github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-30 10:23:41 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/modules/network/tracers.asciidoc
David Turner 421c2d4731
Add request/response body logging to HTTP tracer (#93133) 
Adds another logger, `org.elasticsearch.http.HttpBodyTracer`, which logs
the body of every HTTP request and response as well as the usual
summaries.
2023-03-15 11:13:36 -04:00

114 lines
4 KiB
Text
Raw Blame History

==== Request tracing
You can trace individual requests made on the HTTP and transport layers.
WARNING: Tracing can generate extremely high log volumes that can destabilize
your cluster. Do not enable request tracing on busy or important clusters.
[[http-rest-request-tracer]]
===== REST request tracer
The HTTP layer has a dedicated tracer that logs incoming requests and the
corresponding outgoing responses. Activate the tracer by setting the level of
the `org.elasticsearch.http.HttpTracer` logger to `TRACE`:
[source,console]
--------------------------------------------------
PUT _cluster/settings
{
"persistent" : {
"logger.org.elasticsearch.http.HttpTracer" : "TRACE"
}
}
--------------------------------------------------
You can also control which URIs will be traced, using a set of include and
exclude wildcard patterns. By default every request will be traced.
[source,console]
--------------------------------------------------
PUT _cluster/settings
{
"persistent" : {
"http.tracer.include" : "*",
"http.tracer.exclude" : ""
}
}
--------------------------------------------------
By default, the tracer logs a summary of each request and response which
matches these filters. To record the body of each request and response too, set
the system property `es.insecure_network_trace_enabled` to `true`, and then set
the levels of both the `org.elasticsearch.http.HttpTracer` and
`org.elasticsearch.http.HttpBodyTracer` loggers to `TRACE`:
[source,console]
--------------------------------------------------
PUT _cluster/settings
{
"persistent" : {
"logger.org.elasticsearch.http.HttpTracer" : "TRACE",
"logger.org.elasticsearch.http.HttpBodyTracer" : "TRACE"
}
}
--------------------------------------------------
Each message body is compressed, encoded, and split into chunks to avoid
truncation:
[source,text]
----
[TRACE][o.e.h.HttpBodyTracer ] [master] [276] response body [part 1]: H4sIAAAAAAAA/9...
[TRACE][o.e.h.HttpBodyTracer ] [master] [276] response body [part 2]: 2oJ93QyYLWWhcD...
[TRACE][o.e.h.HttpBodyTracer ] [master] [276] response body (gzip compressed, base64-encoded, and split into 2 parts on preceding log lines)
----
Each chunk is annotated with an internal request ID (`[276]` in this example)
which you should use to correlate the chunks with the corresponding summary
lines. To reconstruct the output, base64-decode the data and decompress it
using `gzip`. For instance, on Unix-like systems:
[source,sh]
----
cat httptrace.log | sed -e 's/.*://' | base64 --decode | gzip --decompress
----
WARNING: HTTP request and response bodies may contain sensitive information
such as credentials and keys, so HTTP body tracing is disabled by default. You
must explicitly enable it on each node by setting the system property
`es.insecure_network_trace_enabled` to `true`. This feature is primarily
intended for test systems which do not contain any sensitive information. If
you set this property on a system which contains sensitive information, you
must protect your logs from unauthorized access.
[[transport-tracer]]
===== Transport tracer
The transport layer has a dedicated tracer that logs incoming and outgoing
requests and responses. Activate the tracer by setting the level of the
`org.elasticsearch.transport.TransportService.tracer` logger to `TRACE`:
[source,console]
--------------------------------------------------
PUT _cluster/settings
{
"persistent" : {
"logger.org.elasticsearch.transport.TransportService.tracer" : "TRACE"
}
}
--------------------------------------------------
You can also control which actions will be traced, using a set of include and
exclude wildcard patterns. By default every request will be traced except for
fault detection pings:
[source,console]
--------------------------------------------------
PUT _cluster/settings
{
"persistent" : {
"transport.tracer.include" : "*",
"transport.tracer.exclude" : "internal:coordination/fault_detection/*"
}
}
--------------------------------------------------
Reference in a new issue View git blame Copy permalink