- Add this option to the debugging problems section. So users that are trying to debug SSH-related problems will get the errors logged from `cmd/serv.go`
		
			
				
	
	
		
			453 lines
		
	
	
		
			18 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			453 lines
		
	
	
		
			18 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| ---
 | |
| date: "2019-04-02T17:06:00+01:00"
 | |
| title: "Advanced: Logging Configuration"
 | |
| slug: "logging-configuration"
 | |
| weight: 55
 | |
| toc: false
 | |
| draft: false
 | |
| menu:
 | |
|   sidebar:
 | |
|     parent: "advanced"
 | |
|     name: "Logging Configuration"
 | |
|     weight: 55
 | |
|     identifier: "logging-configuration"
 | |
| ---
 | |
| 
 | |
| # Logging Configuration
 | |
| 
 | |
| The logging framework has been revamped in Gitea 1.9.0.
 | |
| 
 | |
| **Table of Contents**
 | |
| 
 | |
| {{< toc >}}
 | |
| 
 | |
| ## Log Groups
 | |
| 
 | |
| The fundamental thing to be aware of in Gitea is that there are several
 | |
| log groups:
 | |
| 
 | |
| - The "Default" logger
 | |
| - The Router logger
 | |
| - The Access logger
 | |
| - The XORM logger
 | |
| 
 | |
| There is also the go log logger.
 | |
| 
 | |
| ### The go log logger
 | |
| 
 | |
| Go provides its own extremely basic logger in the `log` package,
 | |
| however, this is not sufficient for our purposes as it does not provide
 | |
| a way of logging at multiple levels, nor does it provide a good way of
 | |
| controlling where these logs are logged except through setting of a
 | |
| writer.
 | |
| 
 | |
| We have therefore redirected this logger to our Default logger, and we
 | |
| will log anything that is logged using the go logger at the INFO level.
 | |
| 
 | |
| ### The "Default" logger
 | |
| 
 | |
| Calls to `log.Info`, `log.Debug`, `log.Error` etc. from the `code.gitea.io/gitea/modules/log` package will log to this logger.
 | |
| 
 | |
| You can configure the outputs of this logger by setting the `MODE`
 | |
| value in the `[log]` section of the configuration.
 | |
| 
 | |
| Each output sublogger is configured in a separate `[log.sublogger.default]`
 | |
| which inherits from the sublogger `[log.sublogger]` section and from the
 | |
| generic `[log]` section, but there are certain default values. These will
 | |
| not be inherited from the `[log]` section:
 | |
| 
 | |
| - `FLAGS` is `stdflags` (Equal to
 | |
|   `date,time,medfile,shortfuncname,levelinitial`)
 | |
| - `FILE_NAME` will default to `%(ROOT_PATH)/gitea.log`
 | |
| - `EXPRESSION` will default to `""`
 | |
| - `PREFIX` will default to `""`
 | |
| 
 | |
| The provider type of the sublogger can be set using the `MODE` value in
 | |
| its subsection, but will default to the name. This allows you to have
 | |
| multiple subloggers that will log to files.
 | |
| 
 | |
| ### The "Router" logger
 | |
| 
 | |
| The Router logger has been substantially changed in v1.17. If you are using the router logger for fail2ban or other monitoring
 | |
| you will need to update this configuration.
 | |
| 
 | |
| You can disable Router log by setting `DISABLE_ROUTER_LOG` or by setting all of its sublogger configurations to `none`.
 | |
| 
 | |
| You can configure the outputs of this
 | |
| router log by setting the `ROUTER` value in the `[log]` section of the
 | |
| configuration. `ROUTER` will default to `console` if unset and will default to same level as main logger.
 | |
| 
 | |
| The Router logger logs the following:
 | |
| 
 | |
| - `started` messages will be logged at TRACE level
 | |
| - `polling`/`completed` routers will be logged at INFO
 | |
| - `slow` routers will be logged at WARN
 | |
| - `failed` routers will be logged at WARN
 | |
| 
 | |
| The logging level for the router will default to that of the main configuration. Set `[log.<mode>.router]` `LEVEL` to change this.
 | |
| 
 | |
| Each output sublogger for this logger is configured in
 | |
| `[log.sublogger.router]` sections. There are certain default values
 | |
| which will not be inherited from the `[log]` or relevant
 | |
| `[log.sublogger]` sections:
 | |
| 
 | |
| - `FILE_NAME` will default to `%(ROOT_PATH)/router.log`
 | |
| - `FLAGS` defaults to `date,time`
 | |
| - `EXPRESSION` will default to `""`
 | |
| - `PREFIX` will default to `""`
 | |
| 
 | |
| NB: You can redirect the router logger to send its events to the Gitea
 | |
| log using the value: `ROUTER = ,`
 | |
| 
 | |
| ### The "Access" logger
 | |
| 
 | |
| The Access logger is a new logger for version 1.9. It provides a NCSA
 | |
| Common Log compliant log format. It's highly configurable but caution
 | |
| should be taken when changing its template. The main benefit of this
 | |
| logger is that Gitea can now log accesses in a standard log format so
 | |
| standard tools may be used.
 | |
| 
 | |
| You can enable this logger using `ENABLE_ACCESS_LOG`. Its outputs are
 | |
| configured by setting the `ACCESS` value in the `[log]` section of the
 | |
| configuration. `ACCESS` defaults to `file` if unset.
 | |
| 
 | |
| Each output sublogger for this logger is configured in
 | |
| `[log.sublogger.access]` sections. There are certain default values
 | |
| which will not be inherited from the `[log]` or relevant
 | |
| `[log.sublogger]` sections:
 | |
| 
 | |
| - `FILE_NAME` will default to `%(ROOT_PATH)/access.log`
 | |
| - `FLAGS` defaults to `` or None
 | |
| - `EXPRESSION` will default to `""`
 | |
| - `PREFIX` will default to `""`
 | |
| 
 | |
| If desired the format of the Access logger can be changed by changing
 | |
| the value of the `ACCESS_LOG_TEMPLATE`.
 | |
| 
 | |
| Please note, the access logger will log at `INFO` level, setting the
 | |
| `LEVEL` of this logger to `WARN` or above will result in no access logs.
 | |
| 
 | |
| NB: You can redirect the access logger to send its events to the Gitea
 | |
| log using the value: `ACCESS = ,`
 | |
| 
 | |
| #### The ACCESS_LOG_TEMPLATE
 | |
| 
 | |
| This value represent a go template. It's default value is:
 | |
| 
 | |
| `{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`
 | |
| 
 | |
| The template is passed following options:
 | |
| 
 | |
| - `Ctx` is the `context.Context`
 | |
| - `Identity` is the `SignedUserName` or `"-"` if the user is not logged
 | |
|   in
 | |
| - `Start` is the start time of the request
 | |
| - `ResponseWriter` is the `http.ResponseWriter`
 | |
| 
 | |
| Caution must be taken when changing this template as it runs outside of
 | |
| the standard panic recovery trap. The template should also be as simple
 | |
| as it runs for every request.
 | |
| 
 | |
| ### The "XORM" logger
 | |
| 
 | |
| The XORM logger is a long-standing logger that exists to collect XORM
 | |
| log events. It is enabled by default but can be switched off by setting
 | |
| `ENABLE_XORM_LOG` to `false` in the `[log]` section. Its outputs are
 | |
| configured by setting the `XORM` value in the `[log]` section of the
 | |
| configuration. `XORM` defaults to `,` if unset, meaning it is redirected
 | |
| to the main Gitea log.
 | |
| 
 | |
| XORM will log SQL events by default. This can be changed by setting
 | |
| the `LOG_SQL` value to `false` in the `[database]` section.
 | |
| 
 | |
| Each output sublogger for this logger is configured in
 | |
| `[log.sublogger.xorm]` sections. There are certain default values
 | |
| which will not be inherited from the `[log]` or relevant
 | |
| `[log.sublogger]` sections:
 | |
| 
 | |
| - `FILE_NAME` will default to `%(ROOT_PATH)/xorm.log`
 | |
| - `FLAGS` defaults to `date,time`
 | |
| - `EXPRESSION` will default to `""`
 | |
| - `PREFIX` will default to `""`
 | |
| 
 | |
| ## Log outputs
 | |
| 
 | |
| Gitea provides 4 possible log outputs:
 | |
| 
 | |
| - `console` - Log to `os.Stdout` or `os.Stderr`
 | |
| - `file` - Log to a file
 | |
| - `conn` - Log to a keep-alive TCP connection
 | |
| - `smtp` - Log via email
 | |
| 
 | |
| Certain configuration is common to all modes of log output:
 | |
| 
 | |
| - `LEVEL` is the lowest level that this output will log. This value
 | |
|   is inherited from `[log]` and in the case of the non-default loggers
 | |
|   from `[log.sublogger]`.
 | |
| - `STACKTRACE_LEVEL` is the lowest level that this output will print
 | |
|   a stacktrace. This value is inherited.
 | |
| - `MODE` is the mode of the log output. It will default to the sublogger
 | |
|   name. Thus `[log.console.router]` will default to `MODE = console`.
 | |
| - `COLORIZE` will default to `true` for `console` as
 | |
|   described, otherwise it will default to `false`.
 | |
| 
 | |
| ### Non-inherited default values
 | |
| 
 | |
| There are several values which are not inherited as described above but
 | |
| rather default to those specific to type of logger, these are:
 | |
| `EXPRESSION`, `FLAGS`, `PREFIX` and `FILE_NAME`.
 | |
| 
 | |
| #### `EXPRESSION`
 | |
| 
 | |
| `EXPRESSION` represents a regular expression that log events must match to be logged by the sublogger. Either the log message, (with colors removed), must match or the `longfilename:linenumber:functionname` must match. NB: the whole message or string doesn't need to completely match.
 | |
| 
 | |
| Please note this expression will be run in the sublogger's goroutine
 | |
| not the logging event subroutine. Therefore it can be complicated.
 | |
| 
 | |
| #### `FLAGS`
 | |
| 
 | |
| `FLAGS` represents the preceding logging context information that is
 | |
| printed before each message. It is a comma-separated string set. The order of values does not matter.
 | |
| 
 | |
| Possible values are:
 | |
| 
 | |
| - `none` or `,` - No flags.
 | |
| - `date` - the date in the local time zone: `2009/01/23`.
 | |
| - `time` - the time in the local time zone: `01:23:23`.
 | |
| - `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes
 | |
|   time.
 | |
| - `longfile` - full file name and line number: `/a/b/c/d.go:23`.
 | |
| - `shortfile` - final file name element and line number: `d.go:23`.
 | |
| - `funcname` - function name of the caller: `runtime.Caller()`.
 | |
| - `shortfuncname` - last part of the function name. Overrides
 | |
|   `funcname`.
 | |
| - `utc` - if date or time is set, use UTC rather than the local time
 | |
|   zone.
 | |
| - `levelinitial` - Initial character of the provided level in brackets eg. `[I]` for info.
 | |
| - `level` - Provided level in brackets `[INFO]`
 | |
| - `medfile` - Last 20 characters of the filename - equivalent to
 | |
|   `shortfile,longfile`.
 | |
| - `stdflags` - Equivalent to `date,time,medfile,shortfuncname,levelinitial`
 | |
| 
 | |
| ### Console mode
 | |
| 
 | |
| For loggers in console mode, `COLORIZE` will default to `true` if not
 | |
| on windows, or the windows terminal can be set into ANSI mode or is a
 | |
| cygwin or Msys pipe.
 | |
| 
 | |
| If `STDERR` is set to `true` the logger will use `os.Stderr` instead of
 | |
| `os.Stdout`.
 | |
| 
 | |
| ### File mode
 | |
| 
 | |
| The `FILE_NAME` defaults as described above. If set it will be relative
 | |
| to the provided `ROOT_PATH` in the master `[log]` section.
 | |
| 
 | |
| Other values:
 | |
| 
 | |
| - `LOG_ROTATE`: **true**: Rotate the log files.
 | |
| - `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
 | |
| - `DAILY_ROTATE`: **true**: Rotate logs daily.
 | |
| - `MAX_DAYS`: **7**: Delete the log file after n days
 | |
| - `COMPRESS`: **true**: Compress old log files by default with gzip
 | |
| - `COMPRESSION_LEVEL`: **-1**: Compression level
 | |
| 
 | |
| ### Conn mode
 | |
| 
 | |
| - `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
 | |
| - `RECONNECT`: **false**: Try to reconnect when connection is lost.
 | |
| - `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
 | |
| - `ADDR`: **:7020**: Sets the address to connect to.
 | |
| 
 | |
| ### SMTP mode
 | |
| 
 | |
| It is not recommended to use this logger to send general logging
 | |
| messages. However, you could perhaps set this logger to work on `FATAL`.
 | |
| 
 | |
| - `USER`: User email address to send from.
 | |
| - `PASSWD`: Password for the smtp server.
 | |
| - `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
 | |
| - `RECEIVERS`: Email addresses to send to.
 | |
| - `SUBJECT`: **Diagnostic message from Gitea**
 | |
| 
 | |
| ## Debugging problems
 | |
| 
 | |
| When submitting logs in Gitea issues it is often helpful to submit
 | |
| merged logs obtained by either by redirecting the console log to a file or
 | |
| copying and pasting it. To that end it is recommended to set your logging to:
 | |
| 
 | |
| ```ini
 | |
| [database]
 | |
| LOG_SQL = false ; SQL logs are rarely helpful unless we specifically ask for them
 | |
| 
 | |
| ...
 | |
| 
 | |
| [log]
 | |
| MODE = console
 | |
| LEVEL = debug ; please set the level to debug when we are debugging a problem
 | |
| ROUTER = console
 | |
| COLORIZE = false ; this can be true if you can strip out the ansi coloring
 | |
| ENABLE_SSH_LOG = true ; shows logs related to git over SSH.
 | |
| ```
 | |
| 
 | |
| Sometimes it will be helpful get some specific `TRACE` level logging restricted
 | |
| to messages that match a specific `EXPRESSION`. Adjusting the `MODE` in the
 | |
| `[log]` section to `MODE = console,traceconsole` to add a new logger output
 | |
| `traceconsole` and then adding its corresponding section would be helpful:
 | |
| 
 | |
| ```ini
 | |
| [log.traceconsole] ; traceconsole here is just a name
 | |
| MODE = console ; this is the output that the traceconsole writes to
 | |
| LEVEL = trace
 | |
| EXPRESSION = ; putting a string here will restrict this logger to logging only those messages that match this expression
 | |
| ```
 | |
| 
 | |
| (It's worth noting that log messages that match the expression at or above debug
 | |
| level will get logged twice so don't worry about that.)
 | |
| 
 | |
| `STACKTRACE_LEVEL` should generally be left unconfigured (and hence kept at
 | |
| `none`). There are only very specific occasions when it useful.
 | |
| 
 | |
| ## Empty Configuration
 | |
| 
 | |
| The empty configuration is equivalent to:
 | |
| 
 | |
| ```ini
 | |
| [log]
 | |
| ROOT_PATH = %(GITEA_WORK_DIR)/log
 | |
| MODE = console
 | |
| LEVEL = Info
 | |
| STACKTRACE_LEVEL = None
 | |
| ENABLE_ACCESS_LOG = false
 | |
| ENABLE_XORM_LOG = true
 | |
| XORM = ,
 | |
| 
 | |
| [log.console]
 | |
| MODE = console
 | |
| LEVEL = %(LEVEL)
 | |
| STACKTRACE_LEVEL = %(STACKTRACE_LEVEL)
 | |
| FLAGS = stdflags
 | |
| PREFIX =
 | |
| COLORIZE = true # Or false if your windows terminal cannot color
 | |
| ```
 | |
| 
 | |
| This is equivalent to sending all logs to the console, with default go log being sent to the console log too.
 | |
| 
 | |
| ## Releasing-and-Reopening, Pausing and Resuming logging
 | |
| 
 | |
| If you are running on Unix you may wish to release-and-reopen logs in order to use `logrotate` or other tools.
 | |
| It is possible force Gitea to release and reopen it's logging files and connections by sending `SIGUSR1` to the
 | |
| running process, or running `gitea manager logging release-and-reopen`.
 | |
| 
 | |
| Alternatively, you may wish to pause and resume logging - this can be accomplished through the use of the
 | |
| `gitea manager logging pause` and `gitea manager logging resume` commands. Please note that whilst logging
 | |
| is paused log events below INFO level will not be stored and only a limited number of events will be stored.
 | |
| Logging may block, albeit temporarily, slowing Gitea considerably whilst paused - therefore it is
 | |
| recommended that pausing only done for a very short period of time.
 | |
| 
 | |
| ## Adding and removing logging whilst Gitea is running
 | |
| 
 | |
| It is possible to add and remove logging whilst Gitea is running using the `gitea manager logging add` and `remove` subcommands.
 | |
| This functionality can only adjust running log systems and cannot be used to start the access or router loggers if they
 | |
| were not already initialised. If you wish to start these systems you are advised to adjust the app.ini and (gracefully) restart
 | |
| the Gitea service.
 | |
| 
 | |
| The main intention of these commands is to easily add a temporary logger to investigate problems on running systems where a restart
 | |
| may cause the issue to disappear.
 | |
| 
 | |
| ## Log colorization
 | |
| 
 | |
| Logs to the console will be colorized by default when not running on
 | |
| Windows. Terminal sniffing will occur on Windows and if it is
 | |
| determined that we are running on a terminal capable of color we will
 | |
| colorize.
 | |
| 
 | |
| Further, on \*nix it is becoming common to have file logs that are
 | |
| colored by default. Therefore file logs will be colorised by default
 | |
| when not running on Windows.
 | |
| 
 | |
| You can switch on or off colorization by using the `COLORIZE` value.
 | |
| 
 | |
| From a development point of view. If you write
 | |
| `log.Info("A %s string", "formatted")` the `formatted` part of the log
 | |
| message will be Bolded on colorized logs.
 | |
| 
 | |
| You can change this by either rendering the formatted string yourself.
 | |
| Or you can wrap the value in a `log.ColoredValue` struct.
 | |
| 
 | |
| The `log.ColoredValue` struct contains a pointer to value, a pointer to
 | |
| string of bytes which should represent a color and second set of reset
 | |
| bytes. Pointers were chosen to prevent copying of large numbers of
 | |
| values. There are several helper methods:
 | |
| 
 | |
| - `log.NewColoredValue` takes a value and 0 or more color attributes
 | |
|   that represent the color. If 0 are provided it will default to a cached
 | |
|   bold. Note, it is recommended that color bytes constructed from
 | |
|   attributes should be cached if this is a commonly used log message.
 | |
| - `log.NewColoredValuePointer` takes a pointer to a value, and
 | |
|   0 or more color attributes that represent the color.
 | |
| - `log.NewColoredValueBytes` takes a value and a pointer to an array
 | |
|   of bytes representing the color.
 | |
| 
 | |
| These functions will not double wrap a `log.ColoredValue`. They will
 | |
| also set the `resetBytes` to the cached `resetBytes`.
 | |
| 
 | |
| The `colorBytes` and `resetBytes` are not exported to prevent
 | |
| accidental overwriting of internal values.
 | |
| 
 | |
| ## ColorFormat & ColorFormatted
 | |
| 
 | |
| Structs may implement the `log.ColorFormatted` interface by implementing the `ColorFormat(fmt.State)` function.
 | |
| 
 | |
| If a `log.ColorFormatted` struct is logged with `%-v` format, its `ColorFormat` will be used instead of the usual `%v`. The full `fmt.State` will be passed to allow implementers to look at additional flags.
 | |
| 
 | |
| In order to help implementers provide `ColorFormat` methods. There is a
 | |
| `log.ColorFprintf(...)` function in the log module that will wrap values in `log.ColoredValue` and recognise `%-v`.
 | |
| 
 | |
| In general it is recommended not to make the results of this function too verbose to help increase its versatility. Usually this should simply be an `ID`:`Name`. If you wish to make a more verbose result, it is recommended to use `%-+v` as your marker.
 | |
| 
 | |
| ## Log Spoofing protection
 | |
| 
 | |
| In order to protect the logs from being spoofed with cleverly
 | |
| constructed messages. Newlines are now prefixed with a tab and control
 | |
| characters except those used in an ANSI CSI are escaped with a
 | |
| preceding `\` and their octal value.
 | |
| 
 | |
| ## Creating a new named logger group
 | |
| 
 | |
| Should a developer wish to create a new named logger, `NEWONE`. It is
 | |
| recommended to add an `ENABLE_NEWONE_LOG` value to the `[log]`
 | |
| section, and to add a new `NEWONE` value for the modes.
 | |
| 
 | |
| A function like `func newNewOneLogService()` is recommended to manage
 | |
| construction of the named logger. e.g.
 | |
| 
 | |
| ```go
 | |
| func newNewoneLogService() {
 | |
| 	EnableNewoneLog = Cfg.Section("log").Key("ENABLE_NEWONE_LOG").MustBool(false)
 | |
| 	Cfg.Section("log").Key("NEWONE").MustString("file") // or console? or "," if you want to send this to default logger by default
 | |
| 	if EnableNewoneLog {
 | |
| 		options := newDefaultLogOptions()
 | |
| 		options.filename = filepath.Join(LogRootPath, "newone.log")
 | |
| 		options.flags = "stdflags"
 | |
| 		options.bufferLength = Cfg.Section("log").Key("BUFFER_LEN").MustInt64(10000)
 | |
| 		generateNamedLogger("newone", options)
 | |
| 	}
 | |
| }
 | |
| ```
 | |
| 
 | |
| You should then add `newOneLogService` to `NewServices()` in
 | |
| `modules/setting/setting.go`
 | |
| 
 | |
| ## Using `logrotate` instead of built-in log rotation
 | |
| 
 | |
| Gitea includes built-in log rotation, which should be enough for most deployments. However, if you instead want to use the `logrotate` utility:
 | |
| 
 | |
| - Disable built-in log rotation by setting `LOG_ROTATE` to `false` in your `app.ini`.
 | |
| - Install `logrotate`.
 | |
| - Configure `logrotate` to match your deployment requirements, see `man 8 logrotate` for configuration syntax details. In the `postrotate/endscript` block send Gitea a `USR1` signal via `kill -USR1` or `kill -10` to the `gitea` process itself, or run `gitea manager logging release-and-reopen` (with the appropriate environment). Ensure that your configurations apply to all files emitted by Gitea loggers as described in the above sections.
 | |
| - Always do `logrotate /etc/logrotate.conf --debug` to test your configurations.
 | |
| - If you are using docker and are running from outside of the container you can use `docker exec -u $OS_USER $CONTAINER_NAME sh -c 'gitea manager logging release-and-reopen'` or `docker exec $CONTAINER_NAME sh -c '/bin/s6-svc -1 /etc/s6/gitea/'` or send `USR1` directly to the Gitea process itself.
 | |
| 
 | |
| The next `logrotate` jobs will include your configurations, so no restart is needed. You can also immediately reload `logrotate` with `logrotate /etc/logrotate.conf --force`.
 |