Am 04.03.2015 um 00:59 schrieb Luís Marques:

On Tue, 03 Mar 2015 19:58:18 +0100, Sönke Ludwig wrote:

You could change the default HTTPServerSettings.accessLogFormat to use
%{X-Forwarded-Host}i instead of %h.

Yeah, I just had supposed that vibe.d would be more automagical in this regard, since it's so great in other aspects ;-). Ideally it would log from the correct header automatically, so that changes in deployment configuration could be more independent from the HTTPServerSettings.accessLogFormat string.

It was just that we wanted to settle for something familiar to admins,
so using the Apache format seemed logical. And since that isn't more
clever about its fields, we kept the functionality the same to avoid
surprises.

But since anyone could send an X- header, the only generally safe
solution to log "intelligently" would be to log all headers plus the
original IP. Or there would have to be a switch telling the logger if
the process runs web facing or behind a proxy. But that wouldn't be much
different to changing the log line format.

I usually log at the reverse proxy, because I like to have direct and
sequential access to all requests when debugging or analyzing things. I
can also see arguments for logging at the individual server processes,
but that would mostly be for performance reasons and I currently simply
don't have a high enough load for having to worry about that.

Yeah, that's what I ended up doing. Have you ever left the logging enabled also on the individual servers? I'm doing that during the transition, just for paranoid reasons :o)

BTW, Sönke, may I ask what software (if any) do you use to analyze the logs?

I'm logging just at the proxy level since the proxy server is really the
only process accessing the individual servers. If something gets
compromised (if you mean that), I'd expect worse things to happen than
someone performing manual requests on those processes, since that
wouldn't get them further than they already are. So logging would most
probably not help much there.

But of course, as loong as it doesn't hurt in terms of disk space or
throughput there is no reason to not keep it either.

I'm using a (GUI) tool that I wrote many years ago and unfortunately
have lost the source code for. I've always wanted to rewrite it in D
some day, because it is very fast (much faster than most others) and has
some unique filtering and grouping functionality that can be very
useful. The downside is that it's a pure offline tool, but I don't
really need anything else.