背景:公司专注于信息安全,使用gitlab进行代码管理,要求所有用户的远程操作(push、同步)都被记录下来。通过查看Gitlab官方文档,信息整理如下:gitlab后台各种日志存放位置/var/log/gitlab/production.log注:本日志只记录http:/var/操作的日志存放目录log/gitlab/gitlab-rails/production_json.log包含Json请求字符串。{“方法”:“获取”,“路径”:“/test_user/test_project.git/info/refs”,“格式”:“*/*”,“控制器”:“项目::GitHttpController”,“动作”:"info_refs","status":200,"duration":268.22,"view":0.48,"db":14.41,"time":"2019-06-27T10:59:56.324Z","params":[{"key":"service","value":"git-receive-pack"},{"key":"namespace_id","value":"test_user"},{"key":"project_id","value":"test_project.git"}],"remote_ip":"192.168.XX.XX","user_id":3,"username":"test_user","ua":"git/2.21.0.windows.1","queue_duration":null,"correlation_id":"b02c02f9-0167-49bf-965f-e4cc86d6751f"}日志中有价值的信息:同步动作:service:git-receive-packpushoperation:service:git-upload-pack项目名称:project_id:test_project.gitIP地址:remote_ip:192.168.XX.XX用户名:用户名:test_user时间:时间:2019-06-27T10:59:56.324Z(UTC格式,加上8小时等于北京time)status:status:200(200表示操作成功,其他表示失败)actioninformation:action:info_refs(每次同步和推送操作时出现的标志,需要用这个字段来过滤日志是否是一个update或push操作)是的,有Json嵌套的数据操作。推荐阅读本文以提高工作效率。Go中如何优雅获取嵌套的Json数据内容gitlab-shell.log**注:该日志只记录Gitclone协议的运行日志目录:/var/log/gitlab/gitlab-shell下面的日志不是Json格式,并且您需要自己操作字符串。time="2019-07-02T11:17:48+08:00"level=infomsg="执行git命令"command="gitaly-receive-packunix:/var/opt/gitlab/gitaly/gitaly.socket{\"repository\":{\"storage_name\":\"default\",\"relative_path\":\"test_user/test_project.git\",\"git_object_directory\":\"\",\"git_alternate_object_directories\":[],\"gl_repository\":\"project-5\",\"gl_project_path\":\"test_user/test_project\"},\"gl_repository\":\"project-5\",\"gl_project_path\":\"test_user/test_project\",\"gl_id\":\"key-3\",\"gl_username\":\"test_user\",\"git_config_options\":[],\"git_protocol\":null}"pid=23657user="userwithidkey-3"日志中的重要信息:同步操作:命令:gitaly-receive-pack推送操作:命令:gitaly-upload-pack项目名称:gl_project_path:test_user/test_projectIP地址:remote_ip:192.168.XX.XX用户名:gl_username:test_user时间:时间:2019-07-02T11:17:48+08:00(UTC格式,加上8小时等于北京时间)状态:status:200(200表示操作成功,other表示失败)actioninformation:action:info_refs(每次同步和推送操作出现的flag,需要用这个字段来过滤日志是update还是push操作)参考文档:Gitlab官方日志解读文档
