release

diff --git a/...ccess/_dev/test/pipeline/test-default.log → ..._dev/test/pipeline/test-format-common.log b/...ccess/_dev/test/pipeline/test-default.log → ..._dev/test/pipeline/test-format-common.log
diff --git a/...test/pipeline/test-default.log-config.yml → ...ipeline/test-format-common.log-config.yml b/...test/pipeline/test-default.log-config.yml → ...ipeline/test-format-common.log-config.yml
diff --git a/...t/pipeline/test-default.log-expected.json → ...line/test-format-common.log-expected.json b/...t/pipeline/test-default.log-expected.json → ...line/test-format-common.log-expected.json
@@ -16,6 +16,9 @@
             "url": {
                 "original": "/ui/favicons/favicon-16x16.png"
             },
+            "network": {
+                "transport": "tcp"
+            },
             "@timestamp": "2017-10-02T20:22:07.000Z",
             "related": {
                 "ip": [
@@ -37,7 +40,7 @@
             },
             "event": {
                 "duration": 2000000,
-                "ingested": "2021-03-09T00:28:30.210727200Z",
+                "ingested": "2021-03-23T00:36:56.398537500Z",
                 "created": "2020-04-28T11:07:58.223Z",
                 "kind": "event",
                 "category": [
@@ -97,6 +100,9 @@
             "url": {
                 "original": "/ui/favicons/favicon.ico"
             },
+            "network": {
+                "transport": "tcp"
+            },
             "@timestamp": "2017-10-02T20:22:08.000Z",
             "related": {
                 "ip": [
@@ -118,7 +124,7 @@
             },
             "event": {
                 "duration": 3000000,
-                "ingested": "2021-03-09T00:28:30.210739Z",
+                "ingested": "2021-03-23T00:36:56.398548400Z",
                 "created": "2020-04-28T11:07:58.223Z",
                 "kind": "event",
                 "category": [
@@ -178,6 +184,9 @@
             "url": {
                 "original": "/en/"
             },
+            "network": {
+                "transport": "tcp"
+            },
             "@timestamp": "2018-02-28T17:30:33.000Z",
             "related": {
                 "ip": [
@@ -198,7 +207,7 @@
             },
             "event": {
                 "duration": 247000000,
-                "ingested": "2021-03-09T00:28:30.210744300Z",
+                "ingested": "2021-03-23T00:36:56.398559Z",
                 "created": "2020-04-28T11:07:58.223Z",
                 "kind": "event",
                 "category": [
@@ -242,6 +251,9 @@
             "url": {
                 "original": "/"
             },
+            "network": {
+                "transport": "tcp"
+            },
             "@timestamp": "2018-11-29T15:03:51.000Z",
             "related": {
                 "ip": [
@@ -263,7 +275,7 @@
             },
             "event": {
                 "duration": 0,
-                "ingested": "2021-03-09T00:28:30.210751100Z",
+                "ingested": "2021-03-23T00:36:56.398568300Z",
                 "created": "2020-04-28T11:07:58.223Z",
                 "kind": "event",
                 "category": [
@@ -320,6 +332,9 @@
             "url": {
                 "original": "/assets/52f8f2e711d235d76044799e/owners?oauth_token=ya29.GltABOXd_gtG-XVvYX2YhxXJiXVvbHRMXn9fbzc_mDfl2rDhqK0CrAlwuwwRWnNnEaMDwkmyI7-QGbRSB0Hzje2cc__FjTQ1iuiYTSIBaIPfxSWip5jx6zqvsVVo"
             },
+            "network": {
+                "transport": "tcp"
+            },
             "@timestamp": "2018-01-19T10:01:02.000Z",
             "related": {
                 "ip": [
@@ -340,7 +355,7 @@
             },
             "event": {
                 "duration": 13000000,
-                "ingested": "2021-03-09T00:28:30.210761600Z",
+                "ingested": "2021-03-23T00:36:56.398577500Z",
                 "created": "2020-04-28T11:07:58.223Z",
                 "kind": "event",
                 "category": [
@@ -399,6 +414,9 @@
             "url": {
                 "original": "/marketplace/tax?oauth_token=ya29.Gl0fBWnrJ7DcEU-tN-O3Vxn2XZVaz2I-hFTjP1JQzhYFVT-SKtlmo9hSzrx3n82LUwUxJ1s5lmU8U3Mc9gA_aCxBk49ShYEwvmYOWxJJyldDIJ7hY4us4LoiSY1OqAM"
             },
+            "network": {
+                "transport": "tcp"
+            },
             "@timestamp": "2018-01-19T10:01:02.000Z",
             "related": {
                 "ip": [
@@ -419,7 +437,7 @@
             },
             "event": {
                 "duration": 8000000,
-                "ingested": "2021-03-09T00:28:30.210770800Z",
+                "ingested": "2021-03-23T00:36:56.398586800Z",
                 "created": "2020-04-28T11:07:58.223Z",
                 "kind": "event",
                 "category": [
@@ -476,7 +494,7 @@
                 "ip": "127.0.0.1"
             },
             "event": {
-                "ingested": "2021-03-09T00:28:30.210774800Z",
+                "ingested": "2021-03-23T00:36:56.398595900Z",
                 "category": [
                     "web"
                 ],
@@ -492,6 +510,9 @@
             },
             "url": {
                 "original": "/apache_pb.gif"
+            },
+            "network": {
+                "transport": "tcp"
             }
         }
     ]

diff --git a/packages/traefik/data_stream/access/_dev/test/pipeline/test-format-json.log b/packages/traefik/data_stream/access/_dev/test/pipeline/test-format-json.log
@@ -0,0 +1,2 @@
+{"BackendAddr":"","BackendName":"Traefik","BackendURL":{"Scheme":"","Opaque":"","User":null,"Host":"","Path":"/","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"ClientAddr":"127.0.0.1:48658","ClientHost":"127.0.0.1","ClientPort":"48658","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"DownstreamStatusLine":"404 Not Found","Duration":40356,"FrontendName":"backend not found","OriginContentSize":19,"OriginDuration":4086,"OriginStatus":404,"OriginStatusLine":"404 Not Found","Overhead":36270,"RequestAddr":"backend.elastic-package-service.docker.localhost","RequestContentSize":0,"RequestCount":7,"RequestHost":"backend.elastic-package-service.docker.localhost","RequestLine":"GET / HTTP/1.1","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RetryAttempts":0,"StartLocal":"2021-03-16T18:56:54.735539596Z","StartUTC":"2021-03-16T18:56:54.735539596Z","downstream_Content-Type":"text/plain; charset=utf-8","downstream_X-Content-Type-Options":"nosniff","level":"info","msg":"","origin_Content-Type":"text/plain; charset=utf-8","origin_X-Content-Type-Options":"nosniff","request_Accept":"*/*","request_User-Agent":"curl/7.67.0","time":"2021-03-16T18:56:54Z"}
+{"BackendAddr":"172.21.0.2:80","BackendName":"backend-backend-docker","BackendURL":{"Scheme":"http","Opaque":"","User":null,"Host":"172.21.0.2:80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"ClientAddr":"172.21.0.1:59068","ClientHost":"172.21.0.1","ClientPort":"59068","ClientUsername":"-","DownstreamContentSize":383,"DownstreamStatus":200,"DownstreamStatusLine":"200 OK","Duration":3034764,"FrontendName":"Host-backend-docker-docker-localhost-2","OriginContentSize":383,"OriginDuration":2155389,"OriginStatus":200,"OriginStatusLine":"200 OK","Overhead":879375,"RequestAddr":"backend.docker.docker.localhost","RequestContentSize":0,"RequestCount":27,"RequestHost":"backend.docker.docker.localhost","RequestLine":"GET / HTTP/1.1","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RetryAttempts":0,"StartLocal":"2021-03-16T19:08:41.039598834Z","StartUTC":"2021-03-16T19:08:41.039598834Z","downstream_Content-Length":"383","downstream_Content-Type":"text/plain; charset=utf-8","downstream_Date":"Tue, 16 Mar 2021 19:08:41 GMT","level":"info","msg":"","origin_Content-Length":"383","origin_Content-Type":"text/plain; charset=utf-8","origin_Date":"Tue, 16 Mar 2021 19:08:41 GMT","request_Accept":"*/*","request_User-Agent":"curl/7.64.1","time":"2021-03-16T19:08:41Z"}
diff --git a/packages/traefik/data_stream/access/_dev/test/pipeline/test-format-json.log-config.yml b/packages/traefik/data_stream/access/_dev/test/pipeline/test-format-json.log-config.yml
@@ -0,0 +1,4 @@
+fields:
+  "@timestamp": "2020-04-28T11:07:58.223Z"
+dynamic_fields:
+  event.ingested: ".*"
diff --git a/packages/traefik/data_stream/access/_dev/test/pipeline/test-format-json.log-expected.json b/packages/traefik/data_stream/access/_dev/test/pipeline/test-format-json.log-expected.json
@@ -0,0 +1,137 @@
+{
+    "expected": [
+        {
+            "traefik": {
+                "access": {
+                    "frontend_name": "backend not found",
+                    "backend_url": "",
+                    "request_count": 7
+                }
+            },
+            "source": {
+                "port": 48658,
+                "address": "127.0.0.1",
+                "ip": "127.0.0.1"
+            },
+            "url": {
+                "original": "/",
+                "domain": "backend.elastic-package-service.docker.localhost"
+            },
+            "network": {
+                "transport": "tcp"
+            },
+            "@timestamp": "2021-03-16T18:56:54Z",
+            "related": {
+                "ip": [
+                    "127.0.0.1"
+                ]
+            },
+            "http": {
+                "request": {
+                    "method": "GET"
+                },
+                "version": "1.1",
+                "response": {
+                    "body": {
+                        "bytes": 19
+                    },
+                    "status_code": 404
+                }
+            },
+            "event": {
+                "duration": 40356,
+                "ingested": "2021-03-23T00:36:56.518177200Z",
+                "created": "2020-04-28T11:07:58.223Z",
+                "kind": "event",
+                "category": [
+                    "web"
+                ],
+                "type": [
+                    "access"
+                ],
+                "outcome": "failure"
+            },
+            "user": {
+                "name": "-"
+            },
+            "user_agent": {
+                "name": "curl",
+                "original": "curl/7.67.0",
+                "device": {
+                    "name": "Other"
+                },
+                "version": "7.67.0"
+            }
+        },
+        {
+            "traefik": {
+                "access": {
+                    "frontend_name": "Host-backend-docker-docker-localhost-2",
+                    "backend_url": "172.21.0.2:80",
+                    "request_count": 27
+                }
+            },
+            "destination": {
+                "port": 80,
+                "address": "172.21.0.2",
+                "ip": "172.21.0.2"
+            },
+            "source": {
+                "port": 59068,
+                "address": "172.21.0.1",
+                "ip": "172.21.0.1"
+            },
+            "url": {
+                "original": "/",
+                "domain": "backend.docker.docker.localhost"
+            },
+            "network": {
+                "community_id": "1:DJlJOSbrvisPNQtgBIyBaYAwlz8=",
+                "transport": "tcp"
+            },
+            "@timestamp": "2021-03-16T19:08:41Z",
+            "related": {
+                "ip": [
+                    "172.21.0.1",
+                    "172.21.0.2"
+                ]
+            },
+            "http": {
+                "request": {
+                    "method": "GET"
+                },
+                "version": "1.1",
+                "response": {
+                    "body": {
+                        "bytes": 383
+                    },
+                    "status_code": 200
+                }
+            },
+            "event": {
+                "duration": 3034764,
+                "ingested": "2021-03-23T00:36:56.518189Z",
+                "created": "2020-04-28T11:07:58.223Z",
+                "kind": "event",
+                "category": [
+                    "web"
+                ],
+                "type": [
+                    "access"
+                ],
+                "outcome": "success"
+            },
+            "user": {
+                "name": "-"
+            },
+            "user_agent": {
+                "name": "curl",
+                "original": "curl/7.64.1",
+                "device": {
+                    "name": "Other"
+                },
+                "version": "7.64.1"
+            }
+        }
+    ]
+}
diff --git a/packages/traefik/data_stream/access/_dev/test/system/test-default-config.yml b/packages/traefik/data_stream/access/_dev/test/system/test-default-config.yml
diff --git a/packages/traefik/data_stream/access/_dev/test/system/test-format-common-config.yml b/packages/traefik/data_stream/access/_dev/test/system/test-format-common-config.yml
@@ -0,0 +1,6 @@
+service: traefik_format_common
+vars: ~
+data_stream:
+  vars:
+    paths:
+      - "{{SERVICE_LOGS_DIR}}/access-common.log"
diff --git a/packages/traefik/data_stream/access/_dev/test/system/test-format-json-config.yml b/packages/traefik/data_stream/access/_dev/test/system/test-format-json-config.yml
@@ -0,0 +1,6 @@
+service: traefik_format_json
+vars: ~
+data_stream:
+  vars:
+    paths:
+      - "{{SERVICE_LOGS_DIR}}/access-json.log"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		{"BackendAddr":"","BackendName":"Traefik","BackendURL":{"Scheme":"","Opaque":"","User":null,"Host":"","Path":"/","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"ClientAddr":"127.0.0.1:48658","ClientHost":"127.0.0.1","ClientPort":"48658","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"DownstreamStatusLine":"404 Not Found","Duration":40356,"FrontendName":"backend not found","OriginContentSize":19,"OriginDuration":4086,"OriginStatus":404,"OriginStatusLine":"404 Not Found","Overhead":36270,"RequestAddr":"backend.elastic-package-service.docker.localhost","RequestContentSize":0,"RequestCount":7,"RequestHost":"backend.elastic-package-service.docker.localhost","RequestLine":"GET / HTTP/1.1","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RetryAttempts":0,"StartLocal":"2021-03-16T18:56:54.735539596Z","StartUTC":"2021-03-16T18:56:54.735539596Z","downstream_Content-Type":"text/plain; charset=utf-8","downstream_X-Content-Type-Options":"nosniff","level":"info","msg":"","origin_Content-Type":"text/plain; charset=utf-8","origin_X-Content-Type-Options":"nosniff","request_Accept":"/","request_User-Agent":"curl/7.67.0","time":"2021-03-16T18:56:54Z"}
		{"BackendAddr":"172.21.0.2:80","BackendName":"backend-backend-docker","BackendURL":{"Scheme":"http","Opaque":"","User":null,"Host":"172.21.0.2:80","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"ClientAddr":"172.21.0.1:59068","ClientHost":"172.21.0.1","ClientPort":"59068","ClientUsername":"-","DownstreamContentSize":383,"DownstreamStatus":200,"DownstreamStatusLine":"200 OK","Duration":3034764,"FrontendName":"Host-backend-docker-docker-localhost-2","OriginContentSize":383,"OriginDuration":2155389,"OriginStatus":200,"OriginStatusLine":"200 OK","Overhead":879375,"RequestAddr":"backend.docker.docker.localhost","RequestContentSize":0,"RequestCount":27,"RequestHost":"backend.docker.docker.localhost","RequestLine":"GET / HTTP/1.1","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RetryAttempts":0,"StartLocal":"2021-03-16T19:08:41.039598834Z","StartUTC":"2021-03-16T19:08:41.039598834Z","downstream_Content-Length":"383","downstream_Content-Type":"text/plain; charset=utf-8","downstream_Date":"Tue, 16 Mar 2021 19:08:41 GMT","level":"info","msg":"","origin_Content-Length":"383","origin_Content-Type":"text/plain; charset=utf-8","origin_Date":"Tue, 16 Mar 2021 19:08:41 GMT","request_Accept":"/","request_User-Agent":"curl/7.64.1","time":"2021-03-16T19:08:41Z"}