|
| 1 | +# Logbook + Scalyr |
| 2 | + |
| 3 | +We primarily use [Scalyr](https://www.scalyr.com/) for log management at Zalando. When we designed and implemented |
| 4 | +Logbook we made sure that they both work seamlessly together. The two main aspects that are worth being highlighted are |
| 5 | +[JSON log messages](https://www.scalyr.com/help/parsing-logs#valueLists) and |
| 6 | +[association rules](https://www.scalyr.com/help/parsing-logs#association). |
| 7 | + |
| 8 | +The following sample format, meant to be used in a [custom parser](https://www.scalyr.com/help/parsing-logs), shows |
| 9 | +both features in action: |
| 10 | + |
| 11 | +```yaml |
| 12 | +{ |
| 13 | + id: "http", |
| 14 | + format: "$timestamp=$ $severity$ \\[$threadname$\\] \\[$flowid$\\] \\[Logbook\\] $http{parse=json}$", |
| 15 | + association: { |
| 16 | + tag: "http", |
| 17 | + keys: ["httpCorrelation"], |
| 18 | + store: ["httpUri"], |
| 19 | + fetch: ["httpUri"] |
| 20 | + } |
| 21 | +} |
| 22 | +``` |
| 23 | + |
| 24 | +`$http{parse=json}$` will instruct Scalyr to parse a the |
| 25 | +[JSON output from Logbook](https://github.com/zalando/logbook#json) into the following fields: |
| 26 | + |
| 27 | +```yaml |
| 28 | +http: true |
| 29 | +httpCorrelation: b7b143c7-a334-4a26-b800-1e97322efebc |
| 30 | +httpHeadersAccept: [application/json] |
| 31 | +httpHeadersAccept-Encoding: [gzip,deflate] |
| 32 | +httpHeadersAuthorization: [XXX] |
| 33 | +httpHeadersConnection: [Keep-Alive] |
| 34 | +httpHeadersHost: [localhost:9021] |
| 35 | +httpHeadersUser-Agent: [Apache-HttpClient/4.5.1 (Java/1.8.0_131)] |
| 36 | +httpHeadersX-Flow-ID: [OWgtIWTdlMuKh97U] |
| 37 | +httpMethod: GET |
| 38 | +httpRemote: 172.31.157.206 |
| 39 | +httpType: request |
| 40 | +httpUri: http://localhost:9021/oauth2/tokeninfo |
| 41 | +``` |
| 42 | +
|
| 43 | +Having all request/response properties indexed and parsed into individual fields allows for extremely powerful queries: |
| 44 | +
|
| 45 | +``` |
| 46 | +# remote POST requests to endpoints containing an admin path segment |
| 47 | +$httpOrigin = 'remote' $httpMethod = 'POST' $httpUri matches '.*/admin/.*' |
| 48 | + |
| 49 | +# local requests to the tokeninfo endpoint |
| 50 | +$httpOrigin = 'local' $httpUri matches '.*/tokeninfo' |
| 51 | + |
| 52 | +# local responses with a 4xx status code |
| 53 | +$httpOrigin = 'local' $httpStatus >= 400 $httpStatus < 500 |
| 54 | + |
| 55 | +# remote responses with a 5xx status code |
| 56 | +$httpOrigin = `remote` $httpStatus >= 500 |
| 57 | +``` |
| 58 | + |
| 59 | +Queries like this were also the main motivator behind the `origin` and `type` properties of requests and responses |
| 60 | +produced by Logbook. |
| 61 | + |
| 62 | +The `association` rule will associate the request and response log lines using |
| 63 | +[Logbook's correlation](https://github.com/zalando/logbook#correlation) feature. The resulting log event for the |
| 64 | +response will then contain the `httpUri` field from the corresponding request: |
| 65 | + |
| 66 | +```yaml |
| 67 | +http: true |
| 68 | +httpBodyAccess_token: XXX |
| 69 | +httpBodyClient_id: stups_coast-cart-service_0b29611e-78cb-454c-98f7-65ed7a95a216 |
| 70 | +httpBodyExpires_in: 2250 |
| 71 | +httpBodyGrant_type: password |
| 72 | +httpBodyRealm: /services |
| 73 | +httpBodyScope: [uid] |
| 74 | +httpBodyToken_type: Bearer |
| 75 | +httpBodyUid: stups_coast-cart-service |
| 76 | +httpCorrelation: b7b143c7-a334-4a26-b800-1e97322efebc |
| 77 | +httpHeadersContent-Length: [833] |
| 78 | +httpHeadersContent-Type: [application/json] |
| 79 | +httpHeadersDate: [Thu, 20 Jul 2017 21:24:00 GMT] |
| 80 | +httpStatus: 200 |
| 81 | +httpType: response |
| 82 | +httpUri: http://localhost:9021/oauth2/tokeninfo |
| 83 | +``` |
| 84 | +
|
| 85 | +This allows to query for responses to a specific endpoint that had a 4xx or 5xx status code: |
| 86 | +
|
| 87 | +``` |
| 88 | +$httpType = 'response' $httpUri = 'http://localhost:9021/oauth2/tokeninfo' $httpStatus >= 400 |
| 89 | +``` |
0 commit comments