The MSE traffic protection feature detects abnormal traffic and attacks. You can report these events to Simple Log Service (SLS) for real-time monitoring, analysis, and security responses. This topic describes how to report events triggered by the traffic protection feature of MSE Microservices Governance to SLS. These events are collected from the sentinel-block.log file.
Prerequisites
-
Enable the traffic protection feature of MSE Microservices Governance and configure traffic protection rules. For more information, see Traffic protection.
Enable Logtail
If you enabled Simple Log Service when you created your ACK cluster, you can skip this section. Otherwise, follow these steps to enable Logtail. For more information, see Install Logtail when you create a cluster.
This operation applies only to ACK dedicated clusters and ACK managed clusters.
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of your cluster. In the left navigation pane, click Components and Add-ons.
-
On the Logs and Monitoring tab, find logtail-ds and click Install.
Import data
Configure a data source in SLS to collect, parse, and report Sentinel log records. For more information about the file format to be collected, see Data sources and parsing formats.
Log on to the Simple Log Service console.
-
Click Quick Data Import. In the Import Data dialog box, enter Kubernetes in the search box, and then click Kubernetes - File.
-
In the Select Logstore step, select a Project and a Logstore, and then click Next.
Select the Project named k8s-log-{your_k8s_cluster_id} or another Project. For the Logstore, you can select an existing one or create one. For more information, see Create a Logstore.
-
In the Machine Group Configuration step, select the target Machine Group (k8s-group-${your_k8s_cluster_id}). Move this machine group from the Source Machine Group list to the Applied Machine Group list, and then click Next.
If you select another Project, create a Machine Group as prompted on the page.
-
In the Logtail Configuration step, set the data source and parsing format. Complete the configuration, and then click Next.
Parameter
Description
Config name
Enter a name for the configuration.
File Path
-
Logs are collected from the fixed path
/${user_home}/logs/csp/sentinel-block.log. Replace${user_home}with the system home directory, which is typically root. -
For the specific path, see Important logs.
Log Sample
Enter the following content as a sample:
2024-08-28 06:53:14|1|/flow,FlowException,default,,32808,1724827994000|37,0,0Processing Method
Use a processor plugin combination, and add a Data Parsing (Regex Mode) plugin. Configure the key parameters as shown in the example and set other parameters as needed.
Regular expression
(\d+-\d+-\d+\s\d+:\d+:\d+)\|1\|([\s\S]*),([a-zA-Z]+),([a-zA-Z]+),([\s\S]*),(\d+),(\d+)\|(\d+),0,(\d+)
Set Source Field to
content. Click Validate. Nine fields are extracted:time,resource,expType,limitApp,origin,ruleId,timestamp,blockNum, andn. Then, select the Keep original fields on parsing failure checkbox. -
-
In the Query and Analysis Configurations step, wait for Automatic Refresh next to Preview Data to complete. Add and modify some index fields, and then click Next.
Field
Type
Alias
__tag__:_namespace_
text
namespace
__tag__:container_name_
text
appName
ruleId
long
Not required
resource
text
time
text
expType
text
blockNum
double
-
Click Query Log to return to the Project.
Verify event reporting
Log on to the Simple Log Service console.
-
In the specified Project, you can view the monitoring metrics reported to the new Logstore in SLS.
__tag__:__user_defined_id__: k8s-group-c7ebc423cebdd43c494daf02xxx __tag__:_cluster_id_: c7ebc423cebdd43c494daf02 __tag__:_container_ip_: 10.7.xxx __tag__:_container_name_: spring-cloud-b __tag__:_image_name_: registry.cn-hangzhou.aliyuncs.com/mse-demo-hz/spring-cloud-b:3.0.1-fallback-test __tag__:_namespace_: mse-demo __tag__:_node_ip_: 10.7xxx __tag__:_node_name_: cn-hangzhou.10.7.xxx __tag__:_pod_name_: spring-cloud-b-54b48d6f6c-xxx __tag__:_pod_uid_: bcd0f5bd-3b4c-48d7-99c7-aefxxx blockNum: 71 expType: FlowException limitApp: default n: 0 origin: dubbo-provider-A resource: com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String) ruleId: 855 time: 2023-09-15 03:46:22 timestamp: 1694749582000
FAQ
Why are no logs displayed in the SLS console?
Log on to the Container Service for Kubernetes console and click the target cluster. On the Cluster information page, click Open Cloud Shell. Run the following commands to verify:
cd ~/logs/csp/ # Replace this with the actual log path.
tail -n 10 sentinel-block.log
The expected result is as follows, which indicates that throttling logs have been generated. If the corresponding logs are not generated, check whether the Prerequisites are configured correctly. Pay special attention to whether the traffic protection rules in the MSE console are configured correctly and whether traffic throttling has occurred.
2023-09-14 08:51:04|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681464000|63,0
2023-09-14 08:51:05|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681465000|78,0
2023-09-14 08:51:06|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681466000|75,0
2023-09-14 08:51:07|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681467000|64,0
2023-09-14 08:51:08|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681468000|84,0
2023-09-14 08:51:09|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681469000|75,0
2023-09-14 08:51:10|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681470000|76,0
2023-09-14 08:51:11|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681471000|71,0
2023-09-14 08:51:12|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681472000|61,0
2023-09-14 08:51:13|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681473000|64,0
2023-09-14 08:51:14|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681474000|64,0
2023-09-14 08:51:15|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681475000|76,0
2023-09-14 08:51:16|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681476000|79,0
2023-09-14 08:51:17|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681477000|66,0
2023-09-14 08:51:18|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681478000|80,0
2s023-09-14 08:51:19|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681479000|65,0
2023-09-14 08:51:20|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681480000|79,0
2023-09-14 08:51:21|1|com.alibabacloud.mse.demo.b.service.HelloServiceB:hello(java.lang.String),FlowException,default,dubbo-provider-A,855,1694681481000|75,0
...