update access log to record consistently client IP+port

The SRM, WebDAV, FTP and xrootd doors record the client IP address. The FTP and xrootd doors also record the client port number. Three different formats are used, and the attribute name is not consistent. This patch standardises on 'socket.remote' for the remote client IP address and port number. For IPv4 addresses the format is: <IP-address> ':' <port> and for IPv6 addresses it is: '[' <IP-address> ']' ':' <port> Target: master Patch: https://rb.dcache.org/r/7832/ Acked-by: Gerd Behrmann Requires-notes: yes Requires-book: no
dCache · Feb 18, 2015 · 1fa3e71 · 1fa3e71
1 parent ac20e61
commit 1fa3e71
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 10 deletions.
diff --git a/modules/common/src/main/java/org/dcache/util/NetLoggerBuilder.java b/modules/common/src/main/java/org/dcache/util/NetLoggerBuilder.java
@@ -3,10 +3,14 @@
 import com.google.common.base.CharMatcher;
 import com.google.common.escape.CharEscaperBuilder;
 import com.google.common.escape.Escaper;
+import com.google.common.net.InetAddresses;
 import org.slf4j.Logger;
 
 import javax.security.auth.Subject;
 
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
 import java.security.Principal;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
@@ -168,6 +172,24 @@ public NetLoggerBuilder add(String name, Subject subject)
         return this;
     }
 
+    /**
+     * Add a key-value pair that describes an socket address.  No attempt is
+     * made to resolve the IP address and the value is recorded as
+     * {@literal <addr>:<port>}.  If the supplied value is null and
+     * {@link #omitNullValues} has not been called then {@literal unknown} is
+     * recorded.
+     */
+    public NetLoggerBuilder add(String name, InetSocketAddress sock)
+    {
+        if (!omitNullValues || sock != null) {
+            s.append(' ').append(name).append('=');
+            if (sock != null) {
+                s.append(InetAddresses.toUriString(sock.getAddress())).append(':').append(sock.getPort());
+            }
+        }
+        return this;
+    }
+
 
     /**
      * Add a key-value pair.  If the value is not null then value's string value

diff --git a/modules/dcache-ftp/src/main/java/org/dcache/ftp/door/AbstractFtpDoorV1.java b/modules/dcache-ftp/src/main/java/org/dcache/ftp/door/AbstractFtpDoorV1.java
@@ -1721,7 +1721,7 @@ private void logReply(String commandLine, String response,
             }
 
             NetLoggerBuilder log = new NetLoggerBuilder(INFO, event).omitNullValues();
-            log.add("host.remote", _remoteSocketAddress);
+            log.add("socket.remote", _remoteSocketAddress);
             if (!loginAttributes.isEmpty()) {
                 for (Map.Entry<String,Object> e : loginAttributes.entrySet()) {
                     log.add(e.getKey(), e.getValue());

diff --git a/modules/dcache-webdav/src/main/java/org/dcache/webdav/LoggingFilter.java b/modules/dcache-webdav/src/main/java/org/dcache/webdav/LoggingFilter.java
@@ -1,5 +1,6 @@
 package org.dcache.webdav;
 
+import com.google.common.net.InetAddresses;
 import io.milton.http.Filter;
 import io.milton.http.FilterChain;
 import io.milton.http.Request;
@@ -11,8 +12,11 @@
 import org.slf4j.LoggerFactory;
 
 import javax.security.auth.Subject;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
 import java.security.cert.X509Certificate;
 
 import dmg.cells.nucleus.CDC;
@@ -52,7 +56,9 @@ public void process(final FilterChain filterChain,
         log.add("response.code", code);
         log.add("response.reason", getReason(response));
         log.add("location", ServletResponse.getResponse().getHeader("Location"));
-        log.add("host.remote", request.getFromAddress());
+        HttpServletRequest r = ServletRequest.getRequest();
+        InetAddress addr = InetAddresses.forString(r.getRemoteAddr());
+        log.add("socket.remote", new InetSocketAddress(addr, r.getRemotePort()));
         log.add("user-agent", request.getUserAgentHeader());
 
         log.add("user.dn", getCertificateName());

diff --git a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/plugins/AccessLogHandler.java b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/plugins/AccessLogHandler.java
@@ -92,8 +92,8 @@ public void channelActive(ChannelHandlerContext ctx) throws Exception
     {
         NetLoggerBuilder log = new NetLoggerBuilder(INFO, "org.dcache.xrootd.connection.start").omitNullValues();
         log.add("session", CDC.getSession());
-        log.add("socket.remote", getAddress((InetSocketAddress) ctx.channel().remoteAddress()));
-        log.add("socket.local", getAddress((InetSocketAddress) ctx.channel().localAddress()));
+        log.add("socket.remote", (InetSocketAddress) ctx.channel().remoteAddress());
+        log.add("socket.local", (InetSocketAddress) ctx.channel().localAddress());
         log.toLogger(logger);
         ctx.fireChannelActive();
     }
@@ -354,9 +354,4 @@ private static String getRequestId(XrootdRequest request)
             return String.valueOf(request.getRequestId());
         }
     }
-
-    private static String getAddress(InetSocketAddress addr)
-    {
-        return addr.getAddress().getHostAddress() + ":" + addr.getPort();
-    }
 }
diff --git a/modules/srm-server/src/main/java/org/dcache/srm/server/SRMServerV2.java b/modules/srm-server/src/main/java/org/dcache/srm/server/SRMServerV2.java
@@ -737,7 +737,7 @@ public void response(String requestName, Object request, Object response, SRMUse
 
                 NetLoggerBuilder.Level level = isFailure ? NetLoggerBuilder.Level.ERROR : NetLoggerBuilder.Level.INFO;
                 NetLoggerBuilder log = new NetLoggerBuilder(level, "org.dcache.srm.request").omitNullValues();
-                log.add("host.remote", Axis.getRemoteAddress());
+                log.add("socket.remote", Axis.getRemoteSocketAddress());
                 log.add("request.method", requestName);
                 log.add("user.dn", Axis.getDN().orElse("-"));
                 if (user != null) {

diff --git a/modules/srm-server/src/main/java/org/dcache/srm/util/Axis.java b/modules/srm-server/src/main/java/org/dcache/srm/util/Axis.java
@@ -1,5 +1,6 @@
 package org.dcache.srm.util;
 
+import com.google.common.net.InetAddresses;
 import org.apache.axis.MessageContext;
 import org.apache.axis.transport.http.HTTPConstants;
 import org.globus.gsi.bc.BouncyCastleUtil;
@@ -9,6 +10,7 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 
+import java.net.InetSocketAddress;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Optional;
@@ -94,6 +96,14 @@ public static String getRemoteAddress()
         return request.getRemoteAddr();
     }
 
+    public static InetSocketAddress getRemoteSocketAddress()
+    {
+        MessageContext msgContext = MessageContext.getCurrentContext();
+        HttpServletRequest r = (HttpServletRequest)
+                msgContext.getProperty(MC_HTTP_SERVLETREQUEST);
+        return new InetSocketAddress(InetAddresses.forString(r.getRemoteAddr()), r.getRemotePort());
+    }
+
     public static String getUserAgent()
     {
         MessageContext msgContext = MessageContext.getCurrentContext();