24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# File 'lib/bosh/director/api/extensions/syslog_request_logger.rb', line 24
def log_request_to_syslog
after do
if @config.log_access_events_to_syslog && RUBY_VERSION.to_i > 1
= ''
= request.env.select { |key, _| DESIRED_HEADERS.include?(key) }
.collect { |key, value| [key.sub(/^HTTP_/, ''), value] }
.each do ||
+= [0] + "\=" + [1] + "&"
end
= [0..-2] if !.empty?
filtered_ip_list = Socket.ip_address_list
.reject { |addr| !addr.ip? || addr.ipv4_loopback? || addr.ipv6_loopback? }
.map { |addr| addr.ip_address }
cef_version = 0
device_vendor = 'CloudFoundry'
device_product = 'BOSH'
device_version = Bosh::Director::VERSION
signature_id = 'director_api'
name = "#{request.path}"
severity = response.status >= 400 ? 7 : 1
extension = ''
if @user
extension += "duser=#{@user.username} " if @user.username
extension += "requestClientApplication=#{@user.client} " if @user.client
end
extension += "requestMethod=#{request.request_method} src=#{request.ip} spt=#{@config.port}" +
" shost=#{Socket.gethostname}" +
" cs1=#{filtered_ip_list.join(',')} cs1Label=ips" +
" cs2=#{} cs2Label=httpHeaders" +
" cs3=#{current_user.nil? ? 'none' : identity_provider.client_info['type']} cs3Label=authType" +
" cs4=#{response.status} cs4Label=responseStatus"
if response.status >= 400
extension += " cs5=#{response.body.join('')[0...500].strip} cs5Label=statusReason"
end
cef_log = 'CEF:%i|%s|%s|%s|%s|%s|%s|%s' % [cef_version, device_vendor, device_product,
device_version, signature_id, name, severity, extension]
cef_log_encoded = cef_log.force_encoding(Encoding::UTF_8)
Syslog::Logger.new('vcap.bosh.director').info(cef_log_encoded)
end
end
end
|