diff options
| author | Joe Tsai <joetsai@digital-static.net> | 2025-10-31 13:34:05 -0700 |
|---|---|---|
| committer | Joe Tsai <joetsai@digital-static.net> | 2026-01-13 13:47:11 -0800 |
| commit | c9565a7cbafd14717c60f5221424428214fa6274 (patch) | |
| tree | 09fe6345eb5b0cb5d34398f6090a1dcdcc1bb5d5 /logtail | |
| parent | 58042e2de39c9c2827fe0bad7c45e8631369325f (diff) | |
| download | tailscale-dsnet/netlog-tailcfg.tar.xz tailscale-dsnet/netlog-tailcfg.zip | |
tailcfg: support LogUploadAuth and empty DataPlaneAuditLogIDdsnet/netlog-tailcfg
This updates the Tailscale protocol to support the following:
* Network flow logs to be uploaded with a custom HTTP Authorization.
* Network flow logs to be uploaded under a TailnetID
without also needing to be associated with a particular NodeID.
* Network flow logs to to exclude embedded node information
based on a capability flag (see #17668).
Updates tailscale/corp#33352
Signed-off-by: Joe Tsai <joetsai@digital-static.net>
Diffstat (limited to 'logtail')
| -rw-r--r-- | logtail/config.go | 1 | ||||
| -rw-r--r-- | logtail/logtail.go | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/logtail/config.go b/logtail/config.go index bf47dd8aa..44e0ff922 100644 --- a/logtail/config.go +++ b/logtail/config.go @@ -30,6 +30,7 @@ type Config struct { PrivateID logid.PrivateID // private ID for the primary log stream CopyPrivateID logid.PrivateID // private ID for a log stream that is a superset of this log stream BaseURL string // if empty defaults to "https://log.tailscale.com" + HTTPAuth string // if set, specifies the Authorization HTTP header to send HTTPC *http.Client // if empty defaults to http.DefaultClient SkipClientTime bool // if true, client_time is not written to logs LowMemory bool // if true, logtail minimizes memory use diff --git a/logtail/logtail.go b/logtail/logtail.go index ce50c1c0a..50ccaf373 100644 --- a/logtail/logtail.go +++ b/logtail/logtail.go @@ -106,6 +106,7 @@ func NewLogger(cfg Config, logf tslogger.Logf) *Logger { privateID: cfg.PrivateID, stderr: cfg.Stderr, stderrLevel: int64(cfg.StderrLevel), + httpAuth: cfg.HTTPAuth, httpc: cfg.HTTPC, url: cfg.BaseURL + "/c/" + cfg.Collection + "/" + cfg.PrivateID.String() + urlSuffix, lowMem: cfg.LowMemory, @@ -146,6 +147,7 @@ func NewLogger(cfg Config, logf tslogger.Logf) *Logger { type Logger struct { stderr io.Writer stderrLevel int64 // accessed atomically + httpAuth string httpc *http.Client url string lowMem bool @@ -500,6 +502,9 @@ func (lg *Logger) upload(ctx context.Context, body []byte, origlen int) (retryAf // TODO record logs to disk panic("logtail: cannot build http request: " + err.Error()) } + if lg.httpAuth != "" { + req.Header.Add("Authorization", lg.httpAuth) + } if origlen != -1 { req.Header.Add("Content-Encoding", "zstd") req.Header.Add("Orig-Content-Length", strconv.Itoa(origlen)) |