Provide eBPF based Access Log Service #88
Conversation
ebpf/monitor/accesslog.proto
Outdated
| } | ||
|
|
||
| message AccessLogHTTPProtocolResponse { | ||
| int32 statusCode = 1; |
There was a problem hiding this comment.
I remember HTTP2 response codes are not only number? Could you confirm?
ebpf/monitor/accesslog.proto
Outdated
| oneof timestamp { | ||
| EBPFOffsetTimestamp offset = 1; | ||
| Instant absolute = 2; | ||
| } |
There was a problem hiding this comment.
Could you explain how this timestamp works?
There was a problem hiding this comment.
In the kernel, we can get different timestamps. In the offset mode, we can only get the timestamp offset(through bpf_ktime_get_ns), and then we need to add it with the system boot time to get the real-time, that's why I added the system boot time in the node info. But in some kernel methods, we can only get the absolute timestamp.
There was a problem hiding this comment.
Is the timestamp sent as always in a bulk at least?
ebpf/monitor/accesslog.proto
Outdated
| } | ||
|
|
||
| message EBPFAccessLogNodeNetInterface { | ||
| int32 index = 1; |
There was a problem hiding this comment.
It's the network index. We can use the ip link show in Linux to get this information. When the stream has been created or the network device has been updated, I will add this data to the node info.
ebpf/monitor/accesslog.proto
Outdated
| // kernel level metrics | ||
| repeated AccessLogKernelLog kernelLogs = 3; |
There was a problem hiding this comment.
Is the kernel log with HTTP log?
There was a problem hiding this comment.
What is the period and moment of sending TCP relative logs?
There was a problem hiding this comment.
If we cannot detect the kernel related to the application logs, then they should be sent through a timer.
Otherside, the kernel logs should related with a single application log.
ebpf/monitor/accesslog.proto
Outdated
| option java_package = "org.apache.skywalking.apm.network.ebpf.monitor.accesslog.v3"; | ||
| option go_package = "skywalking.apache.org/repo/goapi/collect/ebpf/monitor/accesslog/v3"; |
There was a problem hiding this comment.
| option java_package = "org.apache.skywalking.apm.network.ebpf.monitor.accesslog.v3"; | |
| option go_package = "skywalking.apache.org/repo/goapi/collect/ebpf/monitor/accesslog/v3"; | |
| option java_package = "org.apache.skywalking.apm.network.ebpf.accesslog.v3"; | |
| option go_package = "skywalking.apache.org/repo/goapi/collect/ebpf/accesslog/v3"; |
I think we don't need monitor?
There was a problem hiding this comment.
I have moved this proto file into the ebpf directory.
No description provided.